[openssl-dev] [openssl.org #4018] [BUG] openssl ocsp command returns exist code 0 even if responder returns error

Tatsuhiro Tsujikawa via RT Mon, 24 Aug 2015 08:43:00 -0700

Hi,

When doing ocsp query using openssl ocsp command bundled with openssl
1.0.2d, and ocsp responder returns non-successful status code (e.g.,
trylater(3)), openssl ocsp command still returns exit status code 0.
I'm not sure this is intentional, but apparently ocsp query is failed
because we didn't get the response back, so it should return non zero
status code.


The attached patch will fix this issue.

BTW, I'm using Debian sid.

Best regards,
Tatsuhiro Tsujikawa

--- openssl-1.0.2d/apps/ocsp.c.orig	2015-08-21 22:57:22.682709126 +0900
+++ openssl-1.0.2d/apps/ocsp.c	2015-08-21 22:58:13.558499890 +0900
@@ -787,7 +787,7 @@
                    OCSP_response_status_str(i), i);
         if (ignore_err)
             goto redo_accept;
-        ret = 0;
+
         goto end;
     }

_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4018] [BUG] openssl ocsp command returns exist code 0 even if responder returns error

Reply via email to