diff options
Diffstat (limited to 'src/lib/x509/ocsp.cpp')
| -rw-r--r-- | src/lib/x509/ocsp.cpp | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 10449b019..751f858a5 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -87,9 +87,16 @@ std::string Request::base64_encode() const return Botan::base64_encode(BER_encode()); } +Response::Response(Certificate_Status_Code status) + { + m_dummy_response_status = status; + } + Response::Response(const uint8_t response_bits[], size_t response_bits_len) : m_response_bits(response_bits, response_bits + response_bits_len) { + m_dummy_response_status = Certificate_Status_Code::OCSP_RESPONSE_INVALID; + BER_Decoder response_outer = BER_Decoder(m_response_bits).start_cons(SEQUENCE); size_t resp_status = 0; @@ -143,6 +150,9 @@ Response::Response(const uint8_t response_bits[], size_t response_bits_len) : Certificate_Status_Code Response::verify_signature(const X509_Certificate& issuer) const { + if (m_responses.empty()) + return m_dummy_response_status; + try { std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key()); @@ -172,6 +182,9 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue Certificate_Status_Code Response::check_signature(const std::vector<Certificate_Store*>& trusted_roots, const std::vector<std::shared_ptr<const X509_Certificate>>& ee_cert_path) const { + if (m_responses.empty()) + return m_dummy_response_status; + std::shared_ptr<const X509_Certificate> signing_cert; for(size_t i = 0; i != trusted_roots.size(); ++i) @@ -253,6 +266,9 @@ Certificate_Status_Code Response::status_for(const X509_Certificate& issuer, const X509_Certificate& subject, std::chrono::system_clock::time_point ref_time) const { + if (m_responses.empty()) + return m_dummy_response_status; + for(const auto& response : m_responses) { if(response.certid().is_id_for(issuer, subject)) |