From a0021a30dd8db832714e327bbbc65d3589f528ab Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Sun, 18 Mar 2018 22:21:49 +0200
Subject: [ocsp] Centralise test for whether or not an OCSP check is required

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/net/validator.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src/net')

diff --git a/src/net/validator.c b/src/net/validator.c
index 68abe1b5..40f778c7 100644
--- a/src/net/validator.c
+++ b/src/net/validator.c
@@ -488,8 +488,7 @@ static void validator_step ( struct validator *validator ) {
 		/* The issuer is valid, but this certificate is not
 		 * yet valid.  If OCSP is applicable, start it.
 		 */
-		if ( cert->extensions.auth_info.ocsp.uri.len &&
-		     ( ! cert->extensions.auth_info.ocsp.good ) ) {
+		if ( ocsp_required ( cert ) ) {
 			/* Start OCSP */
 			if ( ( rc = validator_start_ocsp ( validator, cert,
 							   issuer ) ) != 0 ) {
-- 
cgit v1.2.3-55-g7522