From cae43b890a4a23154f73c58112541de13ed9ee59 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 3 May 2018 11:19:18 +0200
Subject: [PATCH] revocation: Set defaults if CRL/OCSP checking is disabled in
 config

---
 .../plugins/revocation/revocation_validator.c            | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index 1a7013b0f..edb2f8074 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -824,6 +824,10 @@ METHOD(cert_validator_t, validate, bool,
 					break;
 			}
 		}
+		else
+		{
+			auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED);
+		}
 
 		if (this->enable_crl)
 		{
@@ -847,6 +851,11 @@ METHOD(cert_validator_t, validate, bool,
 					break;
 			}
 		}
+		else
+		{
+			auth->add(auth, AUTH_RULE_CRL_VALIDATION,
+					  auth->get(auth, AUTH_RULE_OCSP_VALIDATION));
+		}
 
 		lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_VALIDATION_FAILED,
 								subject);