- Timestamp:
- Jan 11, 2020, 12:05:52 PM (13 months ago)
- Branches:
- asyncio, master, proxy-ticket
- Children:
- 08ba205
- Parents:
- de9b100
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
rde9b100 r4e60dd8 1152 1152 1153 1153 ocsp->cert = sc->certs_x509_crt_chain[0]; 1154 1154 1155 ocsp->uri = mgs_cert_get_ocsp_uri(pconf, ocsp->cert); 1155 1156 if (ocsp->uri == NULL && sc->ocsp_response_file == NULL) 1156 1157 return "No OCSP URI in the certificate nor a GnuTLSOCSPResponseFile " 1157 1158 "setting, cannot configure OCSP stapling."; 1159 1160 ocsp->fingerprint = 1161 mgs_get_cert_fingerprint(pconf, sc->certs_x509_crt_chain[0]); 1162 if (ocsp->fingerprint.data == NULL) 1163 return "Could not read fingerprint from certificate!"; 1164 1165 ocsp->trust = apr_palloc(pconf, 1166 sizeof(gnutls_x509_trust_list_t)); 1167 /* Only the direct issuer may sign the OCSP response or an OCSP 1168 * signer. */ 1169 int ret = mgs_create_ocsp_trust_list(ocsp->trust, 1170 &(sc->certs_x509_crt_chain[1]), 1171 1); 1172 if (ret != GNUTLS_E_SUCCESS) 1173 { 1174 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, server, 1175 "Could not create OCSP trust list: %s (%d)", 1176 gnutls_strerror(ret), ret); 1177 return "Could not build trust list for OCSP stapling!"; 1178 } 1179 /* deinit trust list when the config pool is destroyed */ 1180 apr_pool_cleanup_register(pconf, ocsp->trust, 1181 mgs_cleanup_trust_list, 1182 apr_pool_cleanup_null); 1158 1183 1159 1184 sc->ocsp = ocsp; … … 1168 1193 * to denote an error. 1169 1194 */ 1170 int mgs_ocsp_enable_stapling(apr_pool_t *pconf ,1195 int mgs_ocsp_enable_stapling(apr_pool_t *pconf __attribute__((unused)), 1171 1196 apr_pool_t *ptemp __attribute__((unused)), 1172 1197 server_rec *server) … … 1219 1244 } 1220 1245 1221 sc->ocsp->fingerprint =1222 mgs_get_cert_fingerprint(pconf, sc->certs_x509_crt_chain[0]);1223 if (sc->ocsp->fingerprint.data == NULL)1224 return HTTP_INTERNAL_SERVER_ERROR;1225 1226 sc->ocsp->trust = apr_palloc(pconf,1227 sizeof(gnutls_x509_trust_list_t));1228 /* Only the direct issuer may sign the OCSP response or an OCSP1229 * signer. */1230 int ret = mgs_create_ocsp_trust_list(sc->ocsp->trust,1231 &(sc->certs_x509_crt_chain[1]),1232 1);1233 if (ret != GNUTLS_E_SUCCESS)1234 {1235 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, server,1236 "Could not create OCSP trust list: %s (%d)",1237 gnutls_strerror(ret), ret);1238 return HTTP_INTERNAL_SERVER_ERROR;1239 }1240 /* deinit trust list when the config pool is destroyed */1241 apr_pool_cleanup_register(pconf, sc->ocsp->trust,1242 mgs_cleanup_trust_list,1243 apr_pool_cleanup_null);1244 1245 1246 /* The watchdog structure may be NULL if mod_watchdog is 1246 1247 * unavailable. */
Note: See TracChangeset
for help on using the changeset viewer.