From 11eebe14b232ec198d1446a3720e6ed78d118c4b Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 15 Jan 2015 15:49:53 +0100
Subject: ocsptool-common: iterate through all AIA items prior to decidig the
 OCSP server

---
 src/ocsptool-common.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c
index d753e2f442..cc83e7a937 100644
--- a/src/ocsptool-common.c
+++ b/src/ocsptool-common.c
@@ -147,6 +147,7 @@ int send_ocsp_request(const char *server,
 	unsigned char *p;
 	const char *hostname;
 	const char *path = "";
+	unsigned i;
 	unsigned int headers_size = 0, port;
 	socket_st hd;
 
@@ -156,15 +157,23 @@ int send_ocsp_request(const char *server,
 		/* try to read URL from issuer certificate */
 		gnutls_datum_t data;
 
-		ret = gnutls_x509_crt_get_authority_info_access(cert, 0,
-								GNUTLS_IA_OCSP_URI,
-								&data,
-								NULL);
+		i = 0;
+		do {
+			ret = gnutls_x509_crt_get_authority_info_access(cert, i++,
+									GNUTLS_IA_OCSP_URI,
+									&data,
+									NULL);
+		} while(ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+		if (ret < 0) {
+			i = 0;
+			do {
+				ret =
+				    gnutls_x509_crt_get_authority_info_access
+				    (issuer, i++, GNUTLS_IA_OCSP_URI, &data, NULL);
+			} while(ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+		}
 
-		if (ret < 0)
-			ret =
-			    gnutls_x509_crt_get_authority_info_access
-			    (issuer, 0, GNUTLS_IA_OCSP_URI, &data, NULL);
 		if (ret < 0) {
 			fprintf(stderr,
 				"Cannot find URL from issuer: %s\n",
-- 
cgit v1.2.1