Changeset e798149 in mod_gnutls

Timestamp:

Jan 11, 2020, 10:40:09 AM (11 months ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

master, proxy-ticket

Children:

75f2d96

Parents:

bdd10be

git-author:

Fiona Klute <fiona.klute@…> (01/11/20 10:33:11)

git-committer:

Fiona Klute <fiona.klute@…> (01/11/20 10:40:09)

Message:

do_ocsp_request: Require responder URI

This method just handles a binary request and response pair, it
doesn't need additional data. With this change it can be used for any
certificate.

File:

• src/gnutls_ocsp.c (modified) (8 diffs)

src/gnutls_ocsp.c

@@ -473 +473 @@
 
 static apr_status_t do_ocsp_request(apr_pool_t *p, server_rec *s,
+                                    apr_uri_t *uri,
                                     gnutls_datum_t *request,
                                     gnutls_datum_t *response)
     __attribute__((nonnull));
 static apr_status_t do_ocsp_request(apr_pool_t *p, server_rec *s,
+                                    apr_uri_t *uri,
                                     gnutls_datum_t *request,
                                     gnutls_datum_t *response)
@@ -483 +485 @@
         ap_get_module_config(s->module_config, &gnutls_module);
 
-    if (apr_strnatcmp(sc->ocsp->uri->scheme, "http"))
+    if (apr_strnatcmp(uri->scheme, "http"))
     {
         ap_log_error(APLOG_MARK, APLOG_ERR, APR_EGENERAL, s,
                      "Scheme \"%s\" is not supported for OCSP requests!",
-                     sc->ocsp->uri->scheme);
+                     uri->scheme);
         return APR_EINVAL;
     }
 
-    const char* header = http_post_header(p, sc->ocsp->uri,
+    const char* header = http_post_header(p, uri,
                                           OCSP_REQ_TYPE, OCSP_RESP_TYPE,
                                           request->size);
@@ -498 +500 @@
 
     /* Find correct port */
-    apr_port_t port = sc->ocsp->uri->port ?
-        sc->ocsp->uri->port : apr_uri_port_of_scheme(sc->ocsp->uri->scheme);
+    apr_port_t port = uri->port ?
+        uri->port : apr_uri_port_of_scheme(uri->scheme);
 
     apr_sockaddr_t *sa;
-    apr_status_t rv = apr_sockaddr_info_get(&sa, sc->ocsp->uri->hostname,
+    apr_status_t rv = apr_sockaddr_info_get(&sa, uri->hostname,
                                             APR_UNSPEC, port, 0, p);
     if (rv != APR_SUCCESS)
@@ -508 +510 @@
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "Address resolution for OCSP responder %s failed.",
-                     sc->ocsp->uri->hostinfo);
+                     uri->hostinfo);
     }
 
@@ -535 +537 @@
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "Connecting to OCSP responder %s failed.",
-                     sc->ocsp->uri->hostinfo);
+                     uri->hostinfo);
         return rv;
     }
@@ -570 +572 @@
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "Invalid HTTP response status from %s: %s",
-                     sc->ocsp->uri->hostinfo, h);
+                     uri->hostinfo, h);
         rv = APR_ECONNRESET;
         goto exit;
@@ -587 +589 @@
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "Error while reading HTTP response header from %s",
-                     sc->ocsp->uri->hostinfo);
+                     uri->hostinfo);
         rv = APR_ECONNRESET;
         goto exit;
@@ -704 +706 @@
         }
 
-        rv = do_ocsp_request(tmp, s, &req, &resp);
+        rv = do_ocsp_request(tmp, s, sc->ocsp->uri, &req, &resp);
         gnutls_free(req.data);
         if (rv != APR_SUCCESS)