diff options
author | Matt Caswell <matt@openssl.org> | 2015-12-10 10:44:30 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-12-27 21:59:04 +0000 |
commit | b1931d432f4b53ceb2e2eacec09c2e32e043830b (patch) | |
tree | 0d1960f182b912139c16cb47ed755d5d014630be /ssl/t1_lib.c | |
parent | 43c34894d703e3e5c2fc03bad3a78a1cf10d8ba5 (diff) |
Simplify calling of the OCSP callback
Move all calls of the OCSP callback into one place, rather than repeating it
in two different places.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 25 |
1 files changed, 4 insertions, 21 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index df62a136f4..73ad6048d3 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2847,30 +2847,13 @@ int ssl_check_serverhello_tlsext(SSL *s) s-> initial_ctx->tlsext_servername_arg); + /* + * Ensure we get sensible values passed to tlsext_status_cb in the event + * that we don't receive a status message + */ OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; - /* - * If we've requested certificate status and we wont get one tell the - * callback - */ - if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) - && !(s->hit) && s->ctx && s->ctx->tlsext_status_cb) { - int r; - /* - * Call callback with resp == NULL and resplen == -1 so callback - * knows there is no response - */ - r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); - if (r == 0) { - al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - } - if (r < 0) { - al = SSL_AD_INTERNAL_ERROR; - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - } - } switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: |