Changeset a372379 in mod_gnutls
- Timestamp:
- Jun 10, 2016, 8:26:50 PM (6 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- 6c44ed2
- Parents:
- cc74801e
- Location:
- src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
rcc74801e ra372379 275 275 } 276 276 277 /* the fingerprint will be used as cache key */278 gnutls_datum_t fingerprint =279 mgs_get_cert_fingerprint(tmp, sc->certs_x509_crt_chain[0]);280 if (fingerprint.data == NULL)281 return APR_EINVAL;282 283 277 ap_log_error(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, s, 284 278 "Loading OCSP response from %s", … … 334 328 expiry -= sc->ocsp_grace_time; 335 329 336 int r = sc->cache->store(s, fingerprint, resp, expiry);330 int r = sc->cache->store(s, sc->ocsp->fingerprint, resp, expiry); 337 331 /* destroy pool, and original copy of the OCSP response with it */ 338 332 apr_pool_destroy(tmp); … … 359 353 } 360 354 361 gnutls_datum_t fingerprint = 362 mgs_get_cert_fingerprint(ctxt->c->pool, 363 ctxt->sc->certs_x509_crt_chain[0]); 364 if (fingerprint.data == NULL) 365 return GNUTLS_E_NO_CERTIFICATE_STATUS; 366 367 *ocsp_response = ctxt->sc->cache->fetch(ctxt, fingerprint); 355 *ocsp_response = ctxt->sc->cache->fetch(ctxt, 356 ctxt->sc->ocsp->fingerprint); 368 357 if (ocsp_response->size == 0) 369 358 { … … 392 381 * moment there's no good way to integrate that with the 393 382 * Apache Mutex directive. */ 394 *ocsp_response = ctxt->sc->cache->fetch(ctxt, fingerprint); 383 *ocsp_response = ctxt->sc->cache->fetch(ctxt, 384 ctxt->sc->ocsp->fingerprint); 395 385 if (ocsp_response->size > 0) 396 386 { … … 417 407 418 408 /* retry reading from cache */ 419 *ocsp_response = ctxt->sc->cache->fetch(ctxt, fingerprint); 409 *ocsp_response = ctxt->sc->cache->fetch(ctxt, 410 ctxt->sc->ocsp->fingerprint); 420 411 if (ocsp_response->size == 0) 421 412 { … … 534 525 sc->ocsp = apr_palloc(pconf, sizeof(struct mgs_ocsp_data)); 535 526 527 sc->ocsp->fingerprint = 528 mgs_get_cert_fingerprint(pconf, sc->certs_x509_crt_chain[0]); 529 if (sc->ocsp->fingerprint.data == NULL) 530 return HTTP_INTERNAL_SERVER_ERROR; 531 536 532 sc->ocsp->uri = mgs_cert_get_ocsp_uri(pconf, 537 533 sc->certs_x509_crt_chain[0]); -
src/gnutls_ocsp.h
rcc74801e ra372379 36 36 * certificate. */ 37 37 gnutls_x509_trust_list_t *trust; 38 /* Server certificate fingerprint, used as cache key for the OCSP 39 * response */ 40 gnutls_datum_t fingerprint; 38 41 }; 39 42
Note: See TracChangeset
for help on using the changeset viewer.