wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

ocsp: don't error out if we can't verify our certificate

Browse Source 
We can omit either the CeritificateStatus message or the appropriate extension when we can not provide the OCSP staple that the peer is asking for. Let peer decide if it requires stapling and error out if we don't send it.
This commit is contained in:
Juliusz Sosinowicz
2023-12-08 17:38:26 +01:00
parent 1aed438a21
commit 51ba745214
4 changed files with 135 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/ocsp-stapling.test
View File

@ -243,16 +243,18 @@ else
OPENSSL_RESULT=$?
echo "$OPENSSL_OUTPUT"
fgrep -q 'self signed certificate in certificate chain' <<< "$OPENSSL_OUTPUT"
FGREP_RESULT=$?
if [ $OPENSSL_RESULT -eq 0 -a $FGREP_RESULT -ne 0 ]; then
FGREP1_RESULT=$?
fgrep -q 'self-signed certificate in certificate chain' <<< "$OPENSSL_OUTPUT"
FGREP2_RESULT=$?
if [ $OPENSSL_RESULT -eq 0 -a $FGREP1_RESULT -ne 0 -a $FGREP2_RESULT -ne 0 ]; then
printf '%s\n' "Expected verification error from s_client is missing."
remove_single_rF "$ready_file"
exit 1
fi
remove_single_rF "$ready_file"
wait $wolf_pid
if [ $? -ne 1 ]; then
printf '%s\n' "wolfSSL server unexpected fail value"
if [ $? -ne 0 ]; then
printf '%s\n' "wolfSSL server unexpected fail"
exit 1
fi
fi