[gnutls-devel] GnuTLS | check all ocsp response records for cert serial number (!1877)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Sep 24 03:35:24 CEST 2024




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2125808464


Thank you for the patch, though I'm not sure if it is a good idea to modify the API behavior. Looking at the current `gnutls_ocsp_resp_check_crt`, it returns `GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE` iff the `indx` is out of range, so we could let the caller iterate by its own:
```c
for (indx = 0; ; indx++) {
  ret = gnutls_ocsp_resp_check_crt(resp, indx, cert);
  if (ret == 0 || ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
    break;
}
if (ret < 0)
  /* error: no matching response */
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2125808464
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240924/566f85cf/attachment.html>


More information about the Gnutls-devel mailing list