- Timestamp:
- Jun 10, 2016, 8:19:20 PM (6 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- a372379
- Parents:
- 6b89353
- Location:
- src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_config.c
r6b89353 rcc74801e 980 980 981 981 sc->ocsp_response_file = NULL; 982 sc->ocsp_uri = NULL;983 982 sc->ocsp_mutex = NULL; 984 sc->ocsp_trust = NULL;985 983 sc->ocsp_grace_time = apr_time_from_sec(MGS_GRACE_TIME); 986 984 … … 1042 1040 1043 1041 gnutls_srvconf_assign(ocsp_response_file); 1044 gnutls_srvconf_assign(ocsp_uri);1045 gnutls_srvconf_assign(ocsp_trust);1046 1042 gnutls_srvconf_merge(ocsp_grace_time, apr_time_from_sec(MGS_GRACE_TIME)); 1047 1043 -
src/gnutls_hooks.c
r6b89353 rcc74801e 402 402 403 403 sc->ocsp_mutex = sc_base->ocsp_mutex; 404 /* init OCSP trust listif OCSP is enabled for this host */404 /* init OCSP configuration if OCSP is enabled for this host */ 405 405 if (sc->ocsp_response_file != NULL) 406 406 { -
src/gnutls_ocsp.c
r6b89353 rcc74801e 91 91 ap_get_module_config(s->module_config, &gnutls_module); 92 92 93 if (sc->ocsp _trust == NULL)93 if (sc->ocsp->trust == NULL) 94 94 { 95 95 ap_log_error(APLOG_MARK, APLOG_ERR, APR_EGENERAL, s, … … 127 127 128 128 unsigned int verify; 129 ret = gnutls_ocsp_resp_verify(resp, *(sc->ocsp _trust), &verify, 0);129 ret = gnutls_ocsp_resp_verify(resp, *(sc->ocsp->trust), &verify, 0); 130 130 if (ret != GNUTLS_E_SUCCESS) 131 131 { … … 253 253 254 254 255 /* TODO: fetch response from sc->ocsp _uri */255 /* TODO: fetch response from sc->ocsp->uri */ 256 256 apr_status_t mgs_cache_ocsp_response(server_rec *s) 257 257 { … … 532 532 } 533 533 534 sc->ocsp_uri = mgs_cert_get_ocsp_uri(pconf, sc->certs_x509_crt_chain[0]); 535 536 sc->ocsp_trust = apr_palloc(pconf, 537 sizeof(gnutls_x509_trust_list_t)); 534 sc->ocsp = apr_palloc(pconf, sizeof(struct mgs_ocsp_data)); 535 536 sc->ocsp->uri = mgs_cert_get_ocsp_uri(pconf, 537 sc->certs_x509_crt_chain[0]); 538 539 sc->ocsp->trust = apr_palloc(pconf, 540 sizeof(gnutls_x509_trust_list_t)); 538 541 /* Only the direct issuer may sign the OCSP response or an OCSP 539 542 * signer. */ 540 int ret = mgs_create_ocsp_trust_list(sc->ocsp _trust,543 int ret = mgs_create_ocsp_trust_list(sc->ocsp->trust, 541 544 &(sc->certs_x509_crt_chain[1]), 542 545 1); … … 549 552 } 550 553 /* deinit trust list when the config pool is destroyed */ 551 apr_pool_cleanup_register(pconf, sc->ocsp _trust,554 apr_pool_cleanup_register(pconf, sc->ocsp->trust, 552 555 mgs_cleanup_trust_list, 553 556 apr_pool_cleanup_null); -
src/gnutls_ocsp.h
r6b89353 rcc74801e 24 24 25 25 #define MGS_OCSP_MUTEX_NAME "gnutls-ocsp" 26 27 /** 28 * Vhost specific OCSP data structure 29 */ 30 struct mgs_ocsp_data { 31 /* OCSP URI extracted from the server certificate. NULL if 32 * unset. */ 33 apr_uri_t *uri; 34 /* Trust list to verify OCSP responses for stapling. Should 35 * usually only contain the CA that signed the server 36 * certificate. */ 37 gnutls_x509_trust_list_t *trust; 38 }; 26 39 27 40 const char *mgs_store_ocsp_response_path(cmd_parms * parms,
Note: See TracChangeset
for help on using the changeset viewer.