diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-12 12:12:40 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-12 13:15:52 +0200 |
| commit | 52dd79f7d4657218903783106562a82dcce7b9cc (patch) | |
| tree | 39b1bd89d456027a96f75c7d199b79ab45bde801 | |
| parent | 033fcb209416d07a7d023d9308173321370d255f (diff) | |
| download | gnutls-52dd79f7d4657218903783106562a82dcce7b9cc.tar.gz | |
gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable
That is because this field is not optional, and a failure on its
parsing is always fatal. Reported by Yuan Jochen Kang.
| -rw-r--r-- | lib/x509/ocsp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 6bebcb4a86..9748b6a629 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -1500,10 +1500,11 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp, ret = asn1_read_value(resp->basicresp, name, ttime, &len); if (ret != ASN1_SUCCESS) { gnutls_assert(); - *this_update = (time_t) (-1); - } else + return GNUTLS_E_ASN1_DER_ERROR; + } else { *this_update = _gnutls_x509_generalTime2gtime(ttime); + } } if (next_update) { |