Changeset 1c3853a in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Jan 11, 2020, 3:30:40 PM (9 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master, proxy-ticket
Children:
1aad1d7
Parents:
08ba205
Message:

Minimal multi-staple implementation

Works, but has limitations:

  • Async OCSP updates are only done for the server (end entity) certificate.
  • The configuration requires there to be an OCSP URI in every certificate but the last one in the configured chain. If configuration for any certificate fails vhost configuration fails.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    r08ba205 r1c3853a  
    413413        {
    414414            gnutls_ocsp_data_st *resp =
    415                 apr_palloc(ctxt->c->pool, sizeof(gnutls_ocsp_data_st));
    416             resp->version = 0;
    417             resp->exptime = 0;
    418 
    419             int ret = mgs_get_ocsp_response(ctxt, ctxt->sc->ocsp[0],
    420                                             &resp->response);
    421             if (ret == GNUTLS_E_SUCCESS)
     415                apr_palloc(ctxt->c->pool,
     416                           sizeof(gnutls_ocsp_data_st)
     417                           * (ctxt->sc->certs_x509_chain_num - 1));
     418
     419            for (unsigned int i = 0; i < ctxt->sc->ocsp_num; i++)
    422420            {
    423                 *ocsp = resp;
    424                 *ocsp_length = 1;
     421                resp[i].version = 0;
     422                resp[i].exptime = 0;
     423
     424                int ret = mgs_get_ocsp_response(ctxt, ctxt->sc->ocsp[i],
     425                                                &resp[i].response);
     426                if (ret == GNUTLS_E_SUCCESS)
     427                {
     428                    ocsp[i] = resp;
     429                    *ocsp_length = i + 1;
     430                }
     431                else
     432                    break;
    425433            }
    426434        }
Note: See TracChangeset for help on using the changeset viewer.