wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

ocsp: minors

Browse Source
This commit is contained in:
Marco Oliverio
2025-02-05 18:56:36 +00:00
parent 4351a5dd70
commit a06a8b589c
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/api/test_ocsp.c
View File

@@ -145,10 +145,9 @@ int test_ocsp_response_parsing(void)
/* Test response with unusable internal cert but that can be verified in CM /* Test response with unusable internal cert but that can be verified in CM
*/ */
conf.resp = (unsigned char*) conf.resp = (unsigned char*)resp_bad_embedded_cert;
resp_bad_embedded_cert; // Response with wrong internal cert
conf.respSz = sizeof(resp_bad_embedded_cert); conf.respSz = sizeof(resp_bad_embedded_cert);
conf.ca0 = root_ca_cert_pem; // Root CA cert conf.ca0 = root_ca_cert_pem;
conf.ca0Sz = sizeof(root_ca_cert_pem); conf.ca0Sz = sizeof(root_ca_cert_pem);
conf.ca1 = NULL; conf.ca1 = NULL;
conf.ca1Sz = 0; conf.ca1Sz = 0;
@@ -200,6 +199,7 @@ int test_ocsp_basic_verify(void)
const unsigned char* ptr = NULL; const unsigned char* ptr = NULL;
OcspResponse* response = NULL; OcspResponse* response = NULL;
DecodedCert cert; DecodedCert cert;
int expectedRet;
wc_InitDecodedCert(&cert, ocsp_responder_cert_pem, wc_InitDecodedCert(&cert, ocsp_responder_cert_pem,
sizeof(ocsp_responder_cert_pem), NULL); sizeof(ocsp_responder_cert_pem), NULL);
@@ -329,12 +329,13 @@ int test_ocsp_basic_verify(void)
ptr = (const unsigned char*)resp_bad_noauth; ptr = (const unsigned char*)resp_bad_noauth;
ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr,
sizeof(resp_bad_noauth))); sizeof(resp_bad_noauth)));
ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK expectedRet = WOLFSSL_FAILURE;
WOLFSSL_FAILURE); #ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK
#else expectedRet = WOLFSSL_SUCCESS;
WOLFSSL_SUCCESS);
#endif #endif
ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
expectedRet);
/* should pass with OCSP_NOCHECKS ...*/ /* should pass with OCSP_NOCHECKS ...*/
ExpectIntEQ( ExpectIntEQ(
wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOCHECKS), wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOCHECKS),

2
wolfcrypt/src/asn.c
View File

@@ -37422,7 +37422,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
sigValid = 1; sigValid = 1;
} }
else { else {
WOLFSSL_MSG("OCSP Internal certificate can't verify the response\n"); WOLFSSL_MSG("OCSP Internal cert can't verify the response\n");
/* try to verify the OCSP response with CA certs */ /* try to verify the OCSP response with CA certs */
ret = 0; ret = 0;
} }