// create trusted store
X509_STACK_PTR trustedCerts = create_x509_stack();
- // skip first 2 certificates
- for (auto it=certificateChain.cbegin()+2; it != certificateChain.cend(); it++)
- {
- if (it->empty()) {
+ for (unsigned int i=1; i < certificateChain.size(); i++) { // except leaf certificate
+ if (certificateChain[i].empty()) {
LogError("Error. Broken certificate chain.");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
- sk_X509_push(trustedCerts.get(), it->getX509());
+ sk_X509_push(trustedCerts.get(), certificateChain[i].getX509());
+ // these trusted certs will be changed while verifying ocsp status.
}
for (unsigned int i=0; i < certificateChain.size() -1; i++) {// except root certificate
}
if (BIO_do_connect(cbio) <= 0) {
- LogDebug("Error in BIO_do_connect.");
+ LogError("Error in BIO_do_connect.");
ERR_print_errors(bioLogger.get());
/* report error */
req = OCSP_REQUEST_new();
if(req == NULL) {
- LogDebug("Error in OCPS_REQUEST_new");
+ LogError("Error in OCPS_REQUEST_new");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
certid = OCSP_cert_to_id(NULL, cert, issuer);
if(certid == NULL) {
- LogDebug("Error in OCSP_cert_to_id");
+ LogError("Error in OCSP_cert_to_id");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
if(OCSP_request_add0_id(req, certid) == NULL) {
- LogDebug("Error in OCSP_request_add0_id");
+ LogError("Error in OCSP_request_add0_id");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
OCSP_REQUEST_free(req);
OCSP_RESPONSE_free(resp);
- LogDebug("Error in OCSP_response_get1_basic");
+ LogError("Error in OCSP_response_get1_basic");
return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
}
OCSP_RESPONSE_free(resp);
OCSP_BASICRESP_free(bs);
X509_STORE_free(trustedStore);
- LogDebug("Error in OCSP_check_nonce");
+ LogError("Error in OCSP_check_nonce");
return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
}
}
OCSP_BASICRESP_free(bs);
X509_STORE_free(trustedStore);
- LogDebug("Error in OCSP_resp_find_status");
+ LogError("Error in OCSP_resp_find_status");
return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
}
OCSP_BASICRESP_free(bs);
X509_STORE_free(trustedStore);
- LogDebug("Error in OCSP_check_validity");
+ LogError("Error in OCSP_check_validity");
return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
}