diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2019-10-30 23:39:35 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-02-10 16:49:37 +0100 |
| commit | 29f178bddfdbd11218fbcba0b8060297696968e3 (patch) | |
| tree | a44efcd919c122d9c6ff38c61b14676b002aa010 /crypto/ocsp/ocsp_http.c | |
| parent | bcbb30afe2ef51c7affaaa7ce4db67e26e7ff6b7 (diff) | |
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c
The new client has become an independent libcrpyto module in crypto/http/ and
* can handle any types of requests and responses (ASN.1-encoded and plain)
* does not include potentially busy loops when waiting for responses but
* makes use of a new timeout mechanism integrated with socket-based BIO
* supports the use of HTTP proxies and TLS, including HTTPS over proxies
* supports HTTP redirection via codes 301 and 302 for GET requests
* returns more useful diagnostics in various error situations
Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/,
crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10667)
Diffstat (limited to 'crypto/ocsp/ocsp_http.c')
| -rw-r--r-- | crypto/ocsp/ocsp_http.c | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c new file mode 100644 index 0000000000..39277c1bba --- /dev/null +++ b/crypto/ocsp/ocsp_http.c @@ -0,0 +1,65 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/ocsp.h> +#include <openssl/http.h> +#include "../http/http_local.h" + +#ifndef OPENSSL_NO_OCSP + +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req) +{ + return OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request", + ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req); +} + +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline) +{ + BIO *req_mem = HTTP_asn1_item2bio(ASN1_ITEM_rptr(OCSP_REQUEST), + (ASN1_VALUE *)req); + OCSP_REQ_CTX *res = + HTTP_REQ_CTX_new(io, io, 0 /* no HTTP proxy used */, NULL, NULL, path, + NULL /* headers */, "application/ocsp-request", + req_mem /* may be NULL */, + maxline, 0 /* default max_resp_len */, + 0 /* no timeout, blocking indefinite */, NULL, + 1 /* expect_asn1 */); + BIO_free(req_mem); + return res; +} + +# ifndef OPENSSL_NO_SOCK +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) +{ + *presp = (OCSP_RESPONSE *) + OCSP_REQ_CTX_nbio_d2i(rctx, ASN1_ITEM_rptr(OCSP_RESPONSE)); + return *presp != NULL; +} + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) +{ + OCSP_RESPONSE *resp = NULL; + OCSP_REQ_CTX *ctx; + int rv; + + ctx = OCSP_sendreq_new(b, path, req, -1 /* default max resp line length */); + if (ctx == NULL) + return NULL; + + rv = OCSP_sendreq_nbio(&resp, ctx); + + /* this indirectly calls ERR_clear_error(): */ + OCSP_REQ_CTX_free(ctx); + + return rv == 1 ? resp : NULL; +} +# endif /* !defined(OPENSSL_NO_SOCK) */ + +#endif /* !defined(OPENSSL_NO_OCSP) */ |