diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2019-10-30 23:39:35 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-02-10 16:49:37 +0100 |
| commit | 29f178bddfdbd11218fbcba0b8060297696968e3 (patch) | |
| tree | a44efcd919c122d9c6ff38c61b14676b002aa010 /crypto/x509 | |
| parent | bcbb30afe2ef51c7affaaa7ce4db67e26e7ff6b7 (diff) | |
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c
The new client has become an independent libcrpyto module in crypto/http/ and
* can handle any types of requests and responses (ASN.1-encoded and plain)
* does not include potentially busy loops when waiting for responses but
* makes use of a new timeout mechanism integrated with socket-based BIO
* supports the use of HTTP proxies and TLS, including HTTPS over proxies
* supports HTTP redirection via codes 301 and 302 for GET requests
* returns more useful diagnostics in various error situations
Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/,
crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10667)
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x_all.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 89940a0cc9..6a6748bad4 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -20,7 +20,7 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include "crypto/x509.h" -#include <openssl/ocsp.h> +#include <openssl/http.h> #include <openssl/rsa.h> #include <openssl/dsa.h> #include <openssl/x509v3.h> @@ -123,11 +123,21 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) &x->sig_alg, &x->signature, &x->cert_info, ctx); } -#ifndef OPENSSL_NO_OCSP -int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) +#if !defined(OPENSSL_NO_SOCK) +static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, + int timeout, const ASN1_ITEM *it) { - return OCSP_REQ_CTX_nbio_d2i(rctx, - (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); + return OSSL_HTTP_get_asn1(url, NULL, NULL /* no proxy and port */, bio, + rbio, NULL /* no callback for SSL/TLS */, NULL, + NULL /* headers */, 1024 /* maxline */, + 0 /* max_resp_len */, timeout, + NULL /* expected_content_type */, it); +} + +X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) +{ + return (X509 *)simple_get_asn1(url, bio, rbio, timeout, + ASN1_ITEM_rptr(X509)); } #endif @@ -159,12 +169,11 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) &x->crl, ctx); } -#ifndef OPENSSL_NO_OCSP -int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) +#if !defined(OPENSSL_NO_SOCK) +X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) { - return OCSP_REQ_CTX_nbio_d2i(rctx, - (ASN1_VALUE **)pcrl, - ASN1_ITEM_rptr(X509_CRL)); + return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout, + ASN1_ITEM_rptr(X509_CRL)); } #endif |