diff options
| author |   jsing <jsing@openbsd.org> | 2017-09-20 16:52:37 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-09-20 16:52:37 +0000 |
| commit | f4abe18a65d3370b2b3229784d22c6e37a4ab82b (patch) | |
| tree | 60e19e4392e270264dc05718a8e1abe686932730 | |
| parent | Provide a useful error if there are no OCSP URLs in the peer certificate. (diff) | |
| download | wireguard-openbsd-f4abe18a65d3370b2b3229784d22c6e37a4ab82b.tar.xz wireguard-openbsd-f4abe18a65d3370b2b3229784d22c6e37a4ab82b.zip | |
Slightly restructure tls_ocsp_verify_cb() to make it more like libtls code.
| -rw-r--r-- | lib/libtls/tls_ocsp.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c index 9f6f940ecfb..4e2dba34870 100644 --- a/lib/libtls/tls_ocsp.c +++ b/lib/libtls/tls_ocsp.c @@ -315,12 +315,13 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg) } tls_ocsp_free(ctx->ocsp); - ctx->ocsp = tls_ocsp_setup_from_peer(ctx); - if (ctx->ocsp != NULL) { - if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0) - return 1; - res = tls_ocsp_process_response_internal(ctx, raw, size); - } + if ((ctx->ocsp = tls_ocsp_setup_from_peer(ctx)) == NULL) + return 0; + + if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0) + return 1; + + res = tls_ocsp_process_response_internal(ctx, raw, size); return (res == 0) ? 1 : 0; } |