Commit | Line | Data |
---|---|---|
01e60269 AM |
1 | From 5e64b73ef7cdaf20b998b3345a588b462fd30bfb Mon Sep 17 00:00:00 2001 |
2 | From: Jeremy Harris <jgh146exb@wizmail.org> | |
3 | Date: Tue, 7 May 2019 22:55:41 +0100 | |
4 | Subject: [PATCH] GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp | |
5 | ||
6 | (cherry picked from commit 7a501c874f028f689c44999ab05bb0d39da46941) | |
7 | --- | |
8 | doc/ChangeLog | 3 +++ | |
9 | src/tls-gnu.c | 12 ++++++++---- | |
10 | test/log/5651 | 2 +- | |
11 | test/log/5730 | 8 ++++---- | |
12 | 4 files changed, 16 insertions(+), 9 deletions(-) | |
13 | ||
14 | --- a/doc/ChangeLog | |
15 | +++ b/doc/ChangeLog | |
16 | @@ -39,6 +39,9 @@ JH/11 Harden plaintext authenticator aga | |
17 | library routine (usually a crash). Found by "zerons". | |
18 | ||
19 | ||
20 | +JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the | |
21 | + verification result was not updated unless hosts_require_ocsp applied. | |
22 | + | |
23 | ||
24 | Exim version 4.92 | |
25 | ----------------- | |
26 | --- a/src/tls-gnu.c | |
27 | +++ b/src/tls-gnu.c | |
28 | @@ -2450,7 +2450,7 @@ if (!verify_certificate(state, errstr)) | |
29 | } | |
30 | ||
31 | #ifndef DISABLE_OCSP | |
32 | -if (require_ocsp) | |
33 | +if (request_ocsp) | |
34 | { | |
35 | DEBUG(D_tls) | |
36 | { | |
37 | @@ -2474,10 +2474,14 @@ if (require_ocsp) | |
38 | { | |
39 | tlsp->ocsp = OCSP_FAILED; | |
40 | tls_error(US"certificate status check failed", NULL, state->host, errstr); | |
41 | - return NULL; | |
42 | + if (require_ocsp) | |
43 | + return FALSE; | |
44 | + } | |
45 | + else | |
46 | + { | |
47 | + DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); | |
48 | + tlsp->ocsp = OCSP_VFIED; | |
49 | } | |
50 | - DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); | |
51 | - tlsp->ocsp = OCSP_VFIED; | |
52 | } | |
53 | #endif | |
54 |