tizen 2.4 release

[framework/security/key-manager.git] / src / manager / service / ocsp.cpp

diff --git a/src/manager/service/ocsp.cpp b/src/manager/service/ocsp.cpp
index 4f4477e..22b8b25 100644 (file)
--- a/src/manager/service/ocsp.cpp
+++ b/src/manager/service/ocsp.cpp
@@ -71,14 +71,13 @@ int OCSPModule::verify(const CertificateImplVector &certificateChain) {
     // create trusted store
     X509_STACK_PTR trustedCerts = create_x509_stack();
 
-    // skip first 2 certificates
-    for (auto it=certificateChain.cbegin()+2; it != certificateChain.cend(); it++)
-    {
-        if (it->empty()) {
+    for (unsigned int i=1; i < certificateChain.size(); i++) { // except leaf certificate
+        if (certificateChain[i].empty()) {
             LogError("Error. Broken certificate chain.");
             return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
         }
-        sk_X509_push(trustedCerts.get(), it->getX509());
+        sk_X509_push(trustedCerts.get(), certificateChain[i].getX509());
+        // these trusted certs will be changed while verifying ocsp status.
     }
 
     for (unsigned int i=0; i < certificateChain.size() -1; i++) {// except root certificate
@@ -183,7 +182,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
     }
 
     if (BIO_do_connect(cbio) <= 0) {
-        LogDebug("Error in BIO_do_connect.");
+        LogError("Error in BIO_do_connect.");
         ERR_print_errors(bioLogger.get());
         /* report error */
 
@@ -217,17 +216,17 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
     req = OCSP_REQUEST_new();
 
     if(req == NULL) {
-        LogDebug("Error in OCPS_REQUEST_new");
+        LogError("Error in OCPS_REQUEST_new");
         return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
     }
     certid = OCSP_cert_to_id(NULL, cert, issuer);
     if(certid == NULL)  {
-        LogDebug("Error in OCSP_cert_to_id");
+        LogError("Error in OCSP_cert_to_id");
         return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
     }
 
     if(OCSP_request_add0_id(req, certid) == NULL) {
-        LogDebug("Error in OCSP_request_add0_id");
+        LogError("Error in OCSP_request_add0_id");
         return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
     }
 
@@ -284,7 +283,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
         OCSP_REQUEST_free(req);
         OCSP_RESPONSE_free(resp);
 
-        LogDebug("Error in OCSP_response_get1_basic");
+        LogError("Error in OCSP_response_get1_basic");
         return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
     }
 
@@ -317,7 +316,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
             OCSP_RESPONSE_free(resp);
             OCSP_BASICRESP_free(bs);
             X509_STORE_free(trustedStore);
-            LogDebug("Error in OCSP_check_nonce");
+            LogError("Error in OCSP_check_nonce");
             return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
         }
     }
@@ -333,7 +332,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
         OCSP_BASICRESP_free(bs);
         X509_STORE_free(trustedStore);
 
-        LogDebug("Error in OCSP_resp_find_status");
+        LogError("Error in OCSP_resp_find_status");
         return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
     }
 
@@ -350,7 +349,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
         OCSP_BASICRESP_free(bs);
         X509_STORE_free(trustedStore);
 
-        LogDebug("Error in OCSP_check_validity");
+        LogError("Error in OCSP_check_validity");
         return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
     }