From b36ec401a5f835078060753f1f3018ce948dbafe Mon Sep 17 00:00:00 2001
From: beck <>
Date: Thu, 19 Jan 2017 07:01:37 +0000
Subject: fix openssl ocsp to not report sucess when the ocsp responder rejects
 us ok deraadt@ krw@

---
 src/usr.bin/openssl/ocsp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index 948c4261e2..5b5108b390 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp.c,v 1.8 2016/04/26 09:37:59 semarie Exp $ */
+/* $OpenBSD: ocsp.c,v 1.9 2017/01/19 07:01:37 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -664,11 +664,11 @@ done_resp:
 	i = OCSP_response_status(resp);
 
 	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-		BIO_printf(out, "Responder Error: %s (%d)\n",
+		BIO_printf(bio_err, "Responder Error: %s (%d)\n",
 		    OCSP_response_status_str(i), i);
 		if (ignore_err)
 			goto redo_accept;
-		ret = 0;
+		ret = 1;
 		goto end;
 	}
 	if (resp_text)
-- 
cgit v1.2.3-55-g6feb