Hi Sander,
> Le 23 oct. 2017 à 11:00, Sander Hoentjen <[email protected]> a écrit : > > Hi Willy, > > > On 10/22/2017 10:02 AM, Willy Tarreau wrote: >> Hi Manu, >> >> On Tue, Oct 10, 2017 at 03:44:07PM +0200, Emmanuel Hocdet wrote: >>> Hi Emeric, >>> >>> >>> ocsp_status can be 'good', 'revoked', or 'unknown'. 'revoked' status >>> is a correct status and ocsp response should not be dropped. >>> In case of certificate with OCSP must-stapling extension, response with >>> 'revoked' status must be provided as well as 'good' status. >> given that it looks like a bug, I merged it and re-tagged it with BUG. > The manpage says: > "OCSP_single_get0_status() returns the status of single or -1 if an > error occurred." > With this change, the -1 case is not handled correctly anymore it seems? > I am not sure if it will ever happen, but I have attached a patch for it. > Thanks to spotted this! patch could be also: ++ Manu
0001-BUG-MINOR-ssl-OCSP_single_get0_status-can-return-1.patch
Description: Binary data
