ocsp: Introduced GNUTLS_CERT_INVALID_OCSP_STATUS

This verification status flag indicates an OCSP status response being stapled but it being invalid for some reason (e.g., unable to parse or doesn't contain the expected certificate).
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-06-01 14:13:52 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-06-01 16:00:09 +0200
commit: 63fa76e089e7a46ed687e8efe36c5062648a4be1 (patch)
tree: c094620ccc49565483671f67071cf7c544e0cacf /lib/cert.c
parent: 5e6f4e646e61a6fda9ebc101c62eb4a6c9d9dcd5 (diff)
download: gnutls-63fa76e089e7a46ed687e8efe36c5062648a4be1.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/cert.c b/lib/cert.c
index a43f487d3d..c49bbe760a 100644
--- a/lib/cert.c
+++ b/lib/cert.c
@@ -991,6 +991,11 @@ gnutls_certificate_verification_status_print(unsigned int status,
 					  _
 					  ("The certificate requires the server to include an OCSP status in its response, but the OCSP status is missing. "));
 
+	if (status & GNUTLS_CERT_INVALID_OCSP_STATUS)
+		_gnutls_buffer_append_str(&str,
+					  _
+					  ("The received OCSP status response is invalid. "));
+
 	return _gnutls_buffer_to_datum(&str, out, 1);
 }
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-06-01 14:13:52 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-06-01 16:00:09 +0200
commit	63fa76e089e7a46ed687e8efe36c5062648a4be1 (patch)
tree	c094620ccc49565483671f67071cf7c544e0cacf /lib/cert.c
parent	5e6f4e646e61a6fda9ebc101c62eb4a6c9d9dcd5 (diff)
download	gnutls-63fa76e089e7a46ed687e8efe36c5062648a4be1.tar.gz