feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added defines to force OCSP nonce check and omit OCSP date before check.

Browse Source
This commit is contained in:
Max
2019-02-25 14:40:19 +01:00
parent b037334732
commit aa70ac0be2
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wolfcrypt/src/asn.c
View File

@ -14137,8 +14137,10 @@ static int DecodeSingleResponse(byte* source,
return ASN_PARSE_E; return ASN_PARSE_E;
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
#ifndef WOLFSSL_NO_OCSP_DATE_BEFORE_CHECK
if (!XVALIDATE_DATE(cs->thisDate, cs->thisDateFormat, BEFORE)) if (!XVALIDATE_DATE(cs->thisDate, cs->thisDateFormat, BEFORE))
return ASN_BEFORE_DATE_E; return ASN_BEFORE_DATE_E;
#endif
#endif #endif
/* The following items are optional. Only check for them if there is more /* The following items are optional. Only check for them if there is more
@ -14744,7 +14746,11 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
/* Nonces are not critical. The responder may not necessarily add /* Nonces are not critical. The responder may not necessarily add
* the nonce to the response. */ * the nonce to the response. */
if (resp->nonceSz != 0) { if (req->nonceSz
#ifndef WOLFSSL_FORCE_OCSP_NONCE_CHECK
&& resp->nonceSz != 0
#endif
) {
cmp = req->nonceSz - resp->nonceSz; cmp = req->nonceSz - resp->nonceSz;
if (cmp != 0) if (cmp != 0)
{ {