nghttpx: Fix crash in OCSP response verification

This commit is contained in:
Tatsuhiro Tsujikawa 2017-05-30 23:52:38 +09:00
parent e5889ce622
commit 8f7fa1b1bf
1 changed files with 4 additions and 1 deletions

View File

@ -1844,9 +1844,12 @@ int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
} }
auto bs_deleter = defer(OCSP_BASICRESP_free, bs); auto bs_deleter = defer(OCSP_BASICRESP_free, bs);
auto store = X509_STORE_new();
auto store_deleter = defer(X509_STORE_free, store);
ERR_clear_error(); ERR_clear_error();
rv = OCSP_basic_verify(bs, chain_certs, nullptr, OCSP_TRUSTOTHER); rv = OCSP_basic_verify(bs, chain_certs, store, OCSP_TRUSTOTHER);
if (rv != 1) { if (rv != 1) {
LOG(ERROR) << "OCSP_basic_verify failed: " LOG(ERROR) << "OCSP_basic_verify failed: "