minor OCSP update

1. When doing the HTTP transaction, use recv() and send(). 2. When a cert doesn't have an Auth Info extension, and not using an override server, it is considered good. 3. decode_url() should return -1 in case of error. 4. When decoding HTTP response, process all the headers, skipping all of those that are not-processed.
2013-05-24 17:23:07 -07:00 · 2013-05-24 17:23:07 -07:00 · 9753e46721
commit 9753e46721
parent 616e4a66dd
2 changed files with 15 additions and 8 deletions
--- a/src/io.c
+++ b/src/io.c
@ -612,7 +612,6 @@ static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
                /* Advance idx past the next \r\n */
                char* end = XSTRSTR(&buf[idx], "\r\n");
                idx = (int)(end - buf + 2);
-                stop = 1;
            }
        }
    }
@ -629,6 +628,8 @@ static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
 static int decode_url(const char* url, int urlSz,
    char* outName, char* outPath, int* outPort)
 {
+    int result = -1;
+
    if (outName != NULL && outPath != NULL && outPort != NULL)
    {
        if (url == NULL || urlSz == 0)
@ -648,7 +649,8 @@ static int decode_url(const char* url, int urlSz,
            } else cur = 0;
    
            i = 0;
-            while (url[cur] != 0 && url[cur] != ':' && url[cur] != '/') {
+            while (url[cur] != 0 && url[cur] != ':' &&
+                                               url[cur] != '/' && cur < urlSz) {
                outName[i++] = url[cur++];
            }
            outName[i] = 0;
@ -684,10 +686,11 @@ static int decode_url(const char* url, int urlSz,
                outPath[0] = '/';
                outPath[1] = 0;
            }
+            result = 0;
        }
    }

-    return 0;
+    return result;
 }


@ -732,11 +735,11 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,

    if ((tcp_connect(&sfd, domainName, port) == 0) && (sfd > 0)) {
        int written;
-        written = (int)write(sfd, httpBuf, httpBufSz);
+        written = (int)send(sfd, httpBuf, httpBufSz, 0);
        if (written == httpBufSz) {
-            written = (int)write(sfd, ocspReqBuf, ocspReqSz);
+            written = (int)send(sfd, ocspReqBuf, ocspReqSz, 0);
            if (written == ocspReqSz) {
-                httpBufSz = (int)read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
+                httpBufSz = (int)recv(sfd, httpBuf, SCRATCH_BUFFER_SIZE, 0);
                if (httpBufSz > 0) {
                    ocspRespSz = decode_http_response(httpBuf, httpBufSz,
                        ocspRespBuf);
--- a/src/ocsp.c
+++ b/src/ocsp.c
@ -275,7 +275,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
        }
    }

-    if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) {
+    if (ocsp->useOverrideUrl) {
        if (ocsp->overrideUrl[0] != '\0') {
            url = ocsp->overrideUrl;
            urlSz = (int)XSTRLEN(url);
@ -283,10 +283,14 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
        else
            return OCSP_NEED_URL;
    }
-    else {
+    else if (cert->extAuthInfoSz == 0 || cert->extAuthInfo == NULL) {
        url = (const char *)cert->extAuthInfo;
        urlSz = cert->extAuthInfoSz;
    }
+    else {
+        CYASSL_MSG("\tcert doesn't have extAuthInfo, assuming CERT_GOOD");
+        return 0;
+    }

    ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
    if (ocspReqBuf == NULL) {