Skip to content

ocsp: fix uninitialized variables in BasicResponse#status #1004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rhenium merged 1 commit into from
Feb 16, 2026
+32 −3
Merged

ocsp: fix uninitialized variables in BasicResponse#status #1004

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ext/openssl/ossl_ocsp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -905,8 +905,8 @@ ossl_ocspbres_get_status(VALUE self)
int count = OCSP_resp_count(bs);
for (int i = 0; i < count; i++) {
OCSP_SINGLERESP *single = OCSP_resp_get0(bs, i);
ASN1_TIME *revtime, *thisupd, *nextupd;
int reason;
ASN1_TIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL;
int reason = -1;

int status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd);
if (status < 0)
Expand Down
2 changes: 1 addition & 1 deletion ext/openssl/ossl_pkcs7.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1010,7 +1010,7 @@ static VALUE
ossl_pkcs7si_get_signed_time(VALUE self)
{
PKCS7_SIGNER_INFO *p7si;
ASN1_TYPE *asn1obj;
const ASN1_TYPE *asn1obj;

GetPKCS7si(self, p7si);

Expand Down
29 changes: 29 additions & 0 deletions test/openssl/test_ocsp.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,35 @@ def test_basic_response_dup
assert_equal bres.to_der, bres.dup.to_der
end

def test_basic_response_status_good
bres = OpenSSL::OCSP::BasicResponse.new
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest.new('SHA1'))
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0, nil, -300, 500, nil)
bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert])

statuses = bres.status
assert_equal 1, statuses.size
status = statuses[0]
assert_equal cid.to_der, status[0].to_der
assert_equal OpenSSL::OCSP::V_CERTSTATUS_GOOD, status[1]
assert_nil status[3] # revtime should be nil for GOOD status
end

def test_basic_response_status_revoked
bres = OpenSSL::OCSP::BasicResponse.new
now = Time.at(Time.now.to_i)
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest.new('SHA1'))
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_REVOKED,
OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED, now - 400, -300, nil, nil)
bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert])

statuses = bres.status
assert_equal 1, statuses.size
status = statuses[0]
assert_equal OpenSSL::OCSP::V_CERTSTATUS_REVOKED, status[1]
assert_equal now - 400, status[3] # revtime should be the revocation time
end

def test_basic_response_response_operations
bres = OpenSSL::OCSP::BasicResponse.new
now = Time.at(Time.now.to_i)
Expand Down
Loading