certvalidator icon indicating copy to clipboard operation
certvalidator copied to clipboard
verified publisher icon wbond

OCSPValidationError is not handled

Open atmenta opened this issue 6 years ago • 1 comments

When certvalidator fetches an OCSP response, but request and response nonces do not match OCSPValidationError is raised:

https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/ocsp_client.py#L101-L103

However, this error is neither caught (and handled), nor documented.

Note: Other OCSP related errors are converted into derived exceptions (OCSPValidationIndeterminateError and OCSPNoMatchesError) which are handled in validate._validate_path:

https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L375-L397

However, its not clear for me how not matching nonces should be handled at the end.

atmenta avatar Sep 24 '19 11:09 atmenta

It would appear that this exception is just missing from the :raises: docs.

wbond avatar Sep 24 '19 14:09 wbond