[gnutls-devel] GnuTLS | check all ocsp response records for cert serial number (!1877)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Sep 24 03:35:24 CEST 2024
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2125808464
Thank you for the patch, though I'm not sure if it is a good idea to modify the API behavior. Looking at the current `gnutls_ocsp_resp_check_crt`, it returns `GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE` iff the `indx` is out of range, so we could let the caller iterate by its own:
```c
for (indx = 0; ; indx++) {
ret = gnutls_ocsp_resp_check_crt(resp, indx, cert);
if (ret == 0 || ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
}
if (ret < 0)
/* error: no matching response */
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2125808464
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240924/566f85cf/attachment.html>
More information about the Gnutls-devel
mailing list