walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful

This commit is contained in:
Tatsuhiro Tsujikawa 2018-09-16 22:19:27 +09:00
parent 3575a1325e
commit a63558a1eb
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/shrpx_tls.cc
View File

@ -1907,6 +1907,11 @@ int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
} }
auto resp_deleter = defer(OCSP_RESPONSE_free, resp); auto resp_deleter = defer(OCSP_RESPONSE_free, resp);
if (OCSP_response_status(resp) != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
LOG(ERROR) << "OCSP response status is not successful";
return -1;
}
ERR_clear_error(); ERR_clear_error();
auto bs = OCSP_response_get1_basic(resp); auto bs = OCSP_response_get1_basic(resp);