fix openssl ocsp to not report sucess when the ocsp responder rejects us

ok deraadt@ krw@
author: beck <> 2017-01-19 07:01:37 +0000
committer: beck <> 2017-01-19 07:01:37 +0000
commit: b36ec401a5f835078060753f1f3018ce948dbafe (patch)
tree: 0c8ee361d272133ae19f1372dcecbdfa8fec06a9 /src
parent: 9f24acbc23e6953e97bd437696fd2c8152fee40c (diff)
download: openbsd-b36ec401a5f835078060753f1f3018ce948dbafe.tar.gz
openbsd-b36ec401a5f835078060753f1f3018ce948dbafe.tar.bz2
openbsd-b36ec401a5f835078060753f1f3018ce948dbafe.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index 948c4261e2..5b5108b390 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp.c,v 1.8 2016/04/26 09:37:59 semarie Exp $ */
+/* $OpenBSD: ocsp.c,v 1.9 2017/01/19 07:01:37 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -664,11 +664,11 @@ done_resp:
        i = OCSP_response_status(resp);
        if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-                BIO_printf(out, "Responder Error: %s (%d)\n",
+                BIO_printf(bio_err, "Responder Error: %s (%d)\n",
                    OCSP_response_status_str(i), i);
                if (ignore_err)
                        goto redo_accept;
-                ret = 0;
+                ret = 1;
                goto end;
        }
        if (resp_text)
author	beck <>	2017-01-19 07:01:37 +0000
committer	beck <>	2017-01-19 07:01:37 +0000
commit	b36ec401a5f835078060753f1f3018ce948dbafe (patch)
tree	0c8ee361d272133ae19f1372dcecbdfa8fec06a9 /src
parent	9f24acbc23e6953e97bd437696fd2c8152fee40c (diff)
download	openbsd-b36ec401a5f835078060753f1f3018ce948dbafe.tar.gz openbsd-b36ec401a5f835078060753f1f3018ce948dbafe.tar.bz2 openbsd-b36ec401a5f835078060753f1f3018ce948dbafe.zip

diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c index 948c4261e2..5b5108b390 100644 --- a/src/usr.bin/openssl/ocsp.c +++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ocsp.c,v 1.8 2016/04/26 09:37:59 semarie Exp $ */	1	/* $OpenBSD: ocsp.c,v 1.9 2017/01/19 07:01:37 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -664,11 +664,11 @@ done_resp:
664	i = OCSP_response_status(resp);	664	i = OCSP_response_status(resp);
665		665
666	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {	666	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
667	BIO_printf(out, "Responder Error: %s (%d)\n",	667	BIO_printf(bio_err, "Responder Error: %s (%d)\n",
668	OCSP_response_status_str(i), i);	668	OCSP_response_status_str(i), i);
669	if (ignore_err)	669	if (ignore_err)
670	goto redo_accept;	670	goto redo_accept;
671	ret = 0;	671	ret = 1;
672	goto end;	672	goto end;
673	}	673	}
674	if (resp_text)	674	if (resp_text)