Open atmenta opened 4 years ago
When certvalidator fetches an OCSP response, but request and response nonces do not match OCSPValidationError is raised:
OCSPValidationError
https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/ocsp_client.py#L101-L103
However, this error is neither caught (and handled), nor documented.
Note: Other OCSP related errors are converted into derived exceptions (OCSPValidationIndeterminateError and OCSPNoMatchesError) which are handled in validate._validate_path:
OCSPValidationIndeterminateError
OCSPNoMatchesError
validate._validate_path
https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L375-L397
However, its not clear for me how not matching nonces should be handled at the end.
It would appear that this exception is just missing from the :raises: docs.
:raises:
When certvalidator fetches an OCSP response, but request and response nonces do not match
OCSPValidationError
is raised:https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/ocsp_client.py#L101-L103
However, this error is neither caught (and handled), nor documented.
Note: Other OCSP related errors are converted into derived exceptions (
OCSPValidationIndeterminateError
andOCSPNoMatchesError
) which are handled invalidate._validate_path
:https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L375-L397
However, its not clear for me how not matching nonces should be handled at the end.