mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

minor OCSP update

Browse Source 
1. When doing the HTTP transaction, use recv() and send().
2. When a cert doesn't have an Auth Info extension, and not using
   an override server, it is considered good.
3. decode_url() should return -1 in case of error.
4. When decoding HTTP response, process all the headers, skipping all
   of those that are not-processed.
This commit is contained in:
John Safranek 2013-05-24 17:23:07 -07:00
parent 616e4a66dd
commit 9753e46721
2 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/io.c
View File

@ -612,7 +612,6 @@ static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
/* Advance idx past the next \r\n */ /* Advance idx past the next \r\n */
char* end = XSTRSTR(&buf[idx], "\r\n"); char* end = XSTRSTR(&buf[idx], "\r\n");
idx = (int)(end - buf + 2); idx = (int)(end - buf + 2);
stop = 1;
} }
} }
} }
@ -629,6 +628,8 @@ static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
static int decode_url(const char* url, int urlSz, static int decode_url(const char* url, int urlSz,
char* outName, char* outPath, int* outPort) char* outName, char* outPath, int* outPort)
{ {
int result = -1;
if (outName != NULL && outPath != NULL && outPort != NULL) if (outName != NULL && outPath != NULL && outPort != NULL)
{ {
if (url == NULL || urlSz == 0) if (url == NULL || urlSz == 0)
@ -648,7 +649,8 @@ static int decode_url(const char* url, int urlSz,
} else cur = 0; } else cur = 0;
i = 0; i = 0;
while (url[cur] != 0 && url[cur] != ':' && url[cur] != '/') { while (url[cur] != 0 && url[cur] != ':' &&
url[cur] != '/' && cur < urlSz) {
outName[i++] = url[cur++]; outName[i++] = url[cur++];
} }
outName[i] = 0; outName[i] = 0;
@ -684,10 +686,11 @@ static int decode_url(const char* url, int urlSz,
outPath[0] = '/'; outPath[0] = '/';
outPath[1] = 0; outPath[1] = 0;
} }
result = 0;
} }
} }
return 0; return result;
} }
@ -732,11 +735,11 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
if ((tcp_connect(&sfd, domainName, port) == 0) && (sfd > 0)) { if ((tcp_connect(&sfd, domainName, port) == 0) && (sfd > 0)) {
int written; int written;
written = (int)write(sfd, httpBuf, httpBufSz); written = (int)send(sfd, httpBuf, httpBufSz, 0);
if (written == httpBufSz) { if (written == httpBufSz) {
written = (int)write(sfd, ocspReqBuf, ocspReqSz); written = (int)send(sfd, ocspReqBuf, ocspReqSz, 0);
if (written == ocspReqSz) { if (written == ocspReqSz) {
httpBufSz = (int)read(sfd, httpBuf, SCRATCH_BUFFER_SIZE); httpBufSz = (int)recv(sfd, httpBuf, SCRATCH_BUFFER_SIZE, 0);
if (httpBufSz > 0) { if (httpBufSz > 0) {
ocspRespSz = decode_http_response(httpBuf, httpBufSz, ocspRespSz = decode_http_response(httpBuf, httpBufSz,
ocspRespBuf); ocspRespBuf);

8
src/ocsp.c
View File

@ -275,7 +275,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
} }
} }
if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) { if (ocsp->useOverrideUrl) {
if (ocsp->overrideUrl[0] != '\0') { if (ocsp->overrideUrl[0] != '\0') {
url = ocsp->overrideUrl; url = ocsp->overrideUrl;
urlSz = (int)XSTRLEN(url); urlSz = (int)XSTRLEN(url);
@ -283,10 +283,14 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
else else
return OCSP_NEED_URL; return OCSP_NEED_URL;
} }
else { else if (cert->extAuthInfoSz == 0 || cert->extAuthInfo == NULL) {
url = (const char *)cert->extAuthInfo; url = (const char *)cert->extAuthInfo;
urlSz = cert->extAuthInfoSz; urlSz = cert->extAuthInfoSz;
} }
else {
CYASSL_MSG("\tcert doesn't have extAuthInfo, assuming CERT_GOOD");
return 0;
}
ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER); ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
if (ocspReqBuf == NULL) { if (ocspReqBuf == NULL) {