diff options
| author |   jsing <jsing@openbsd.org> | 2017-09-20 16:38:23 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-09-20 16:38:23 +0000 |
| commit | 30a2bc87c9704f601fc9d2f300ece863bf7b4b64 (patch) | |
| tree | 3a10ff94444c0860f8fdfd24dcc72d873726fdb2 | |
| parent | Fix indentation. (diff) | |
| download | wireguard-openbsd-30a2bc87c9704f601fc9d2f300ece863bf7b4b64.tar.xz wireguard-openbsd-30a2bc87c9704f601fc9d2f300ece863bf7b4b64.zip | |
Provide a useful error if there are no OCSP URLs in the peer certificate.
| -rw-r--r-- | lib/libtls/tls_ocsp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c index ce7098bb9ca..9f6f940ecfb 100644 --- a/lib/libtls/tls_ocsp.c +++ b/lib/libtls/tls_ocsp.c @@ -173,8 +173,11 @@ tls_ocsp_setup_from_peer(struct tls *ctx) } ocsp_urls = X509_get1_ocsp(ocsp->main_cert); - if (ocsp_urls == NULL) + if (ocsp_urls == NULL) { + tls_set_errorx(ctx, "no OCSP URLs in peer certificate"); goto failed; + } + ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0)); if (ocsp->ocsp_url == NULL) { tls_set_errorx(ctx, "out of memory"); |