From 6661c489929afc6c83c3038518dc37fd58938f3a Mon Sep 17 00:00:00 2001
From: lloyd <lloyd@randombit.net>
Date: Sun, 4 Jan 2015 18:09:12 +0000
Subject: If no certificate stores at all are available skip OCSP checks

---
 src/lib/cert/x509/x509path.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'src/lib/cert')

diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index 73a5a158b..c8accc874 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -97,12 +97,14 @@ check_chain(const std::vector<X509_Certificate>& cert_path,
 
       const X509_Certificate& issuer = cert_path[at_self_signed_root ? (i) : (i + 1)];
 
-      const Certificate_Store* trusted = certstores[0]; // fixme
-
       if(i == 0 || restrictions.ocsp_all_intermediates())
-         ocsp_responses.push_back(
-            std::async(std::launch::async,
-                       OCSP::online_check, issuer, subject, trusted));
+         {
+         // certstore[0] is treated as trusted for OCSP (FIXME)
+         if(certstores.size() > 1)
+            ocsp_responses.push_back(
+               std::async(std::launch::async,
+                          OCSP::online_check, issuer, subject, certstores[0]));
+         }
 
       // Check all certs for valid time range
       if(current_time < X509_Time(subject.start_time()))
-- 
cgit v1.2.3