Changeset a8374f7 in mod_gnutls


Ignore:
Timestamp:
Jan 11, 2020, 9:51:53 AM (8 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master, proxy-ticket
Children:
bdd10be
Parents:
20a3915
Message:

Keep a reference to the certificate with OCSP data

When implementing multi-staple there will be a bunch of OCSP data
structures per virtual host. This will make it possible to handle
these without complex algorithms to connect certificate index with
OCSP data.

Location:
src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_ocsp.c

    r20a3915 ra8374f7  
    11161116    mgs_ocsp_data_t ocsp = apr_palloc(pconf, sizeof(struct mgs_ocsp_data));
    11171117
    1118     ocsp->uri = mgs_cert_get_ocsp_uri(pconf,
    1119                                       sc->certs_x509_crt_chain[0]);
     1118    ocsp->cert = sc->certs_x509_crt_chain[0];
     1119    ocsp->uri = mgs_cert_get_ocsp_uri(pconf, ocsp->cert);
    11201120    if (ocsp->uri == NULL && sc->ocsp_response_file == NULL)
    11211121        return "No OCSP URI in the certificate nor a GnuTLSOCSPResponseFile "
  • src/gnutls_ocsp.h

    r20a3915 ra8374f7  
    4040 */
    4141struct mgs_ocsp_data {
    42     /** OCSP URI extracted from the server certificate. NULL if
    43      * unset. */
     42    /** The certificate the following elements refer to. */
     43    gnutls_x509_crt_t cert;
     44    /** OCSP URI extracted from the certificate. NULL if unset. */
    4445    apr_uri_t *uri;
    4546    /** Trust list to verify OCSP responses for stapling. Should
    46      * usually only contain the CA that signed the server
    47      * certificate. */
     47     * usually only contain the CA that signed the certificate. */
    4848    gnutls_x509_trust_list_t *trust;
    49     /** Server certificate fingerprint, used as cache key for the OCSP
    50      * response */
     49    /** Certificate fingerprint, used as cache key for the OCSP
     50     * response. */
    5151    gnutls_datum_t fingerprint;
    5252};
Note: See TracChangeset for help on using the changeset viewer.