diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-09-12 21:13:47 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-09-12 21:13:47 +0100 |
| commit | 4f59c424dabfc69b7313d84685df68dd406d6ff9 (patch) | |
| tree | 10b1555a2aebcee6aadc017f46cd9b3cd762c8e7 /src | |
| parent | 0eb51736637f6c93a2fd6cb65316f8ae11f0a0be (diff) | |
Fix needless OCSP request under DANE
usage 3 and with require_ocsp in play though inactive
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/tls-openssl.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 7d9ab8b4d..b77ed32e1 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1784,28 +1784,29 @@ tls_out.tlsa_usage = 0; #ifndef DISABLE_OCSP { +# ifdef EXPERIMENTAL_DANE + if ( tlsa_dnsa + && ob->hosts_request_ocsp[0] == '*' + && ob->hosts_request_ocsp[1] == '\0' + ) + { + /* Unchanged from default. Use a safer one under DANE */ + request_ocsp = TRUE; + ob->hosts_request_ocsp = US"${if or { {= {0}{$tls_out_tlsa_usage}} " + " {= {4}{$tls_out_tlsa_usage}} } " + " {*}{}}"; + } +# endif + if ((require_ocsp = verify_check_this_host(&ob->hosts_require_ocsp, NULL, host->name, host->address, NULL) == OK)) request_ocsp = TRUE; else - { # ifdef EXPERIMENTAL_DANE - if ( tlsa_dnsa - && ob->hosts_request_ocsp[0] == '*' - && ob->hosts_request_ocsp[1] == '\0' - ) - { - /* Unchanged from default. Use a safer one under DANE */ - request_ocsp = TRUE; - ob->hosts_request_ocsp = US"${if or { {= {0}{$tls_out_tlsa_usage}} " - " {= {4}{$tls_out_tlsa_usage}} } " - " {*}{}}"; - } - else + if (!request_ocsp) # endif request_ocsp = verify_check_this_host(&ob->hosts_request_ocsp, NULL, host->name, host->address, NULL) == OK; - } } #endif |