diff --git a/cyassl/error.h b/cyassl/error.h index fd6781c19..b95c780b1 100644 --- a/cyassl/error.h +++ b/cyassl/error.h @@ -92,9 +92,12 @@ enum CyaSSL_ErrorCodes { NOT_CA_ERROR = -257, /* Not a CA cert error */ BAD_PATH_ERROR = -258, /* Bad path for opendir */ BAD_CERT_MANAGER_ERROR = -259, /* Bad Cert Manager */ - OCSP_CERT_REVOKED = -260, + OCSP_CERT_REVOKED = -260, /* OCSP Certificate revoked */ CRL_CERT_REVOKED = -261, /* CRL Certificate revoked */ CRL_MISSING = -262, /* CRL Not loaded */ + OCSP_NEED_URL = -263, /* OCSP need an URL for lookup */ + OCSP_CERT_UNKNOWN = -264, /* OCSP responder doesn't know */ + OCSP_LOOKUP_FAIL = -265, /* OCSP lookup not successful */ /* add strings to SetErrorString !!!!! */ /* begin negotiation parameter errors */ diff --git a/src/internal.c b/src/internal.c index 561d9c0ac..5cc2f5a44 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1697,9 +1697,9 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) } #ifdef HAVE_OCSP - if (CyaSSL_OCSP_Lookup_Cert(&ssl->ctx->ocsp, &dCert) == CERT_REVOKED) { - CYASSL_MSG("\tOCSP Lookup returned revoked"); - ret = OCSP_CERT_REVOKED; + ret = CyaSSL_OCSP_Lookup_Cert(&ssl->ctx->ocsp, &dCert); + if (ret != 0) { + CYASSL_MSG("\tOCSP Lookup not ok"); fatal = 0; } #endif @@ -3530,6 +3530,18 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, "CRL missing, not loaded", max); break; + case OCSP_NEED_URL: + XSTRNCPY(str, "OCSP need URL", max); + break; + + case OCSP_CERT_UNKNOWN: + XSTRNCPY(str, "OCSP Cert unknown", max); + break; + + case OCSP_LOOKUP_FAIL: + XSTRNCPY(str, "OCSP Responder lookup fail", max); + break; + default : XSTRNCPY(str, "unknown error number", max); }