Skip to content

Commit

Permalink
Don't check OCSP if there are no OCSP servers in the chain (#255)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdtw
jdtw authored Feb 9, 2022
1 parent dc9943e commit 8f0d49f
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions lib/ocsp.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,15 @@ func checkOCSP(chain []*x509.Certificate, ocspStaple []byte) (status *ocsp.Respo
return nil, skippedRevocationCheck
}

// Skip if there are no OCSP servers in the chain.
numServers := 0
for _, cert := range chain[1:] {
numServers += len(cert.OCSPServer)
}
if numServers == 0 {
return nil, skippedRevocationCheck
}

retries := maxOCSPValidationRetries
if len(ocspStaple) > 0 {
// Don't retry if stapled
Expand Down

0 comments on commit 8f0d49f

Please sign in to comment.