nghttpx: Fix crash in OCSP response verification

8f7fa1b1 · Tatsuhiro Tsujikawa · e5889ce6 · 8f7fa1b1
Commit 8f7fa1b1 authored May 30, 2017 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

src/shrpx_tls.cc src/shrpx_tls.cc +4 -1

No files found.
--- a/src/shrpx_tls.cc
+++ b/src/shrpx_tls.cc
@@ -1844,9 +1844,12 @@ int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
  }
  auto bs_deleter = defer(OCSP_BASICRESP_free, bs);

+  auto store = X509_STORE_new();
+  auto store_deleter = defer(X509_STORE_free, store);
+
  ERR_clear_error();

-  rv = OCSP_basic_verify(bs, chain_certs, nullptr, OCSP_TRUSTOTHER);
+  rv = OCSP_basic_verify(bs, chain_certs, store, OCSP_TRUSTOTHER);

  if (rv != 1) {
    LOG(ERROR) << "OCSP_basic_verify failed: "