openssl: fix the ocsp len arg to Curl_vtls_apple_verify

If it has no data, pass in a zero.

Fixes #19303
Reported-by: Harry Sintonen
Closes #19305
This commit is contained in:
Daniel Stenberg 2025-10-31 17:09:31 +01:00
parent 9c0b239ec1
commit d646d5a130
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2

View file

@ -5129,6 +5129,10 @@ static CURLcode ossl_apple_verify(struct Curl_cfilter *cf,
if(conn_config->verifystatus && !octx->reused_session)
ocsp_len = (long)SSL_get_tlsext_status_ocsp_resp(octx->ssl, &ocsp_data);
/* SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP
response data or -1 if there is no OCSP response data. */
if(ocsp_len < 0)
ocsp_len = 0; /* no data available */
result = Curl_vtls_apple_verify(cf, data, peer, chain.num_certs,
ossl_chain_get_der, &chain,
ocsp_data, ocsp_len);