ocsp: set properly OCSP_NOCERTS flag in OCSP::Request#sign

The variable names 'flg' and 'flags' are mixed up and it doesn't set
OCSP_NOCERTS flag correctly when the 'certs' argument is not given.
[Bug #12704] [ruby-core:77061]

1 files changed, 9 insertions, 7 deletions

diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index fc6ba503..de0ee047 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -373,14 +373,16 @@ ossl_ocspreq_get_certid(VALUE self)
  *
  * Signs this OCSP request using +cert+, +key+ and optional +digest+. If
  * +digest+ is not specified, SHA-1 is used. +certs+ is an optional Array of
- * additional certificates that will be included in the request. If +certs+ is
- * not specified, flag OpenSSL::OCSP::NOCERTS is set. Pass an empty array to
- * include only the signer certificate.
+ * additional certificates which are included in the request in addition to
+ * the signer certificate. Note that if +certs+ is nil or not given, flag
+ * OpenSSL::OCSP::NOCERTS is enabled. Pass an empty array to include only the
+ * signer certificate.
  *
- * +flags+ can include:
- * OpenSSL::OCSP::NOCERTS::    don't include certificates
+ * +flags+ can be a bitwise OR of the following constants:
+ *
+ * OpenSSL::OCSP::NOCERTS::
+ *   Don't include any certificates in the request. +certs+ will be ignored.
  */
-
 static VALUE
 ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
 {
@@ -404,7 +406,7 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
     else
 	md = GetDigestPtr(digest);
     if (NIL_P(certs))
-	flags |= OCSP_NOCERTS;
+	flg |= OCSP_NOCERTS;
     else
 	x509s = ossl_x509_ary2sk(certs);