From f5d341368e261fbd1c9be50709d721e753d7a7b1 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Mon, 27 Mar 2017 18:14:20 +0000
Subject: Fail early if an ocep server returns a non-200 http response, there
 is no point in trying to parse error pages as an ocsp response.

---
 src/usr.sbin/ocspcheck/ocspcheck.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/usr.sbin/ocspcheck')

diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c
index 5124d588b3..90a9143ee8 100644
--- a/src/usr.sbin/ocspcheck/ocspcheck.c
+++ b/src/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocspcheck.c,v 1.17 2017/02/25 23:48:08 beck Exp $ */
+/* $OpenBSD: ocspcheck.c,v 1.18 2017/03/27 18:14:20 beck Exp $ */
 /*
  * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
  *
@@ -607,6 +607,9 @@ main(int argc, char **argv)
 	if (hget->bodypartsz <= 0)
 		errx(1, "No body in reply from %s", host);
 
+	if (hget->code != 200)
+		errx(1, "http reply code %d from %s", hget->code, host);
+
 	/*
 	 * Validate the OCSP response we got back
 	 */
-- 
cgit v1.2.3-55-g6feb