summaryrefslogtreecommitdiff
path: root/src/pluto/ocsp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/pluto/ocsp.c')
-rw-r--r--src/pluto/ocsp.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c
index b1f558ebf..8a351be6d 100644
--- a/src/pluto/ocsp.c
+++ b/src/pluto/ocsp.c
@@ -621,7 +621,7 @@ void list_ocsp_locations(ocsp_location_t *location, bool requests,
}
else
{
- whack_log(RC_COMMENT, " serial: %#B, %s, until %T %s",
+ whack_log(RC_COMMENT, " serial: %#B, %s, until %T %s",
&certinfo->serialNumber,
cert_status_names[certinfo->status],
&certinfo->nextUpdate, utc,
@@ -767,7 +767,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc)
*/
static chunk_t build_signature(chunk_t tbsRequest)
{
- chunk_t sigdata, cert, certs;
+ chunk_t sigdata, cert, certs = chunk_empty;
if (ocsp_requestor_sc)
{
@@ -786,10 +786,12 @@ static chunk_t build_signature(chunk_t tbsRequest)
}
/* include our certificate */
- cert = ocsp_requestor_cert->cert->get_encoding(ocsp_requestor_cert->cert);
- certs = asn1_wrap(ASN1_CONTEXT_C_0, "m",
- asn1_wrap(ASN1_SEQUENCE, "m", cert));
-
+ if (ocsp_requestor_cert->cert->get_encoding(ocsp_requestor_cert->cert,
+ CERT_ASN1_DER, &cert))
+ {
+ certs = asn1_wrap(ASN1_CONTEXT_C_0, "m",
+ asn1_wrap(ASN1_SEQUENCE, "m", cert));
+ }
/* build signature comprising algorithm, signature and cert */
return asn1_wrap(ASN1_CONTEXT_C_0, "m"
, asn1_wrap(ASN1_SEQUENCE, "mmm"
@@ -1013,7 +1015,7 @@ static bool valid_ocsp_response(response_t *res)
{
plog("certificate is invalid (valid from %T to %T)",
&not_before, FALSE, &not_after, FALSE);
-
+
unlock_authcert_list("valid_ocsp_response");
return FALSE;
}
@@ -1154,7 +1156,7 @@ static bool parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res)
break;
}
x509 = (x509_t*)cert->cert;
-
+
if ((x509->get_flags(x509) & X509_OCSP_SIGNER) &&
trust_authcert_candidate(cert, NULL))
{