1 From 5e64b73ef7cdaf20b998b3345a588b462fd30bfb Mon Sep 17 00:00:00 2001
2 From: Jeremy Harris <jgh146exb@wizmail.org>
3 Date: Tue, 7 May 2019 22:55:41 +0100
4 Subject: [PATCH] GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
6 (cherry picked from commit 7a501c874f028f689c44999ab05bb0d39da46941)
9 src/tls-gnu.c | 12 ++++++++----
11 test/log/5730 | 8 ++++----
12 4 files changed, 16 insertions(+), 9 deletions(-)
16 @@ -39,6 +39,9 @@ JH/11 Harden plaintext authenticator aga
17 library routine (usually a crash). Found by "zerons".
20 +JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
21 + verification result was not updated unless hosts_require_ocsp applied.
28 @@ -2450,7 +2450,7 @@ if (!verify_certificate(state, errstr))
37 @@ -2474,10 +2474,14 @@ if (require_ocsp)
39 tlsp->ocsp = OCSP_FAILED;
40 tls_error(US"certificate status check failed", NULL, state->host, errstr);
47 + DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
48 + tlsp->ocsp = OCSP_VFIED;
50 - DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
51 - tlsp->ocsp = OCSP_VFIED;