Changeset a8374f7 in mod_gnutls

Timestamp:

Jan 11, 2020, 9:51:53 AM (8 months ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

master, proxy-ticket

Children:

bdd10be

Parents:

20a3915

Message:

Keep a reference to the certificate with OCSP data

When implementing multi-staple there will be a bunch of OCSP data
structures per virtual host. This will make it possible to handle
these without complex algorithms to connect certificate index with
OCSP data.

Location:

src

Files:

• gnutls_ocsp.c (modified) (1 diff)
• gnutls_ocsp.h (modified) (1 diff)

src/gnutls_ocsp.c

@@ -1116 +1116 @@
     mgs_ocsp_data_t ocsp = apr_palloc(pconf, sizeof(struct mgs_ocsp_data));
 
-    ocsp->uri = mgs_cert_get_ocsp_uri(pconf,
-                                      sc->certs_x509_crt_chain[0]);
+    ocsp->cert = sc->certs_x509_crt_chain[0];
+    ocsp->uri = mgs_cert_get_ocsp_uri(pconf, ocsp->cert);
     if (ocsp->uri == NULL && sc->ocsp_response_file == NULL)
         return "No OCSP URI in the certificate nor a GnuTLSOCSPResponseFile "

src/gnutls_ocsp.h

@@ -40 +40 @@
  */
 struct mgs_ocsp_data {
-    /** OCSP URI extracted from the server certificate. NULL if
-     * unset. */
+    /** The certificate the following elements refer to. */
+    gnutls_x509_crt_t cert;
+    /** OCSP URI extracted from the certificate. NULL if unset. */
     apr_uri_t *uri;
     /** Trust list to verify OCSP responses for stapling. Should
-     * usually only contain the CA that signed the server
-     * certificate. */
+     * usually only contain the CA that signed the certificate. */
     gnutls_x509_trust_list_t *trust;
-    /** Server certificate fingerprint, used as cache key for the OCSP
-     * response */
+    /** Certificate fingerprint, used as cache key for the OCSP
+     * response. */
     gnutls_datum_t fingerprint;
 };