Walk over all results from getaddrinfo() instead of giving up after the

first entry. This way ocspcheck will try all returned IPs to contact
the OCSP server. Found by the regress test and a resolv.conf file with
'family inet6 inet4'.
OK kn@ deraadt@

diff --git a/usr.sbin/ocspcheck/ocspcheck.c b/usr.sbin/ocspcheck/ocspcheck.c
index dec548e..50f114f 100644 (file)
--- a/usr.sbin/ocspcheck/ocspcheck.c
+++ b/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocspcheck.c,v 1.28 2020/10/16 01:16:55 beck Exp $ */
+/* $OpenBSD: ocspcheck.c,v 1.29 2021/02/09 16:55:51 claudio Exp $ */
 
 /*
  * Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org>
@@ -113,7 +113,6 @@ host_dns(const char *s, struct addr vec[MAX_SERVERS_DNS])
 
                dspew("DNS returns %s for %s\n", vec[vecsz].ip, s);
                vecsz++;
-               break;
        }
 
        freeaddrinfo(res0);