/** * Try to fetch the crls defined by the fetch requests */ static void fetch_crls(bool cache_crls) { fetch_req_t *req; fetch_req_t **reqp; lock_crl_fetch_list("fetch_crls"); req = crl_fetch_reqs; reqp = &crl_fetch_reqs; while (req != NULL) { enumerator_t *enumerator; char *point; bool valid_crl = FALSE; const char *ldaphost; ca_info_t *ca; lock_ca_info_list("fetch_crls"); ca = get_ca_info(req->issuer, req->authKeyID); ldaphost = (ca == NULL)? NULL : ca->ldaphost; enumerator = req->distributionPoints->create_enumerator(req->distributionPoints); while (enumerator->enumerate(enumerator, &point)) { x509crl_t *crl; char *uri; uri = complete_uri(point, ldaphost); crl = fetch_crl(uri); free(uri); if (crl) { if (insert_crl(crl, point, cache_crls)) { DBG(DBG_CONTROL, DBG_log("we have a valid crl") ) valid_crl = TRUE; break; } } } enumerator->destroy(enumerator); unlock_ca_info_list("fetch_crls"); if (valid_crl) { /* delete fetch request */ fetch_req_t *req_free = req; req = req->next; *reqp = req; free_fetch_request(req_free); } else { /* try again next time */ req->trials++; reqp = &req->next; req = req->next; } } unlock_crl_fetch_list("fetch_crls"); }
/* * Build an ocsp location from certificate information * without unsharing its contents */ static bool build_ocsp_location(const cert_t *cert, ocsp_location_t *location) { certificate_t *certificate = cert->cert; identification_t *issuer = certificate->get_issuer(certificate); x509_t *x509 = (x509_t*)certificate; chunk_t issuer_dn = issuer->get_encoding(issuer); chunk_t authKeyID = x509->get_authKeyIdentifier(x509); hasher_t *hasher; static u_char digest[HASH_SIZE_SHA1]; /* temporary storage */ enumerator_t *enumerator = x509->create_ocsp_uri_enumerator(x509); location->uri = NULL; while (enumerator->enumerate(enumerator, &location->uri)) { break; } enumerator->destroy(enumerator); if (location->uri == NULL) { ca_info_t *ca = get_ca_info(issuer, authKeyID); if (ca && ca->ocspuri) { location->uri = ca->ocspuri; } else { /* abort if no ocsp location uri is defined */ return FALSE; } } /* compute authNameID from as SHA-1 hash of issuer DN */ location->authNameID = chunk_create(digest, HASH_SIZE_SHA1); hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { return FALSE; } hasher->get_hash(hasher, issuer_dn, digest); hasher->destroy(hasher); location->next = NULL; location->issuer = issuer; location->authKeyID = authKeyID; if (authKeyID.ptr == NULL) { cert_t *authcert = get_authcert(issuer, authKeyID, X509_CA); if (authcert) { x509_t *x509 = (x509_t*)authcert->cert; location->authKeyID = x509->get_subjectKeyIdentifier(x509); } } location->nonce = chunk_empty; location->certinfo = NULL; return TRUE; }