For unknown certificates OCSP should have unknown CertStatus

dogtagpki · Aug 9, 2023 · db966eb · db966eb
1 parent b70f070
commit db966eb
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/base/ocsp/src/main/java/com/netscape/cms/ocsp/LDAPStore.java b/base/ocsp/src/main/java/com/netscape/cms/ocsp/LDAPStore.java
@@ -415,7 +415,9 @@ public SingleResponse processRequest(Request req) throws Exception {
         }
 
         if (theCert == null) {
-            throw new Exception("Issuer certificate not found/served");
+            logger.info("Missing issuer certificate");
+            // Unknown cert so respond with unknown state
+            return new SingleResponse(cid, new UnknownInfo(), new GeneralizedTime(new Date()), null);
         }
 
         if (theCRL == null) {