diff options
Diffstat (limited to 'src/lib/libtls/tls_ocsp.c')
| -rw-r--r-- | src/lib/libtls/tls_ocsp.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c index aa085bd245..af65771f7c 100644 --- a/src/lib/libtls/tls_ocsp.c +++ b/src/lib/libtls/tls_ocsp.c | |||
| @@ -304,8 +304,13 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg) | |||
| 304 | return -1; | 304 | return -1; |
| 305 | 305 | ||
| 306 | size = SSL_get_tlsext_status_ocsp_resp(ssl, &raw); | 306 | size = SSL_get_tlsext_status_ocsp_resp(ssl, &raw); |
| 307 | if (size <= 0) | 307 | if (size <= 0) { |
| 308 | if (ctx->config->ocsp_require_stapling) { | ||
| 309 | tls_set_errorx(ctx, "no stapled OCSP response provided"); | ||
| 310 | return 0; | ||
| 311 | } | ||
| 308 | return 1; | 312 | return 1; |
| 313 | } | ||
| 309 | 314 | ||
| 310 | tls_ocsp_ctx_free(ctx->ocsp_ctx); | 315 | tls_ocsp_ctx_free(ctx->ocsp_ctx); |
| 311 | ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx); | 316 | ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx); |