Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Modify the check of the OCSP response and return better error codes.
Fixes ZD 17027.
Testing
I set up an OCSP responder with a set of certificates and demo CA I have set up. I created a new certificate to use with the example server.
I first ran the OCSP responder. I generated a new server certificate, slack.pem, and connected to the server with the client. The responder didn't know about the certificate yet and returned unknown. I restarted the responder and connected again getting a good status. I revoked the certificate and restarted the responder, client returned the revoked error.
Checklist