From 7bdc9e26f791ad80019ebf8d2122d4ea2019ca0a Mon Sep 17 00:00:00 2001
From: Chris Moos <chris@chrismoos.com>
Date: Sat, 6 Feb 2016 23:19:32 -0700
Subject: [PATCH] GetOCSPCert should fail if there are no OCSP servers in the
 cert.

---
 acme/crypto.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/acme/crypto.go b/acme/crypto.go
index b9623042..347c9bc1 100644
--- a/acme/crypto.go
+++ b/acme/crypto.go
@@ -90,6 +90,10 @@ func GetOCSPForCert(bundle []byte) ([]byte, *ocsp.Response, error) {
 	issuedCert := certificates[0]
 	issuerCert := certificates[1]
 
+	if len(issuedCert.OCSPServer) == 0 {
+		return nil, nil, errors.New("no OCSP server specified in cert")
+	}
+
 	// Finally kick off the OCSP request.
 	ocspReq, err := ocsp.CreateRequest(issuedCert, issuerCert, nil)
 	if err != nil {