static bool SecCAIssuerRequestIssue(SecCAIssuerRequestRef request) {
while (request->issuerIX < CFArrayGetCount(request->issuers)) {
CFURLRef issuer = CFArrayGetValueAtIndex(request->issuers,
request->issuerIX++);
CFStringRef scheme = CFURLCopyScheme(issuer);
if (scheme) {
if (CFEqual(CFSTR("http"), scheme)) {
CFHTTPMessageRef msg = CFHTTPMessageCreateRequest(kCFAllocatorDefault,
CFSTR("GET"), issuer, kCFHTTPVersion1_1);
if (msg) {
secdebug("caissuer", "%@", msg);
bool done = asynchttp_request(msg, &request->http);
CFRelease(msg);
if (done == false) {
CFRelease(scheme);
return done;
}
}
secdebug("caissuer", "failed to get %@", issuer);
} else {
secdebug("caissuer", "skipping unsupported uri %@", issuer);
}
CFRelease(scheme);
}
}
/* No more issuers left to try, we're done. */
secdebug("caissuer", "no request issued");
request->callback(request->context, NULL);
SecCAIssuerRequestRelease(request);
return true;
}
bool asyncHttpPost(CFURLRef responder, CFDataRef requestData /* , bool force_nocache */ ,
asynchttp_t *http) {
bool result = true; /* True, we didn't schedule any work. */
/* resources to release on exit */
CFURLRef getURL = NULL;
/* Interesting tidbit from rfc5019
When sending requests that are less than or equal to 255 bytes in
total (after encoding) including the scheme and delimiters (http://),
server name and base64-encoded OCSPRequest structure, clients MUST
use the GET method (to enable OCSP response caching). OCSP requests
larger than 255 bytes SHOULD be submitted using the POST method.
Interesting tidbit from rfc2616:
Note: Servers ought to be cautious about depending on URI lengths
above 255 bytes, because some older client or proxy
implementations might not properly support these lengths.
Given the second note I'm assuming that the note in rfc5019 is about the
length of the URI, not the length of the entire HTTP request.
If we need to consider the entire request we need to have 17 bytes less, or
17 + 25 = 42 if we are appending a "Cache-Control: no-cache CRLF" header
field.
The 17 and 42 above are based on the request encoding from rfc2616
Method SP Request-URI SP HTTP-Version CRLF (header CRLF)* CRLF
so in our case it's:
GET SP URI SP HTTP/1.1 CRLF CRLF
17 + len(URI) bytes
or
GET SP URI SP HTTP/1.1 CRLF Cache-Control: SP no-cache CRLF CRLF
42 + len(URI) bytes
*/
/* First let's try creating a GET request. */
getURL = createGetURL(responder, requestData);
if (getURL && CFURLGetBytes(getURL, NULL, 0) < 256) {
/* Get URI is less than 256 bytes encoded, making it safe even for
older proxy or caching servers, so let's use HTTP GET. */
secdebug("http", "GET[%ld] %@", CFURLGetBytes(getURL, NULL, 0), getURL);
require_quiet(http->request = CFHTTPMessageCreateRequest(kCFAllocatorDefault,
CFSTR("GET"), getURL, kCFHTTPVersion1_1), errOut);
} else {
/* GET Request too big to ensure error free transmission, let's
create a HTTP POST http->request instead. */
secdebug("http", "POST %@ CRLF body", responder);
require_quiet(http->request = CFHTTPMessageCreateRequest(kCFAllocatorDefault,
CFSTR("POST"), responder, kCFHTTPVersion1_1), errOut);
/* Set the body and required header fields. */
CFHTTPMessageSetBody(http->request, requestData);
CFHTTPMessageSetHeaderFieldValue(http->request, kContentType,
kAppOcspRequest);
}
#if 0
if (force_nocache) {
CFHTTPMessageSetHeaderFieldValue(http->request, CFSTR("Cache-Control"),
CFSTR("no-cache"));
}
#endif
result = asynchttp_request(NULL, http);
errOut:
CFReleaseSafe(getURL);
return result;
}
