don't be so verbose about the OCSP nonce; it is universally unsupported

3 files changed, 6 insertions, 4 deletions

diff --git a/src/cli.c b/src/cli.c
index e02080d302..998a1190ab 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -1880,7 +1880,7 @@ static int cert_verify_ocsp(gnutls_session_t session)
 		}
 
 		/* verify and check the response for revoked cert */
-		ret = check_ocsp_response(cert, issuer, &resp, &nonce);
+		ret = check_ocsp_response(cert, issuer, &resp, &nonce, verbose);
 		if (ret == 1)
 			ok++;
 		else
diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c
index ec5903c14b..b0fb18ddd2 100644
--- a/src/ocsptool-common.c
+++ b/src/ocsptool-common.c
@@ -314,7 +314,7 @@ void print_ocsp_verify_res(unsigned int output)
 int
 check_ocsp_response(gnutls_x509_crt_t cert,
 		    gnutls_x509_crt_t issuer, gnutls_datum_t * data,
-		    gnutls_datum_t * nonce)
+		    gnutls_datum_t * nonce, int verbose)
 {
 	gnutls_ocsp_resp_t resp;
 	int ret;
@@ -409,7 +409,8 @@ check_ocsp_response(gnutls_x509_crt_t cert,
 
 		ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce);
 		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
-			fprintf(stderr, "*** The OCSP reply did not include the requested nonce.\n");
+			if (verbose)
+				fprintf(stderr, "*** The OCSP reply did not include the requested nonce.\n");
 			goto finish_ok;
 		}
 
diff --git a/src/ocsptool-common.h b/src/ocsptool-common.h
index 5922cb0ae5..c8b130e479 100644
--- a/src/ocsptool-common.h
+++ b/src/ocsptool-common.h
@@ -42,6 +42,7 @@ void print_ocsp_verify_res(unsigned int output);
 
 int
 check_ocsp_response(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
-		    gnutls_datum_t * data, gnutls_datum_t *nonce);
+		    gnutls_datum_t * data, gnutls_datum_t *nonce,
+		    int verbose);
 
 #endif