mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-08 04:30:47 +02:00
Fix OCSP->CRL fallback
This commit is contained in:
+6
-4
@@ -15959,7 +15959,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
|
||||
goto exit_ppc;
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
if (ret == 0 || ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) {
|
||||
ret = ProcessPeerCertCheckKey(ssl, args);
|
||||
}
|
||||
else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) ||
|
||||
@@ -16057,7 +16057,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
}
|
||||
#endif /* HAVE_OCSP */
|
||||
|
||||
if (ret == 0) {
|
||||
if (ret == 0 || ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) {
|
||||
#ifdef HAVE_CRL
|
||||
if (SSL_CM(ssl)->crlEnabled &&
|
||||
SSL_CM(ssl)->crlCheckAll) {
|
||||
@@ -16598,7 +16598,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
#endif /* HAVE_OCSP */
|
||||
|
||||
#ifdef HAVE_CRL
|
||||
if (ret == 0 && doLookup && SSL_CM(ssl)->crlEnabled) {
|
||||
if ((ret == 0 || ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN))
|
||||
&& doLookup && SSL_CM(ssl)->crlEnabled) {
|
||||
WOLFSSL_MSG("Doing Leaf CRL check");
|
||||
ret = CheckCertCRL(SSL_CM(ssl)->crl, args->dCert);
|
||||
#ifdef WOLFSSL_NONBLOCK_OCSP
|
||||
@@ -16626,7 +16627,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
#endif
|
||||
}
|
||||
}
|
||||
if (ret == 0 && doLookup && SSL_CM(ssl)->crlEnabled &&
|
||||
if ((ret == 0 || ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN))
|
||||
&& doLookup && SSL_CM(ssl)->crlEnabled &&
|
||||
SSL_CM(ssl)->crlCheckAll && args->totalCerts == 1) {
|
||||
/* Check the entire cert chain */
|
||||
if (args->dCert->ca != NULL) {
|
||||
|
||||
Reference in New Issue
Block a user