revocation: Log error if no OCSP signer candidate found
Fixes evaluation of ikev2/ocsp-untrusted-cert.
This commit is contained in:
parent
11614d783b
commit
94fb33bb88
|
@ -118,7 +118,6 @@ static bool verify_ocsp(ocsp_response_t *response, certificate_t *ca)
|
|||
{ /* OCSP signer currently invalid */
|
||||
continue;
|
||||
}
|
||||
found = TRUE;
|
||||
if (!ca->equals(ca, issuer))
|
||||
{ /* delegated OCSP signer? */
|
||||
if (!lib->credmgr->issued_by(lib->credmgr, issuer, ca, NULL))
|
||||
|
@ -130,6 +129,7 @@ static bool verify_ocsp(ocsp_response_t *response, certificate_t *ca)
|
|||
continue;
|
||||
}
|
||||
}
|
||||
found = TRUE;
|
||||
if (lib->credmgr->issued_by(lib->credmgr, subject, issuer, NULL))
|
||||
{
|
||||
DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"",
|
||||
|
|
Loading…
Reference in New Issue