wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added defines to force OCSP nonce check and omit OCSP date before check.

Browse Source
This commit is contained in:
Max
2019-02-25 14:40:19 +01:00
parent b037334732
commit aa70ac0be2
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wolfcrypt/src/asn.c
View File

@ -14137,8 +14137,10 @@ static int DecodeSingleResponse(byte* source,
return ASN_PARSE_E;
#ifndef NO_ASN_TIME
#ifndef WOLFSSL_NO_OCSP_DATE_BEFORE_CHECK
if (!XVALIDATE_DATE(cs->thisDate, cs->thisDateFormat, BEFORE))
return ASN_BEFORE_DATE_E;
#endif
#endif
/* The following items are optional. Only check for them if there is more
@ -14744,7 +14746,11 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
/* Nonces are not critical. The responder may not necessarily add
* the nonce to the response. */
if (resp->nonceSz != 0) {
if (req->nonceSz
#ifndef WOLFSSL_FORCE_OCSP_NONCE_CHECK
&& resp->nonceSz != 0
#endif
) {
cmp = req->nonceSz - resp->nonceSz;
if (cmp != 0)
{