summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2017-06-20 08:31:41 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2017-06-20 12:46:04 +0200
commitd8e575bf2863b1987808f6418ee19b3b423a3320 (patch)
treeab9c90b19590b833fce33ea1ca966e5d44d34c05
parent692ebe18468358edc503fcf856891649936d335a (diff)
downloadgnutls-d8e575bf2863b1987808f6418ee19b3b423a3320.tar.gz
ocsptool: allow combining --load-trust with --verify-response
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r--src/ocsptool.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/ocsptool.c b/src/ocsptool.c
index 4f3176be70..dfc11803c0 100644
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -471,6 +471,13 @@ static void verify_response(gnutls_datum_t *nonce)
signer = chain[0];
else
signer = chain[1];
+
+ v = _verify_response(&dat, nonce, signer);
+
+ for (i=0;i<chain_size;i++)
+ gnutls_x509_crt_deinit(chain[i]);
+ } else if (HAVE_OPT(LOAD_TRUST)) {
+ v = _verify_response(&dat, nonce, NULL);
} else {
memset(&info, 0, sizeof(info));
info.verbose = verbose;
@@ -481,16 +488,11 @@ static void verify_response(gnutls_datum_t *nonce)
info.cert = OPT_ARG(LOAD_SIGNER);
signer = load_cert(1, &info);
- }
- v = _verify_response(&dat, nonce, signer);
-
- if (chain_size > 0) {
- for (i=0;i<chain_size;i++)
- gnutls_x509_crt_deinit(chain[i]);
- } else {
+ v = _verify_response(&dat, nonce, signer);
gnutls_x509_crt_deinit(signer);
}
+
free(dat.data);
if (v && !HAVE_OPT(IGNORE_ERRORS))