Add HTTP GET support to OCSP server
Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Rich Salz
parent
db4c08f019
commit
995101d654
2 changed files with 51 additions and 3 deletions
3
CHANGES
3
CHANGES
|
|
@ -4,6 +4,9 @@
|
|||
|
||||
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
|
||||
|
||||
*) Added HTTP GET support to the ocsp command.
|
||||
[Rich Salz]
|
||||
|
||||
*) RAND_pseudo_bytes has been deprecated. Users should use RAND bytes instead.
|
||||
|
||||
*) Added support for TLS extended master secret from
|
||||
|
|
|
|||
51
apps/ocsp.c
51
apps/ocsp.c
|
|
@ -1043,13 +1043,32 @@ static BIO *init_responder(const char *port)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static char *urldecode(char *p)
|
||||
{
|
||||
unsigned char *out = (unsigned char *)p;
|
||||
char *save = p;
|
||||
|
||||
for (; *p; p++) {
|
||||
if (*p != '%')
|
||||
*out++ = *p;
|
||||
else if (p[1] && p[2]) {
|
||||
*out++ = (app_hex(p[1]) << 4) | app_hex(p[2]);
|
||||
p += 2;
|
||||
}
|
||||
}
|
||||
*p = '\0';
|
||||
return save;
|
||||
}
|
||||
|
||||
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
|
||||
const char *port)
|
||||
{
|
||||
int len;
|
||||
OCSP_REQUEST *req = NULL;
|
||||
char inbuf[2048];
|
||||
BIO *cbio = NULL;
|
||||
char *p, *q;
|
||||
BIO *cbio = NULL, *getbio = NULL, *b64 = NULL;
|
||||
|
||||
if (BIO_do_accept(acbio) <= 0) {
|
||||
BIO_printf(bio_err, "Error accepting connection\n");
|
||||
|
|
@ -1064,7 +1083,29 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
|
|||
len = BIO_gets(cbio, inbuf, sizeof inbuf);
|
||||
if (len <= 0)
|
||||
return 1;
|
||||
if (strncmp(inbuf, "POST", 4) != 0) {
|
||||
if (strncmp(inbuf, "GET", 3) == 0) {
|
||||
/* Expecting GET {sp} /URL {sp} HTTP/1.x */
|
||||
for (p = inbuf + 3; *p == ' ' || *p == '\t'; ++p)
|
||||
continue;
|
||||
if (*p) {
|
||||
/* Move past the slash before the URL part. */
|
||||
p++;
|
||||
}
|
||||
/* Splice off the HTTP version identifier. */
|
||||
for (q = p; *q; q++)
|
||||
if (*q == ' ' || *q == '\t')
|
||||
break;
|
||||
if (*q == '\0') {
|
||||
BIO_printf(bio_err, "Invalid request\n");
|
||||
return 1;
|
||||
}
|
||||
*q = '\0';
|
||||
p = urldecode(p);
|
||||
getbio = BIO_new_mem_buf(p, strlen(p));
|
||||
b64 = BIO_new(BIO_f_base64());
|
||||
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
|
||||
getbio = BIO_push(b64, getbio);
|
||||
} else if (strncmp(inbuf, "POST", 4) != 0) {
|
||||
BIO_printf(bio_err, "Invalid request\n");
|
||||
return 1;
|
||||
}
|
||||
|
|
@ -1078,7 +1119,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
|
|||
}
|
||||
|
||||
/* Try to read OCSP request */
|
||||
req = d2i_OCSP_REQUEST_bio(cbio, NULL);
|
||||
if (getbio) {
|
||||
req = d2i_OCSP_REQUEST_bio(getbio, NULL);
|
||||
BIO_free_all(getbio);
|
||||
} else
|
||||
req = d2i_OCSP_REQUEST_bio(cbio, NULL);
|
||||
|
||||
if (!req) {
|
||||
BIO_printf(bio_err, "Error parsing OCSP request\n");
|
||||
|
|
|
|||
Loading…
Reference in a new issue