aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/revocation/revocation_validator.c
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2014-03-31 14:53:15 +0200
committerMartin Willi <martin@revosec.ch>2014-03-31 15:02:17 +0200
commit94fb33bb8856973748d4377e0f3cdf3a8c2f27c3 (patch)
tree4a3312842f4a591fb089af7a224b94aba438b414 /src/libstrongswan/plugins/revocation/revocation_validator.c
parent11614d783b8e9b14dfe68c4bef3514e7b751ca31 (diff)
downloadstrongswan-94fb33bb8856973748d4377e0f3cdf3a8c2f27c3.tar.bz2
strongswan-94fb33bb8856973748d4377e0f3cdf3a8c2f27c3.tar.xz
revocation: Log error if no OCSP signer candidate found
Fixes evaluation of ikev2/ocsp-untrusted-cert.
Diffstat (limited to 'src/libstrongswan/plugins/revocation/revocation_validator.c')
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_validator.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index eb9065fb3..9fd5b2a22 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -118,7 +118,6 @@ static bool verify_ocsp(ocsp_response_t *response, certificate_t *ca)
{ /* OCSP signer currently invalid */
continue;
}
- found = TRUE;
if (!ca->equals(ca, issuer))
{ /* delegated OCSP signer? */
if (!lib->credmgr->issued_by(lib->credmgr, issuer, ca, NULL))
@@ -130,6 +129,7 @@ static bool verify_ocsp(ocsp_response_t *response, certificate_t *ca)
continue;
}
}
+ found = TRUE;
if (lib->credmgr->issued_by(lib->credmgr, subject, issuer, NULL))
{
DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"",
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 03:49:54 +0000