Add some checks of OCSP functions
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8308)
This commit is contained in:
parent
cc6d92619f
commit
72b89b8e20
1 changed files with 8 additions and 3 deletions
11
apps/ocsp.c
11
apps/ocsp.c
|
@ -641,8 +641,10 @@ redo_accept:
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (req != NULL && add_nonce)
|
if (req != NULL && add_nonce) {
|
||||||
OCSP_request_add1_nonce(req, NULL, -1);
|
if (!OCSP_request_add1_nonce(req, NULL, -1))
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
if (signfile != NULL) {
|
if (signfile != NULL) {
|
||||||
if (keyfile == NULL)
|
if (keyfile == NULL)
|
||||||
|
@ -1245,7 +1247,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags);
|
if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) {
|
||||||
|
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
if (badsig) {
|
if (badsig) {
|
||||||
const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
|
const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
|
||||||
|
|
Loading…
Reference in a new issue