If no certificate stores at all are available skip OCSP checks

author: lloyd <[email protected]> 2015-01-04 18:09:12 +0000
committer: lloyd <[email protected]> 2015-01-04 18:09:12 +0000
commit: 6661c489929afc6c83c3038518dc37fd58938f3a (patch)
tree: 643767615517fdd668c67ed4072ced26f51586cd /src/lib/cert
parent: 03ac87feb2e0f9546313cd405ad832046de8e716 (diff)
1 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index 73a5a158b..c8accc874 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -97,12 +97,14 @@ check_chain(const std::vector<X509_Certificate>& cert_path,
 
       const X509_Certificate& issuer = cert_path[at_self_signed_root ? (i) : (i + 1)];
 
-      const Certificate_Store* trusted = certstores[0]; // fixme
-
       if(i == 0 || restrictions.ocsp_all_intermediates())
-         ocsp_responses.push_back(
-            std::async(std::launch::async,
-                       OCSP::online_check, issuer, subject, trusted));
+         {
+         // certstore[0] is treated as trusted for OCSP (FIXME)
+         if(certstores.size() > 1)
+            ocsp_responses.push_back(
+               std::async(std::launch::async,
+                          OCSP::online_check, issuer, subject, certstores[0]));
+         }
 
       // Check all certs for valid time range
       if(current_time < X509_Time(subject.start_time()))
author	lloyd <[email protected]>	2015-01-04 18:09:12 +0000
committer	lloyd <[email protected]>	2015-01-04 18:09:12 +0000
commit	6661c489929afc6c83c3038518dc37fd58938f3a (patch)
tree	643767615517fdd668c67ed4072ced26f51586cd /src/lib/cert
parent	03ac87feb2e0f9546313cd405ad832046de8e716 (diff)