sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-25 09:01:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

[ocsp] Centralise test for whether or not an OCSP check is required

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2018-03-18 22:21:49 +02:00
parent ae93064496
commit a0021a30dd
3 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/crypto/x509.c
View File

@@ -40,6 +40,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <ipxe/socket.h>
#include <ipxe/in.h>
#include <ipxe/image.h>
#include <ipxe/ocsp.h>
#include <ipxe/x509.h>
#include <config/crypto.h>
@@ -1362,8 +1363,7 @@ int x509_validate ( struct x509_certificate *cert,
}
/* Fail if OCSP is required */
if ( cert->extensions.auth_info.ocsp.uri.len &&
( ! cert->extensions.auth_info.ocsp.good ) ) {
if ( ocsp_required ( cert ) ) {
DBGC ( cert, "X509 %p \"%s\" requires an OCSP check\n",
cert, x509_name ( cert ) );
return -EACCES_OCSP_REQUIRED;