1 /* ocsp.c - OCSP management
2 * Copyright (C) 2004, 2007 g10 Code GmbH
4 * This file is part of DirMngr.
6 * DirMngr is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * DirMngr is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
31 #include "certcache.h"
34 /* The maximum size we allow as a response from an OCSP reponder. */
35 #define MAX_RESPONSE_SIZE 65536
38 static const char oidstr_ocsp[] = "1.3.6.1.5.5.7.48.1";
41 /* Telesec attribute used to implement a positive confirmation.
43 CertHash ::= SEQUENCE {
44 HashAlgorithm AlgorithmIdentifier,
45 certificateHash OCTET STRING }
47 /* static const char oidstr_certHash[] = "1.3.36.8.3.13"; */
52 /* Read from FP and return a newly allocated buffer in R_BUFFER with the
53 entire data read from FP. */
55 read_response (estream_t fp, unsigned char **r_buffer, size_t *r_buflen)
58 unsigned char *buffer;
59 size_t bufsize, nbytes;
65 buffer = xtrymalloc (bufsize);
67 return gpg_error_from_errno (errno);
75 assert (nbytes < bufsize);
76 nread = es_fread (buffer+nbytes, 1, bufsize-nbytes, fp);
77 if (nread < bufsize-nbytes && es_ferror (fp))
79 err = gpg_error_from_errno (errno);
80 log_error (_("error reading from responder: %s\n"),
85 if ( !(nread == bufsize-nbytes && !es_feof (fp)))
86 { /* Response successfully received. */
95 /* Need to enlarge the buffer. */
96 if (bufsize >= MAX_RESPONSE_SIZE)
98 log_error (_("response from server too large; limit is %d bytes\n"),
101 return gpg_error (GPG_ERR_TOO_LARGE);
105 tmp = xtryrealloc (buffer, bufsize);
108 err = gpg_error_from_errno (errno);
117 /* Construct an OCSP request, send it to the configured OCSP responder
118 and parse the response. On success the OCSP context may be used to
119 further process the response. The signature value and the
120 production date are returned at R_SIGVAL and R_PRODUCED_AT; they
121 may be NULL or an empty string if not available. A new hash
122 context is returned at R_MD. */
124 do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp,
125 const char *url, ksba_cert_t cert, ksba_cert_t issuer_cert,
126 ksba_sexp_t *r_sigval, ksba_isotime_t r_produced_at,
130 unsigned char *request, *response;
131 size_t requestlen, responselen;
133 ksba_ocsp_response_status_t response_status;
135 int redirects_left = 2;
136 char *free_this = NULL;
144 if (dirmngr_use_tor ())
146 /* For now we do not allow OCSP via Tor due to possible privacy
147 concerns. Needs further research. */
148 const char *msg = _("OCSP request not possible due to Tor mode");
149 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
150 log_error ("%s", msg);
151 dirmngr_status_printf (ctrl, "NOTE", "no_ocsp_due_to_tor %u %s", err,msg);
155 if (opt.disable_http)
157 log_error (_("OCSP request not possible due to disabled HTTP\n"));
158 return gpg_error (GPG_ERR_NOT_SUPPORTED);
161 err = ksba_ocsp_add_target (ocsp, cert, issuer_cert);
164 log_error (_("error setting OCSP target: %s\n"), gpg_strerror (err));
170 unsigned char nonce[32];
172 n = ksba_ocsp_set_nonce (ocsp, NULL, 0);
173 if (n > sizeof nonce)
175 gcry_create_nonce (nonce, n);
176 ksba_ocsp_set_nonce (ocsp, nonce, n);
179 err = ksba_ocsp_build_request (ocsp, &request, &requestlen);
182 log_error (_("error building OCSP request: %s\n"), gpg_strerror (err));
187 err = http_open (ctrl, &http, HTTP_REQ_POST, url, NULL, NULL,
188 ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
189 | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
190 | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
191 | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
192 ctrl->http_proxy, NULL, NULL, NULL);
195 log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err));
200 es_fprintf (http_get_write_ptr (http),
201 "Content-Type: application/ocsp-request\r\n"
202 "Content-Length: %lu\r\n",
203 (unsigned long)requestlen );
204 http_start_data (http);
205 if (es_fwrite (request, requestlen, 1, http_get_write_ptr (http)) != 1)
207 err = gpg_error_from_errno (errno);
208 log_error ("error sending request to '%s': %s\n", url, strerror (errno));
209 http_close (http, 0);
217 err = http_wait_response (http);
218 if (err || http_get_status_code (http) != 200)
221 log_error (_("error reading HTTP response for '%s': %s\n"),
222 url, gpg_strerror (err));
225 switch (http_get_status_code (http))
230 const char *s = http_get_header (http, "Location");
232 log_info (_("URL '%s' redirected to '%s' (%u)\n"),
233 url, s?s:"[none]", http_get_status_code (http));
234 if (s && *s && redirects_left-- )
236 xfree (free_this); url = NULL;
237 free_this = xtrystrdup (s);
239 err = gpg_error_from_errno (errno);
243 http_close (http, 0);
248 err = gpg_error (GPG_ERR_NO_DATA);
249 log_error (_("too many redirections\n"));
253 case 413: /* Payload too large */
254 err = gpg_error (GPG_ERR_TOO_LARGE);
258 log_error (_("error accessing '%s': http status %u\n"),
259 url, http_get_status_code (http));
260 err = gpg_error (GPG_ERR_NO_DATA);
264 http_close (http, 0);
269 err = read_response (http_get_read_ptr (http), &response, &responselen);
270 http_close (http, 0);
273 log_error (_("error reading HTTP response for '%s': %s\n"),
274 url, gpg_strerror (err));
278 /* log_printhex (response, responselen, "ocsp response"); */
280 err = ksba_ocsp_parse_response (ocsp, response, responselen,
284 log_error (_("error parsing OCSP response for '%s': %s\n"),
285 url, gpg_strerror (err));
291 switch (response_status)
293 case KSBA_OCSP_RSPSTATUS_SUCCESS: t = "success"; break;
294 case KSBA_OCSP_RSPSTATUS_MALFORMED: t = "malformed"; break;
295 case KSBA_OCSP_RSPSTATUS_INTERNAL: t = "internal error"; break;
296 case KSBA_OCSP_RSPSTATUS_TRYLATER: t = "try later"; break;
297 case KSBA_OCSP_RSPSTATUS_SIGREQUIRED: t = "must sign request"; break;
298 case KSBA_OCSP_RSPSTATUS_UNAUTHORIZED: t = "unauthorized"; break;
299 case KSBA_OCSP_RSPSTATUS_REPLAYED: t = "replay detected"; break;
300 case KSBA_OCSP_RSPSTATUS_OTHER: t = "other (unknown)"; break;
301 case KSBA_OCSP_RSPSTATUS_NONE: t = "no status"; break;
302 default: t = "[unknown status]"; break;
304 if (response_status == KSBA_OCSP_RSPSTATUS_SUCCESS)
309 log_info (_("OCSP responder at '%s' status: %s\n"), url, t);
311 /* Get the signature value now because we can call this function
313 *r_sigval = ksba_ocsp_get_sig_val (ocsp, r_produced_at);
315 hash_algo = hash_algo_from_sigval (*r_sigval);
319 log_info ("ocsp: using SHA-256 as fallback hash algo.\n");
320 hash_algo = GCRY_MD_SHA256;
322 err = gcry_md_open (r_md, hash_algo, 0);
325 log_error (_("failed to establish a hashing context for OCSP: %s\n"),
330 gcry_md_debug (*r_md, "ocsp");
332 err = ksba_ocsp_hash_response (ocsp, response, responselen,
335 log_error (_("hashing the OCSP response for '%s' failed: %s\n"),
336 url, gpg_strerror (err));
340 log_error (_("OCSP responder at '%s' status: %s\n"), url, t);
341 err = gpg_error (GPG_ERR_GENERAL);
352 gcry_md_close (*r_md);
359 /* Validate that CERT is indeed valid to sign an OCSP response. If
360 SIGNER_FPR_LIST is not NULL we simply check that CERT matches one
361 of the fingerprints in this list. */
363 validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert,
364 fingerprint_list_t signer_fpr_list)
371 fpr = get_fingerprint_hexstring (cert);
372 for (; signer_fpr_list && strcmp (signer_fpr_list->hexfpr, fpr);
373 signer_fpr_list = signer_fpr_list->next)
379 log_error (_("not signed by a default OCSP signer's certificate"));
380 err = gpg_error (GPG_ERR_BAD_CA_CERT);
386 /* We avoid duplicating the entire certificate validation code
387 from gpgsm here. Because we have no way calling back to the
388 client and letting it compute the validity, we use the ugly
389 hack of telling the client that the response will only be
390 valid if the certificate given in this status message is
393 Note, that in theory we could simply ask the client via an
394 inquire to validate a certificate but this might involve
395 calling DirMngr again recursively - we can't do that as of now
396 (neither DirMngr nor gpgsm have the ability for concurrent
397 access to DirMngr. */
399 /* FIXME: We should cache this certificate locally, so that the next
400 call to dirmngr won't need to look it up - if this works at
402 fpr = get_fingerprint_hexstring (cert);
403 dirmngr_status (ctrl, "ONLY_VALID_IF_CERT_VALID", fpr, NULL);
412 /* Helper for check_signature. MD is the finalized hash context. */
414 check_signature_core (ctrl_t ctrl, ksba_cert_t cert, gcry_sexp_t s_sig,
415 gcry_md_hd_t md, fingerprint_list_t signer_fpr_list)
418 gcry_sexp_t s_pkey = NULL;
419 gcry_sexp_t s_hash = NULL;
423 /* Get the public key as a gcrypt s-expression. */
425 ksba_sexp_t pk = ksba_cert_get_public_key (cert);
427 err = gpg_error (GPG_ERR_INV_OBJ);
430 err = canon_sexp_to_gcry (pk, &s_pkey);
437 mdalgo = gcry_md_get_algo (md);
438 mdlen = gcry_md_get_algo_dlen (mdalgo);
440 if (pk_algo_from_sexp (s_pkey) == GCRY_PK_ECC)
442 unsigned int qbits0, qbits;
444 qbits0 = gcry_pk_get_nbits (s_pkey);
445 qbits = qbits0 == 521? 512 : qbits0;
449 log_error ("ECDSA requires the hash length to be a"
450 " multiple of 8 bits\n");
451 err = gpg_error (GPG_ERR_INTERNAL);
455 /* Don't allow any Q smaller than 160 bits. */
458 log_error (_("%s key uses an unsafe (%u bit) hash\n"),
460 err = gpg_error (GPG_ERR_INTERNAL);
464 /* Check if we're too short. */
467 log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
468 (unsigned int)mdlen*8,
473 err = gpg_error (GPG_ERR_INTERNAL);
482 err = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
483 (int)mdlen, gcry_md_read (md, mdalgo));
485 else if (mdalgo && (s = gcry_md_algo_name (mdalgo)) && strlen (s) < 16)
488 char hashalgostr[16+1];
492 hashalgostr[i] = ascii_tolower (s[i]);
494 err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
497 gcry_md_read (md, mdalgo));
500 err = gpg_error (GPG_ERR_DIGEST_ALGO);
503 log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err));
509 gcry_log_debugsxp ("sig ", s_sig);
510 gcry_log_debugsxp ("hash", s_hash);
513 err = gcry_pk_verify (s_sig, s_hash, s_pkey);
517 err = validate_responder_cert (ctrl, cert, signer_fpr_list);
520 gcry_sexp_release (s_hash);
521 gcry_sexp_release (s_pkey);
526 /* Check the signature of an OCSP response. OCSP is the context,
527 S_SIG the signature value and MD the handle of the hash we used for
528 the response. This function automagically finds the correct public
529 key. If SIGNER_FPR_LIST is not NULL, the default OCSP reponder has been
530 used and thus the certificate is one of those identified by
533 check_signature (ctrl_t ctrl,
534 ksba_ocsp_t ocsp, gcry_sexp_t s_sig, gcry_md_hd_t md,
535 fingerprint_list_t signer_fpr_list)
541 /* Create a suitable S-expression with the hash value of our response. */
544 /* Get rid of old OCSP specific certificate references. */
545 release_ctrl_ocsp_certs (ctrl);
547 if (signer_fpr_list && !signer_fpr_list->next)
549 /* There is exactly one signer fingerprint given. Thus we use
550 the default OCSP responder's certificate and instantly know
551 the certificate to use. */
552 cert = get_cert_byhexfpr (signer_fpr_list->hexfpr);
554 cert = get_cert_local (ctrl, signer_fpr_list->hexfpr);
557 err = check_signature_core (ctrl, cert, s_sig, md,
559 ksba_cert_release (cert);
563 return 0; /* Successfully verified the signature. */
572 /* Put all certificates included in the response into the cache
573 and setup a list of those certificate which will later be
574 preferred used when locating certificates. */
575 for (cert_idx=0; (cert = ksba_ocsp_get_cert (ocsp, cert_idx));
580 /* dump_cert ("from ocsp response", cert); */
581 cref = xtrymalloc (sizeof *cref);
584 err = gpg_error_from_syserror ();
585 log_error (_("allocating list item failed: %s\n"),
588 else if (!cache_cert_silent (cert, &cref->fpr))
590 cref->next = ctrl->ocsp_certs;
591 ctrl->ocsp_certs = cref;
597 /* Get the certificate by means of the responder ID. */
598 err = ksba_ocsp_get_responder_id (ocsp, &name, &keyid);
601 log_error (_("error getting responder ID: %s\n"),
602 gcry_strerror (err));
605 cert = find_cert_bysubject (ctrl, name, keyid);
608 log_error ("responder certificate ");
610 log_printf ("'/%s' ", name);
617 log_printf ("not found\n");
622 err = check_signature_core (ctrl, cert, s_sig, md, signer_fpr_list);
623 ksba_cert_release (cert);
628 return 0; /* Successfully verified the signature. */
630 log_error ("responder certificate ");
632 log_printf ("'/%s' ", name);
639 log_printf ("did not verify: %s\n", gpg_strerror (err));
645 log_error (_("no suitable certificate found to verify the OCSP response\n"));
646 return gpg_error (GPG_ERR_NO_PUBKEY);
650 /* Check whether the certificate either given by fingerprint CERT_FPR
651 or directly through the CERT object is valid by running an OCSP
652 transaction. With FORCE_DEFAULT_RESPONDER set only the configured
653 default responder is used. If R_REVOKED_AT or R_REASON are not
654 NULL and the certificat has been revoked the revocation time and
655 the reasons are stored there. */
657 ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
658 int force_default_responder, ksba_isotime_t r_revoked_at,
659 const char **r_reason)
662 ksba_ocsp_t ocsp = NULL;
663 ksba_cert_t issuer_cert = NULL;
664 ksba_sexp_t sigval = NULL;
665 gcry_sexp_t s_sig = NULL;
666 ksba_isotime_t current_time;
667 ksba_isotime_t this_update, next_update, revocation_time, produced_at;
668 ksba_isotime_t tmp_time;
669 ksba_status_t status;
670 ksba_crl_reason_t reason;
671 char *url_buffer = NULL;
673 gcry_md_hd_t md = NULL;
677 fingerprint_list_t default_signer = NULL;
685 /* Get the certificate. */
688 ksba_cert_ref (cert);
690 err = find_issuing_cert (ctrl, cert, &issuer_cert);
693 log_error (_("issuer certificate not found: %s\n"),
700 cert = get_cert_local (ctrl, cert_fpr);
703 log_error (_("caller did not return the target certificate\n"));
704 err = gpg_error (GPG_ERR_GENERAL);
707 issuer_cert = get_issuing_cert_local (ctrl, NULL);
710 log_error (_("caller did not return the issuing certificate\n"));
711 err = gpg_error (GPG_ERR_GENERAL);
716 /* Create an OCSP instance. */
717 err = ksba_ocsp_new (&ocsp);
720 log_error (_("failed to allocate OCSP context: %s\n"),
725 /* Figure out the OCSP responder to use.
726 1. Try to get the reponder from the certificate.
727 We do only take http and https style URIs into account.
728 2. If this fails use the default responder, if any.
731 for (idx=0; !url && !opt.ignore_ocsp_service_url && !force_default_responder
732 && !(err=ksba_cert_get_authority_info_access (cert, idx,
733 &oid, &name)); idx++)
735 if ( !strcmp (oid, oidstr_ocsp) )
737 for (i=0; !url && ksba_name_enum (name, i); i++)
739 char *p = ksba_name_get_uri (name, i);
740 if (p && (!ascii_strncasecmp (p, "http:", 5)
741 || !ascii_strncasecmp (p, "https:", 6)))
742 url = url_buffer = p;
747 ksba_name_release (name);
750 if (err && gpg_err_code (err) != GPG_ERR_EOF)
752 log_error (_("can't get authorityInfoAccess: %s\n"), gpg_strerror (err));
757 if (!opt.ocsp_responder || !*opt.ocsp_responder)
759 log_info (_("no default OCSP responder defined\n"));
760 err = gpg_error (GPG_ERR_CONFIGURATION);
763 if (!opt.ocsp_signer)
765 log_info (_("no default OCSP signer defined\n"));
766 err = gpg_error (GPG_ERR_CONFIGURATION);
769 url = opt.ocsp_responder;
770 default_signer = opt.ocsp_signer;
772 log_info (_("using default OCSP responder '%s'\n"), url);
777 log_info (_("using OCSP responder '%s'\n"), url);
780 /* Ask the OCSP responder. */
781 err = do_ocsp_request (ctrl, ocsp, url, cert, issuer_cert,
782 &sigval, produced_at, &md);
786 /* It is sometimes useful to know the responder ID. */
790 ksba_sexp_t resp_keyid;
792 err = ksba_ocsp_get_responder_id (ocsp, &resp_name, &resp_keyid);
794 log_info (_("error getting responder ID: %s\n"), gpg_strerror (err));
797 log_info ("responder id: ");
799 log_printf ("'/%s' ", resp_name);
803 dump_serial (resp_keyid);
808 ksba_free (resp_name);
809 ksba_free (resp_keyid);
813 /* We got a useful answer, check that the answer has a valid signature. */
814 if (!sigval || !*produced_at || !md)
816 err = gpg_error (GPG_ERR_INV_OBJ);
819 if ( (err = canon_sexp_to_gcry (sigval, &s_sig)) )
823 err = check_signature (ctrl, ocsp, s_sig, md, default_signer);
827 /* We only support one certificate per request. Check that the
828 answer matches the right certificate. */
829 err = ksba_ocsp_get_status (ocsp, cert,
830 &status, this_update, next_update,
831 revocation_time, &reason);
834 log_error (_("error getting OCSP status for target certificate: %s\n"),
839 /* In case the certificate has been revoked, we better invalidate
840 our cached validation status. */
841 if (status == KSBA_STATUS_REVOKED)
843 time_t validated_at = 0; /* That is: No cached validation available. */
844 err = ksba_cert_set_user_data (cert, "validated_at",
845 &validated_at, sizeof (validated_at));
848 log_error ("set_user_data(validated_at) failed: %s\n",
850 err = 0; /* The certificate is anyway revoked, and that is a
851 more important message than the failure of our
857 case KSBA_CRLREASON_UNSPECIFIED:
858 sreason = "unspecified"; break;
859 case KSBA_CRLREASON_KEY_COMPROMISE:
860 sreason = "key compromise"; break;
861 case KSBA_CRLREASON_CA_COMPROMISE:
862 sreason = "CA compromise"; break;
863 case KSBA_CRLREASON_AFFILIATION_CHANGED:
864 sreason = "affiliation changed"; break;
865 case KSBA_CRLREASON_SUPERSEDED:
866 sreason = "superseded"; break;
867 case KSBA_CRLREASON_CESSATION_OF_OPERATION:
868 sreason = "cessation of operation"; break;
869 case KSBA_CRLREASON_CERTIFICATE_HOLD:
870 sreason = "certificate on hold"; break;
871 case KSBA_CRLREASON_REMOVE_FROM_CRL:
872 sreason = "removed from CRL"; break;
873 case KSBA_CRLREASON_PRIVILEGE_WITHDRAWN:
874 sreason = "privilege withdrawn"; break;
875 case KSBA_CRLREASON_AA_COMPROMISE:
876 sreason = "AA compromise"; break;
877 case KSBA_CRLREASON_OTHER:
878 sreason = "other"; break;
879 default: sreason = "?"; break;
887 log_info (_("certificate status is: %s (this=%s next=%s)\n"),
888 status == KSBA_STATUS_GOOD? _("good"):
889 status == KSBA_STATUS_REVOKED? _("revoked"):
890 status == KSBA_STATUS_UNKNOWN? _("unknown"):
891 status == KSBA_STATUS_NONE? _("none"): "?",
892 this_update, next_update);
893 if (status == KSBA_STATUS_REVOKED)
894 log_info (_("certificate has been revoked at: %s due to: %s\n"),
895 revocation_time, sreason);
900 if (status == KSBA_STATUS_REVOKED)
902 err = gpg_error (GPG_ERR_CERT_REVOKED);
904 gnupg_copy_time (r_revoked_at, revocation_time);
908 else if (status == KSBA_STATUS_UNKNOWN)
909 err = gpg_error (GPG_ERR_NO_DATA);
910 else if (status != KSBA_STATUS_GOOD)
911 err = gpg_error (GPG_ERR_GENERAL);
913 /* Allow for some clock skew. */
914 gnupg_get_isotime (current_time);
915 add_seconds_to_isotime (current_time, opt.ocsp_max_clock_skew);
917 if (strcmp (this_update, current_time) > 0 )
919 log_error (_("OCSP responder returned a status in the future\n"));
920 log_info ("used now: %s this_update: %s\n", current_time, this_update);
922 err = gpg_error (GPG_ERR_TIME_CONFLICT);
925 /* Check that THIS_UPDATE is not too far back in the past. */
926 gnupg_copy_time (tmp_time, this_update);
927 add_seconds_to_isotime (tmp_time,
928 opt.ocsp_max_period+opt.ocsp_max_clock_skew);
929 if (!*tmp_time || strcmp (tmp_time, current_time) < 0 )
931 log_error (_("OCSP responder returned a non-current status\n"));
932 log_info ("used now: %s this_update: %s\n",
933 current_time, this_update);
935 err = gpg_error (GPG_ERR_TIME_CONFLICT);
938 /* Check that we are not beyond NEXT_UPDATE (plus some extra time). */
941 gnupg_copy_time (tmp_time, next_update);
942 add_seconds_to_isotime (tmp_time,
943 opt.ocsp_current_period+opt.ocsp_max_clock_skew);
944 if (!*tmp_time && strcmp (tmp_time, current_time) < 0 )
946 log_error (_("OCSP responder returned an too old status\n"));
947 log_info ("used now: %s next_update: %s\n",
948 current_time, next_update);
950 err = gpg_error (GPG_ERR_TIME_CONFLICT);
957 gcry_sexp_release (s_sig);
959 ksba_cert_release (issuer_cert);
960 ksba_cert_release (cert);
961 ksba_ocsp_release (ocsp);
967 /* Release the list of OCSP certificates hold in the CTRL object. */
969 release_ctrl_ocsp_certs (ctrl_t ctrl)
971 while (ctrl->ocsp_certs)
973 cert_ref_t tmp = ctrl->ocsp_certs->next;
974 xfree (ctrl->ocsp_certs);
975 ctrl->ocsp_certs = tmp;