Update to use CERT_REVOKED error, shortcut out of OCSP checking when OCSP reply is a revocation reply.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21800 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-08-03 10:12:09 +00:00
parent 0df9285b48
commit 90b68a672a

View File

@@ -618,6 +618,10 @@ hx509_revoke_verify(hx509_context context,
case choice_OCSPCertStatus_good:
break;
case choice_OCSPCertStatus_revoked:
hx509_set_error_string(context, 0,
HX509_CERT_REVOKED,
"Certificate revoked by issuer in OCSP");
return HX509_CERT_REVOKED;
case choice_OCSPCertStatus_unknown:
continue;
}
@@ -705,7 +709,10 @@ hx509_revoke_verify(hx509_context context,
if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
return HX509_CRL_UNKNOWN_EXTENSION;
return HX509_CRL_CERT_REVOKED;
hx509_set_error_string(context, 0,
HX509_CERT_REVOKED,
"Certificate revoked by issuer in CRL");
return HX509_CERT_REVOKED;
}
return 0;