static void
ngx_ssl_ocsp_request(ngx_ssl_ocsp_ctx_t *ctx)
{
ngx_resolver_ctx_t *resolve, temp;
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
"ssl ocsp request");
if (ngx_ssl_ocsp_create_request(ctx) != NGX_OK) {
ngx_ssl_ocsp_error(ctx);
return;
}
if (ctx->resolver) {
/* resolve OCSP responder hostname */
temp.name = ctx->host;
resolve = ngx_resolve_start(ctx->resolver, &temp);
if (resolve == NULL) {
ngx_ssl_ocsp_error(ctx);
return;
}
if (resolve == NGX_NO_RESOLVER) {
ngx_log_error(NGX_LOG_WARN, ctx->log, 0,
"no resolver defined to resolve %V", &ctx->host);
goto connect;
}
resolve->name = ctx->host;
resolve->type = NGX_RESOLVE_A;
resolve->handler = ngx_ssl_ocsp_resolve_handler;
resolve->data = ctx;
resolve->timeout = ctx->resolver_timeout;
if (ngx_resolve_name(resolve) != NGX_OK) {
ngx_ssl_ocsp_error(ctx);
return;
}
return;
}
connect:
ngx_ssl_ocsp_connect(ctx);
}
static void
ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve)
{
ngx_ssl_ocsp_ctx_t *ctx = resolve->data;
u_char *p;
size_t len;
in_port_t port;
socklen_t socklen;
ngx_uint_t i;
struct sockaddr *sockaddr;
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
"ssl ocsp resolve handler");
if (resolve->state) {
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
"%V could not be resolved (%i: %s)",
&resolve->name, resolve->state,
ngx_resolver_strerror(resolve->state));
goto failed;
}
#if (NGX_DEBUG)
{
u_char text[NGX_SOCKADDR_STRLEN];
ngx_str_t addr;
addr.data = text;
for (i = 0; i < resolve->naddrs; i++) {
addr.len = ngx_sock_ntop(resolve->addrs[i].sockaddr,
resolve->addrs[i].socklen,
text, NGX_SOCKADDR_STRLEN, 0);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
"name was resolved to %V", &addr);
}
}
#endif
ctx->naddrs = resolve->naddrs;
ctx->addrs = ngx_pcalloc(ctx->pool, ctx->naddrs * sizeof(ngx_addr_t));
if (ctx->addrs == NULL) {
goto failed;
}
port = htons(ctx->port);
for (i = 0; i < resolve->naddrs; i++) {
socklen = resolve->addrs[i].socklen;
sockaddr = ngx_palloc(ctx->pool, socklen);
if (sockaddr == NULL) {
goto failed;
}
ngx_memcpy(sockaddr, resolve->addrs[i].sockaddr, socklen);
switch (sockaddr->sa_family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
((struct sockaddr_in6 *) sockaddr)->sin6_port = port;
break;
#endif
default: /* AF_INET */
((struct sockaddr_in *) sockaddr)->sin_port = port;
}
ctx->addrs[i].sockaddr = sockaddr;
ctx->addrs[i].socklen = socklen;
p = ngx_pnalloc(ctx->pool, NGX_SOCKADDR_STRLEN);
if (p == NULL) {
goto failed;
}
len = ngx_sock_ntop(sockaddr, socklen, p, NGX_SOCKADDR_STRLEN, 1);
ctx->addrs[i].name.len = len;
ctx->addrs[i].name.data = p;
}
ngx_resolve_name_done(resolve);
ngx_ssl_ocsp_connect(ctx);
return;
failed:
ngx_resolve_name_done(resolve);
ngx_ssl_ocsp_error(ctx);
}
static void
ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve)
{
ngx_ssl_ocsp_ctx_t *ctx = resolve->data;
u_char *p;
size_t len;
in_port_t port;
ngx_uint_t i;
struct sockaddr_in *sin;
ngx_log_debug0(NGX_LOG_ALERT, ctx->log, 0,
"ssl ocsp resolve handler");
if (resolve->state) {
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
"%V could not be resolved (%i: %s)",
&resolve->name, resolve->state,
ngx_resolver_strerror(resolve->state));
goto failed;
}
#if (NGX_DEBUG)
{
in_addr_t addr;
for (i = 0; i < resolve->naddrs; i++) {
addr = ntohl(resolve->addrs[i]);
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
"name was resolved to %ud.%ud.%ud.%ud",
(addr >> 24) & 0xff, (addr >> 16) & 0xff,
(addr >> 8) & 0xff, addr & 0xff);
}
}
#endif
ctx->naddrs = resolve->naddrs;
ctx->addrs = ngx_pcalloc(ctx->pool, ctx->naddrs * sizeof(ngx_addr_t));
if (ctx->addrs == NULL) {
goto failed;
}
port = htons(ctx->port);
for (i = 0; i < resolve->naddrs; i++) {
sin = ngx_pcalloc(ctx->pool, sizeof(struct sockaddr_in));
if (sin == NULL) {
goto failed;
}
sin->sin_family = AF_INET;
sin->sin_port = port;
sin->sin_addr.s_addr = resolve->addrs[i];
ctx->addrs[i].sockaddr = (struct sockaddr *) sin;
ctx->addrs[i].socklen = sizeof(struct sockaddr_in);
len = NGX_INET_ADDRSTRLEN + sizeof(":65535") - 1;
p = ngx_pnalloc(ctx->pool, len);
if (p == NULL) {
goto failed;
}
len = ngx_sock_ntop((struct sockaddr *) sin, p, len, 1);
ctx->addrs[i].name.len = len;
ctx->addrs[i].name.data = p;
}
ngx_resolve_name_done(resolve);
ngx_ssl_ocsp_connect(ctx);
return;
failed:
ngx_resolve_name_done(resolve);
ngx_ssl_ocsp_error(ctx);
}
