(tomcat) 05/07: Set specific error when V_OCSP_CERTSTATUS_REVOKED

Fri, 17 Oct 2025 13:21:01 -0700 

This is an automated email from the ASF dual-hosted git repository.

dsoumis pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0be2617fb64e71785db3d51a35a4c9989fd98d63
Author: Dimitris Soumis <[email protected]>
AuthorDate: Thu Oct 9 20:40:11 2025 +0300

    Set specific error when V_OCSP_CERTSTATUS_REVOKED
---
 .../apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java   |  1 +
 java/org/apache/tomcat/util/openssl/openssl_h.java             | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 03e9cb8a0c..793dd58da3 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1171,6 +1171,7 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
                     if (ocspResponse == V_OCSP_CERTSTATUS_REVOKED()) {
                         ok = 0;
                         errnum = X509_STORE_CTX_get_error(x509ctx);
+                        X509_STORE_CTX_set_error(x509ctx, 
X509_V_ERR_CERT_REVOKED());
                     } else if (ocspResponse == V_OCSP_CERTSTATUS_UNKNOWN()) {
                         errnum = X509_STORE_CTX_get_error(x509ctx);
                         if (errnum == X509_V_ERR_APPLICATION_VERIFICATION() || 
errnum < 0) {
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h.java 
b/java/org/apache/tomcat/util/openssl/openssl_h.java
index ac9858e422..039126f12d 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h.java
@@ -226,6 +226,16 @@ public class openssl_h {
         return X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
     }
 
+    private static final int X509_V_ERR_CERT_REVOKED = (int) 23L;
+
+    /**
+     * {@snippet lang = c : * #define X509_V_ERR_CERT_REVOKED 23
+     * }
+     */
+    public static int X509_V_ERR_CERT_REVOKED() {
+        return X509_V_ERR_CERT_REVOKED;
+    }
+
     private static final int X509_V_ERR_UNABLE_TO_GET_CRL = (int) 3L;
 
     /**


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to