diff options
| author | Michael Brown | 2018-03-18 21:21:49 +0100 |
|---|---|---|
| committer | Michael Brown | 2018-03-18 21:25:01 +0100 |
| commit | a0021a30dd8db832714e327bbbc65d3589f528ab (patch) | |
| tree | facbeee3dc57ac4d3cd314236e087e285ce14289 /src/crypto | |
| parent | [profile] Prevent potential division by zero (diff) | |
| download | ipxe-a0021a30dd8db832714e327bbbc65d3589f528ab.tar.gz ipxe-a0021a30dd8db832714e327bbbc65d3589f528ab.tar.xz ipxe-a0021a30dd8db832714e327bbbc65d3589f528ab.zip | |
[ocsp] Centralise test for whether or not an OCSP check is required
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/x509.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 76ace031..feb7e4a0 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -40,6 +40,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/socket.h> #include <ipxe/in.h> #include <ipxe/image.h> +#include <ipxe/ocsp.h> #include <ipxe/x509.h> #include <config/crypto.h> @@ -1362,8 +1363,7 @@ int x509_validate ( struct x509_certificate *cert, } /* Fail if OCSP is required */ - if ( cert->extensions.auth_info.ocsp.uri.len && - ( ! cert->extensions.auth_info.ocsp.good ) ) { + if ( ocsp_required ( cert ) ) { DBGC ( cert, "X509 %p \"%s\" requires an OCSP check\n", cert, x509_name ( cert ) ); return -EACCES_OCSP_REQUIRED; |