blob: 8322d938c2406f79d55ea2ec1d2e6711db0eb096 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
From 5e64b73ef7cdaf20b998b3345a588b462fd30bfb Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Tue, 7 May 2019 22:55:41 +0100
Subject: [PATCH] GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
(cherry picked from commit 7a501c874f028f689c44999ab05bb0d39da46941)
---
doc/ChangeLog | 3 +++
src/tls-gnu.c | 12 ++++++++----
test/log/5651 | 2 +-
test/log/5730 | 8 ++++----
4 files changed, 16 insertions(+), 9 deletions(-)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -39,6 +39,9 @@ JH/11 Harden plaintext authenticator aga
library routine (usually a crash). Found by "zerons".
+JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
+ verification result was not updated unless hosts_require_ocsp applied.
+
Exim version 4.92
-----------------
--- a/src/tls-gnu.c
+++ b/src/tls-gnu.c
@@ -2450,7 +2450,7 @@ if (!verify_certificate(state, errstr))
}
#ifndef DISABLE_OCSP
-if (require_ocsp)
+if (request_ocsp)
{
DEBUG(D_tls)
{
@@ -2474,10 +2474,14 @@ if (require_ocsp)
{
tlsp->ocsp = OCSP_FAILED;
tls_error(US"certificate status check failed", NULL, state->host, errstr);
- return NULL;
+ if (require_ocsp)
+ return FALSE;
+ }
+ else
+ {
+ DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
+ tlsp->ocsp = OCSP_VFIED;
}
- DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
- tlsp->ocsp = OCSP_VFIED;
}
#endif
|
