Changeset 1c3853a in mod_gnutls for src/gnutls_ocsp.c
- Timestamp:
- Jan 11, 2020, 3:30:40 PM (3 years ago)
- Branches:
- asyncio, master, proxy-ticket
- Children:
- 1aad1d7
- Parents:
- 08ba205
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
r08ba205 r1c3853a 1150 1150 1151 1151 /* array for ocsp data, currently size 1 */ 1152 sc->ocsp = apr_palloc(pconf, sizeof(mgs_ocsp_data_t)); 1153 1154 mgs_ocsp_data_t ocsp = apr_palloc(pconf, sizeof(struct mgs_ocsp_data)); 1155 1156 ocsp->cert = sc->certs_x509_crt_chain[0]; 1157 1158 ocsp->uri = mgs_cert_get_ocsp_uri(pconf, ocsp->cert); 1159 if (ocsp->uri == NULL && sc->ocsp_response_file == NULL) 1160 return "No OCSP URI in the certificate nor a GnuTLSOCSPResponseFile " 1161 "setting, cannot configure OCSP stapling."; 1162 1163 ocsp->fingerprint = 1164 mgs_get_cert_fingerprint(pconf, sc->certs_x509_crt_chain[0]); 1165 if (ocsp->fingerprint.data == NULL) 1166 return "Could not read fingerprint from certificate!"; 1167 1168 ocsp->trust = apr_palloc(pconf, 1169 sizeof(gnutls_x509_trust_list_t)); 1170 /* Only the direct issuer may sign the OCSP response or an OCSP 1171 * signer. */ 1172 int ret = mgs_create_ocsp_trust_list(ocsp->trust, 1173 &(sc->certs_x509_crt_chain[1]), 1174 1); 1175 if (ret != GNUTLS_E_SUCCESS) 1176 { 1177 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, server, 1178 "Could not create OCSP trust list: %s (%d)", 1179 gnutls_strerror(ret), ret); 1180 return "Could not build trust list for OCSP stapling!"; 1181 } 1182 /* deinit trust list when the config pool is destroyed */ 1183 apr_pool_cleanup_register(pconf, ocsp->trust, 1184 mgs_cleanup_trust_list, 1185 apr_pool_cleanup_null); 1186 1187 sc->ocsp[0] = ocsp; 1152 sc->ocsp = apr_palloc(pconf, sizeof(mgs_ocsp_data_t) * (sc->certs_x509_chain_num - 1)); 1153 1154 for (unsigned int i = 0; i < (sc->certs_x509_chain_num - 1); i++) 1155 { 1156 mgs_ocsp_data_t ocsp = apr_palloc(pconf, sizeof(struct mgs_ocsp_data)); 1157 1158 ocsp->cert = sc->certs_x509_crt_chain[i]; 1159 1160 ocsp->uri = mgs_cert_get_ocsp_uri(pconf, ocsp->cert); 1161 if (ocsp->uri == NULL && sc->ocsp_response_file == NULL) 1162 return "No OCSP URI in the certificate nor a " 1163 "GnuTLSOCSPResponseFile setting, cannot configure " 1164 "OCSP stapling."; 1165 1166 ocsp->fingerprint = 1167 mgs_get_cert_fingerprint(pconf, sc->certs_x509_crt_chain[i]); 1168 if (ocsp->fingerprint.data == NULL) 1169 return "Could not read fingerprint from certificate!"; 1170 1171 ocsp->trust = apr_palloc(pconf, 1172 sizeof(gnutls_x509_trust_list_t)); 1173 /* Only the direct issuer may sign the OCSP response or an 1174 * OCSP signer. */ 1175 int ret = mgs_create_ocsp_trust_list(ocsp->trust, 1176 &(sc->certs_x509_crt_chain[i+1]), 1177 1); 1178 if (ret != GNUTLS_E_SUCCESS) 1179 { 1180 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, server, 1181 "Could not create OCSP trust list: %s (%d)", 1182 gnutls_strerror(ret), ret); 1183 return "Could not build trust list for OCSP stapling!"; 1184 } 1185 /* deinit trust list when the config pool is destroyed */ 1186 apr_pool_cleanup_register(pconf, ocsp->trust, 1187 mgs_cleanup_trust_list, 1188 apr_pool_cleanup_null); 1189 1190 sc->ocsp[i] = ocsp; 1191 sc->ocsp_num = i + 1; 1192 } 1188 1193 return NULL; 1189 1194 }
Note: See TracChangeset
for help on using the changeset viewer.