Changeset 75f2d96 in mod_gnutls
- Timestamp:
- Jan 11, 2020, 10:45:00 AM (9 months ago)
- Branches:
- master, proxy-ticket
- Children:
- 06dcf89
- Parents:
- e798149
- File:
-
- 1 edited
-
src/gnutls_ocsp.c (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
re798149 r75f2d96 266 266 * If nonce is not NULL, the response must contain a matching nonce. 267 267 */ 268 int check_ocsp_response(server_rec *s, const gnutls_datum_t *ocsp_response, 268 int check_ocsp_response(server_rec *s, struct mgs_ocsp_data *req_data, 269 const gnutls_datum_t *ocsp_response, 269 270 apr_time_t* expiry, const gnutls_datum_t *nonce) 270 __attribute__((nonnull(1, 2))); 271 int check_ocsp_response(server_rec *s, const gnutls_datum_t *ocsp_response, 271 __attribute__((nonnull(1, 3))); 272 int check_ocsp_response(server_rec *s, struct mgs_ocsp_data *req_data, 273 const gnutls_datum_t *ocsp_response, 272 274 apr_time_t* expiry, const gnutls_datum_t *nonce) 273 275 { … … 275 277 ap_get_module_config(s->module_config, &gnutls_module); 276 278 277 if ( sc->ocsp->trust == NULL)279 if (req_data->trust == NULL) 278 280 { 279 281 ap_log_error(APLOG_MARK, APLOG_ERR, APR_EGENERAL, s, … … 301 303 } 302 304 303 ret = gnutls_ocsp_resp_check_crt(resp, 0, sc->certs_x509_crt_chain[0]);305 ret = gnutls_ocsp_resp_check_crt(resp, 0, req_data->cert); 304 306 if (ret != GNUTLS_E_SUCCESS) 305 307 { … … 311 313 312 314 unsigned int verify; 313 ret = gnutls_ocsp_resp_verify(resp, *( sc->ocsp->trust), &verify, 0);315 ret = gnutls_ocsp_resp_verify(resp, *(req_data->trust), &verify, 0); 314 316 if (ret != GNUTLS_E_SUCCESS) 315 317 { … … 718 720 719 721 apr_time_t next_update; 720 if (check_ocsp_response(s, &resp, &next_update, nonce.size ? &nonce : NULL) 722 if (check_ocsp_response(s, sc->ocsp, &resp, &next_update, 723 nonce.size ? &nonce : NULL) 721 724 != GNUTLS_E_SUCCESS) 722 725 {
Note: See TracChangeset
for help on using the changeset viewer.
