From fb6a5cd3b238292c260e3f47a3e095a98c9b76d8 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 20 Sep 2017 16:38:23 +0000
Subject: Provide a useful error if there are no OCSP URLs in the peer
 certificate.

---
 src/lib/libtls/tls_ocsp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index ce7098bb9c..9f6f940ecf 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -173,8 +173,11 @@ tls_ocsp_setup_from_peer(struct tls *ctx)
 	}
 
 	ocsp_urls = X509_get1_ocsp(ocsp->main_cert);
-	if (ocsp_urls == NULL)
+	if (ocsp_urls == NULL) {
+		tls_set_errorx(ctx, "no OCSP URLs in peer certificate");
 		goto failed;
+	}
+
 	ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0));
 	if (ocsp->ocsp_url == NULL) {
 		tls_set_errorx(ctx, "out of memory");
-- 
cgit v1.2.3-55-g6feb