static bool SecCAIssuerRequestIssue(SecCAIssuerRequestRef request) { while (request->issuerIX < CFArrayGetCount(request->issuers)) { CFURLRef issuer = CFArrayGetValueAtIndex(request->issuers, request->issuerIX++); CFStringRef scheme = CFURLCopyScheme(issuer); if (scheme) { if (CFEqual(CFSTR("http"), scheme)) { CFHTTPMessageRef msg = CFHTTPMessageCreateRequest(kCFAllocatorDefault, CFSTR("GET"), issuer, kCFHTTPVersion1_1); if (msg) { secdebug("caissuer", "%@", msg); bool done = asynchttp_request(msg, &request->http); CFRelease(msg); if (done == false) { CFRelease(scheme); return done; } } secdebug("caissuer", "failed to get %@", issuer); } else { secdebug("caissuer", "skipping unsupported uri %@", issuer); } CFRelease(scheme); } } /* No more issuers left to try, we're done. */ secdebug("caissuer", "no request issued"); request->callback(request->context, NULL); SecCAIssuerRequestRelease(request); return true; }
bool asyncHttpPost(CFURLRef responder, CFDataRef requestData /* , bool force_nocache */ , asynchttp_t *http) { bool result = true; /* True, we didn't schedule any work. */ /* resources to release on exit */ CFURLRef getURL = NULL; /* Interesting tidbit from rfc5019 When sending requests that are less than or equal to 255 bytes in total (after encoding) including the scheme and delimiters (http://), server name and base64-encoded OCSPRequest structure, clients MUST use the GET method (to enable OCSP response caching). OCSP requests larger than 255 bytes SHOULD be submitted using the POST method. Interesting tidbit from rfc2616: Note: Servers ought to be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations might not properly support these lengths. Given the second note I'm assuming that the note in rfc5019 is about the length of the URI, not the length of the entire HTTP request. If we need to consider the entire request we need to have 17 bytes less, or 17 + 25 = 42 if we are appending a "Cache-Control: no-cache CRLF" header field. The 17 and 42 above are based on the request encoding from rfc2616 Method SP Request-URI SP HTTP-Version CRLF (header CRLF)* CRLF so in our case it's: GET SP URI SP HTTP/1.1 CRLF CRLF 17 + len(URI) bytes or GET SP URI SP HTTP/1.1 CRLF Cache-Control: SP no-cache CRLF CRLF 42 + len(URI) bytes */ /* First let's try creating a GET request. */ getURL = createGetURL(responder, requestData); if (getURL && CFURLGetBytes(getURL, NULL, 0) < 256) { /* Get URI is less than 256 bytes encoded, making it safe even for older proxy or caching servers, so let's use HTTP GET. */ secdebug("http", "GET[%ld] %@", CFURLGetBytes(getURL, NULL, 0), getURL); require_quiet(http->request = CFHTTPMessageCreateRequest(kCFAllocatorDefault, CFSTR("GET"), getURL, kCFHTTPVersion1_1), errOut); } else { /* GET Request too big to ensure error free transmission, let's create a HTTP POST http->request instead. */ secdebug("http", "POST %@ CRLF body", responder); require_quiet(http->request = CFHTTPMessageCreateRequest(kCFAllocatorDefault, CFSTR("POST"), responder, kCFHTTPVersion1_1), errOut); /* Set the body and required header fields. */ CFHTTPMessageSetBody(http->request, requestData); CFHTTPMessageSetHeaderFieldValue(http->request, kContentType, kAppOcspRequest); } #if 0 if (force_nocache) { CFHTTPMessageSetHeaderFieldValue(http->request, CFSTR("Cache-Control"), CFSTR("no-cache")); } #endif result = asynchttp_request(NULL, http); errOut: CFReleaseSafe(getURL); return result; }