This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit d90a2d06e27e2434e116da549387db387b2e3a56 Author: Mark Thomas <[email protected]> AuthorDate: Thu Dec 11 08:59:55 2025 +0000 Ensure basic response is cleaned up --- native/src/sslutils.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/native/src/sslutils.c b/native/src/sslutils.c index 5ca4e8b55..03aeed5d3 100644 --- a/native/src/sslutils.c +++ b/native/src/sslutils.c @@ -1060,11 +1060,12 @@ static int process_ocsp_response(OCSP_REQUEST *ocsp_req, OCSP_RESPONSE *ocsp_res certid = OCSP_cert_to_id(NULL, cert, issuer); if (certid == NULL) { - return OCSP_STATUS_UNKNOWN; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_OCSP_RESP_INVALID); + o = OCSP_STATUS_UNKNOWN; + goto clean_bs; } - ss = OCSP_resp_get0(bs, OCSP_resp_find(bs, certid, -1)); /* find by serial number and get the matching response */ - + ss = OCSP_resp_get0(bs, OCSP_resp_find(bs, certid, -1)); /* find by serial number and get the matching response */ i = OCSP_single_get0_status(ss, NULL, NULL, NULL, NULL); if (i == V_OCSP_CERTSTATUS_GOOD) o = OCSP_STATUS_OK; --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
