Checkout
Ruediger Pluem
committed
on 18 Mar
* modules/ssl/ssl_util_stapling.c (stapling_check_response) Don't send
out an OCSP response that can't be parsed.

If the crypto/ASN lib… Show more
* modules/ssl/ssl_util_stapling.c (stapling_check_response) Don't send

 out an OCSP response that can't be parsed.

 If the crypto/ASN library can't parse a response as 'basic OCSP'

 even if it leads with a OCSP successful status, then don't pass it

 to the client. There is nothing to say at all it isn't just garbage.

 And if other types of messages are standardized they can be added.

PR: 60182

Obtained from: https://github.com/apache/httpd/commit/e72154c75dab1cc043ea1aad36758806855efb25.diff

Submitted by: <gmoniker@gmail.com>

Reviewed by: rpluem

Show less