From 6e090ace3db2f558ee09365762fffff32b476191 Mon Sep 17 00:00:00 2001
From: Raul Metsma <raul@metsma.ee>
Date: Thu, 7 May 2026 08:43:58 +0300
Subject: [PATCH] Check if OCSP response is valid

IB-8891

Signed-off-by: Raul Metsma <raul@metsma.ee>
---
 src/crypto/OCSP.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/crypto/OCSP.cpp b/src/crypto/OCSP.cpp
index 86262053d..5f9a4d1a7 100644
--- a/src/crypto/OCSP.cpp
+++ b/src/crypto/OCSP.cpp
@@ -92,6 +92,8 @@ OCSP::OCSP(const X509Cert &cert, const X509Cert &issuer, const std::string &user
         THROW("Failed to send OCSP request");
     const auto *p2 = (const unsigned char*)result.content.c_str();
     resp.reset(d2i_OCSP_RESPONSE(nullptr, &p2, long(result.content.size())));
+    if(!resp)
+        THROW_OPENSSLEXCEPTION("Failed to parse OCSP response.");
 
     switch(int respStatus = OCSP_response_status(resp.get()))
     {