MINOR: ocsp: Do not see ocsp loading failures as fatal anymore

Until now, if the call to 'ssl_sock_load_ocsp' raised an error, because
of a missing issuer certificate for instance, we would send a fatal
error code and the init would fail.
With this patch we only consider this as a non-critical error and we
will send a warning instead. In such a case the OCSP response will not
be loaded and stapling or auto update features will not work for the
certificate.
This commit is contained in:
Remi Tricot-Le Breton 2026-06-25 15:39:18 +02:00 committed by William Lallemand
parent 236bb6d5f9
commit e090316735

View file

@ -3111,7 +3111,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, struct ckch_store *store
else
memprintf(err, "%s '%s' has an OCSP auto-update set to 'on' but an error occurred (maybe the OCSP URI or the issuer could not be found)'.\n",
err && *err ? *err : "", path);
errcode |= ERR_ALERT | ERR_FATAL;
errcode |= ERR_WARN;
goto end;
}
#endif