diff options
| author | NIIBE Yutaka <[email protected]> | 2025-11-11 02:33:14 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2025-11-11 02:33:14 +0000 |
| commit | 9ef87bcdb03490085e2fd16c0e8ee60de7514f28 (patch) | |
| tree | 529fb0525dd9d32602d5d984e291328aee61cafb | |
| parent | gpg: Improve --list-packets for algorithm 8 (diff) | |
| download | gnupg-9ef87bcdb03490085e2fd16c0e8ee60de7514f28.tar.gz gnupg-9ef87bcdb03490085e2fd16c0e8ee60de7514f28.zip | |
dirmngr: Fix OCSP check.
* dirmngr/ocsp.c (ocsp_isvalid): Fix the condition, it's wrong
to require *TMP_TIME is zero.
--
Here, NEXT_UPDATE is valid (that is, next_update[0] is not zero).
So is TMP_TIME.
Reported-by: Joshua Rogers <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | dirmngr/ocsp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index aee921e9a..40e282484 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -944,7 +944,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, gnupg_copy_time (tmp_time, next_update); add_seconds_to_isotime (tmp_time, opt.ocsp_current_period+opt.ocsp_max_clock_skew); - if (!*tmp_time && strcmp (tmp_time, current_time) < 0 ) + if (strcmp (tmp_time, current_time) < 0 ) { log_error (_("OCSP responder returned an too old status\n")); log_info ("used now: %s next_update: %s\n", |