From e0903167358ab12dda18dab7d45230269ea8226e Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Thu, 25 Jun 2026 15:39:18 +0200 Subject: [PATCH] MINOR: ocsp: Do not see ocsp loading failures as fatal anymore Until now, if the call to 'ssl_sock_load_ocsp' raised an error, because of a missing issuer certificate for instance, we would send a fatal error code and the init would fail. With this patch we only consider this as a non-critical error and we will send a warning instead. In such a case the OCSP response will not be loaded and stapling or auto update features will not work for the certificate. --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 7220f400a..171857e2f 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3111,7 +3111,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, struct ckch_store *store else memprintf(err, "%s '%s' has an OCSP auto-update set to 'on' but an error occurred (maybe the OCSP URI or the issuer could not be found)'.\n", err && *err ? *err : "", path); - errcode |= ERR_ALERT | ERR_FATAL; + errcode |= ERR_WARN; goto end; } #endif -- 2.47.3