From d134ccd35df73b029ae89250698c5567a2473cc8 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 30 May 2017 23:52:38 +0900 Subject: [PATCH] nghttpx: Fix crash in OCSP response verification --- src/shrpx_tls.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc index 171f2092..57e00d1c 100644 --- a/src/shrpx_tls.cc +++ b/src/shrpx_tls.cc @@ -1844,9 +1844,12 @@ int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp, } auto bs_deleter = defer(OCSP_BASICRESP_free, bs); + auto store = X509_STORE_new(); + auto store_deleter = defer(X509_STORE_free, store); + ERR_clear_error(); - rv = OCSP_basic_verify(bs, chain_certs, nullptr, OCSP_TRUSTOTHER); + rv = OCSP_basic_verify(bs, chain_certs, store, OCSP_TRUSTOTHER); if (rv != 1) { LOG(ERROR) << "OCSP_basic_verify failed: "