diff options
| author | beck <> | 2016-11-03 12:54:16 +0000 |
|---|---|---|
| committer | beck <> | 2016-11-03 12:54:16 +0000 |
| commit | d029f353a03a06a76323b928825612cff8bfef8f (patch) | |
| tree | de7d527850267bfcb40b2c2cc63dc9878a606fa0 /src/lib/libtls/tls_ocsp.c | |
| parent | 61150c63123fd35d04d23a0f8879a03f82044004 (diff) | |
| download | openbsd-d029f353a03a06a76323b928825612cff8bfef8f.tar.gz openbsd-d029f353a03a06a76323b928825612cff8bfef8f.tar.bz2 openbsd-d029f353a03a06a76323b928825612cff8bfef8f.zip | |
Don't do OCSP validation when we have disabled certificate verification
or certificate validation.
ok jsing@
Diffstat (limited to 'src/lib/libtls/tls_ocsp.c')
| -rw-r--r-- | src/lib/libtls/tls_ocsp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c index a30e363e6e..aa085bd245 100644 --- a/src/lib/libtls/tls_ocsp.c +++ b/src/lib/libtls/tls_ocsp.c | |||
| @@ -309,8 +309,11 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg) | |||
| 309 | 309 | ||
| 310 | tls_ocsp_ctx_free(ctx->ocsp_ctx); | 310 | tls_ocsp_ctx_free(ctx->ocsp_ctx); |
| 311 | ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx); | 311 | ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx); |
| 312 | if (ctx->ocsp_ctx != NULL) | 312 | if (ctx->ocsp_ctx != NULL) { |
| 313 | if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0) | ||
| 314 | return 1; | ||
| 313 | res = tls_ocsp_process_response_internal(ctx, raw, size); | 315 | res = tls_ocsp_process_response_internal(ctx, raw, size); |
| 316 | } | ||
| 314 | 317 | ||
| 315 | return (res == 0) ? 1 : 0; | 318 | return (res == 0) ? 1 : 0; |
| 316 | } | 319 | } |