diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-02-19 18:00:26 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-04-02 18:17:00 +0200 |
| commit | afe554c2d244b4e7fc8c1b14acef806a2a581a8d (patch) | |
| tree | 0af31aa1a20a0106423ee23522e35504e6013e1a /crypto/cmp/cmp_http.c | |
| parent | 98278b963171ece10a42d18594045b875103115b (diff) | |
Chunk 10 of CMP contribution to OpenSSL: CMP http client and related tests
Also improve the generic HTTP client w.r.t. proxy and no_proxy options.
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11404)
Diffstat (limited to 'crypto/cmp/cmp_http.c')
| -rw-r--r-- | crypto/cmp/cmp_http.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c new file mode 100644 index 0000000000..be78d95577 --- /dev/null +++ b/crypto/cmp/cmp_http.c @@ -0,0 +1,66 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include <stdio.h> + +#include <openssl/asn1t.h> +#include <openssl/http.h> +#include "internal/sockets.h" + +#include "openssl/cmp.h" +#include "cmp_local.h" + +/* explicit #includes not strictly needed since implied by the above: */ +#include <ctype.h> +#include <fcntl.h> +#include <stdlib.h> +#include <openssl/bio.h> +#include <openssl/buffer.h> +#include <openssl/cmp.h> +#include <openssl/err.h> + +/* + * Send the PKIMessage req and on success return the response, else NULL. + * Any previous error queue entries will likely be removed by ERR_clear_error(). + */ +OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req) +{ + char server_port[32]; + STACK_OF(CONF_VALUE) *headers = NULL; + OSSL_CMP_MSG *res = NULL; + const char *const content_type_pkix = "application/pkixcmp"; + + if (ctx == NULL || req == NULL + || ctx->serverName == NULL || ctx->serverPort == 0) { + CMPerr(0, CMP_R_NULL_ARGUMENT); + return 0; + } + + if (!X509V3_add_value("Pragma", "no-cache", &headers)) + return NULL; + + BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort); + + res = (OSSL_CMP_MSG *) + OSSL_HTTP_post_asn1(ctx->serverName, server_port, ctx->serverPath, + OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL, + ctx->proxy, ctx->no_proxy, NULL, NULL, + ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), + headers, content_type_pkix, + (ASN1_VALUE *)req, ASN1_ITEM_rptr(OSSL_CMP_MSG), + 0, 0, ctx->msg_timeout, content_type_pkix, + ASN1_ITEM_rptr(OSSL_CMP_MSG)); + + sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); + return res; +} |