diff options
| author | beck <> | 2017-03-27 18:14:20 +0000 |
|---|---|---|
| committer | beck <> | 2017-03-27 18:14:20 +0000 |
| commit | f5d341368e261fbd1c9be50709d721e753d7a7b1 (patch) | |
| tree | 09f7d5156ac635e6eaf87df2bfe0341cad3a2071 | |
| parent | 40b4db761700e4fb0db048cc6277a0364143fa84 (diff) | |
| download | openbsd-f5d341368e261fbd1c9be50709d721e753d7a7b1.tar.gz openbsd-f5d341368e261fbd1c9be50709d721e753d7a7b1.tar.bz2 openbsd-f5d341368e261fbd1c9be50709d721e753d7a7b1.zip | |
Fail early if an ocep server returns a non-200 http response, there is no
point in trying to parse error pages as an ocsp response.
| -rw-r--r-- | src/usr.sbin/ocspcheck/ocspcheck.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c index 5124d588b3..90a9143ee8 100644 --- a/src/usr.sbin/ocspcheck/ocspcheck.c +++ b/src/usr.sbin/ocspcheck/ocspcheck.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ocspcheck.c,v 1.17 2017/02/25 23:48:08 beck Exp $ */ | 1 | /* $OpenBSD: ocspcheck.c,v 1.18 2017/03/27 18:14:20 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2017 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -607,6 +607,9 @@ main(int argc, char **argv) | |||
| 607 | if (hget->bodypartsz <= 0) | 607 | if (hget->bodypartsz <= 0) |
| 608 | errx(1, "No body in reply from %s", host); | 608 | errx(1, "No body in reply from %s", host); |
| 609 | 609 | ||
| 610 | if (hget->code != 200) | ||
| 611 | errx(1, "http reply code %d from %s", hget->code, host); | ||
| 612 | |||
| 610 | /* | 613 | /* |
| 611 | * Validate the OCSP response we got back | 614 | * Validate the OCSP response we got back |
| 612 | */ | 615 | */ |