From 90b68a672a75792cbe47ee4a181a003e68eefb74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Fri, 3 Aug 2007 10:12:09 +0000
Subject: [PATCH] Update to use CERT_REVOKED error, shortcut out of OCSP
 checking when OCSP reply is a revocation reply.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21800 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/revoke.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c
index 997fa9307..45d7f52c4 100644
--- a/lib/hx509/revoke.c
+++ b/lib/hx509/revoke.c
@@ -618,6 +618,10 @@ hx509_revoke_verify(hx509_context context,
 	    case choice_OCSPCertStatus_good:
 		break;
 	    case choice_OCSPCertStatus_revoked:
+		hx509_set_error_string(context, 0, 
+				       HX509_CERT_REVOKED,
+				       "Certificate revoked by issuer in OCSP");
+		return HX509_CERT_REVOKED;
 	    case choice_OCSPCertStatus_unknown:
 		continue;
 	    }
@@ -705,7 +709,10 @@ hx509_revoke_verify(hx509_context context,
 		    if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
 			return HX509_CRL_UNKNOWN_EXTENSION;
 	    
-	    return HX509_CRL_CERT_REVOKED;
+	    hx509_set_error_string(context, 0, 
+				   HX509_CERT_REVOKED,
+				   "Certificate revoked by issuer in CRL");
+	    return HX509_CERT_REVOKED;
 	}
 
 	return 0;