Пример #1
0
static int http_ocsp_transaction(CYASSL_OCSP* ocsp, DecodedCert* cert,
                        byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
{
    SOCKET_T sfd = -1;
    byte httpBuf[SCRATCH_BUFFER_SIZE];
    int httpBufSz = SCRATCH_BUFFER_SIZE;
    char domainName[80], path[80];
    int port, ocspRespSz;

    if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) {
        if (ocsp->overrideName != NULL) {
            XMEMCPY(domainName, ocsp->overrideName, 80);
            XMEMCPY(path, ocsp->overridePath, 80);
            port = ocsp->overridePort;
        } else
            return OCSP_NEED_URL;
    } else {
        if (!decode_url((const char*)cert->extAuthInfo, cert->extAuthInfoSz,
                                                    domainName, path, &port))
            return OCSP_NEED_URL;
    }

    httpBufSz = build_http_request(domainName, path, ocspReqSz,
                                                        httpBuf, httpBufSz);

    tcp_connect(&sfd, domainName, port);
    if (sfd > 0) {
        int written;
        written = (int)write(sfd, httpBuf, httpBufSz);
        if (written == httpBufSz) {
            written = (int)write(sfd, ocspReqBuf, ocspReqSz);
            if (written == ocspReqSz) {
                httpBufSz = (int)read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
                if (httpBufSz > 0) {
                    ocspRespSz = decode_http_response(httpBuf, httpBufSz,
                        ocspRespBuf);
                }
            }
        }
        close(sfd);
        if (ocspRespSz == 0) {
            CYASSL_MSG("HTTP response was not OK, no OCSP response");
            return OCSP_LOOKUP_FAIL;
        }
    } else {
        CYASSL_MSG("OCSP Responder connection failed");
        return OCSP_LOOKUP_FAIL;
    }

    return ocspRespSz;
}
Пример #2
0
int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
                        byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
{
    char domainName[80], path[80];
    int port, httpBufSz, sfd = -1;
    int ocspRespSz = 0;
    byte* httpBuf = NULL;

    (void)ctx;

    if (ocspReqBuf == NULL || ocspReqSz == 0) {
        CYASSL_MSG("OCSP request is required for lookup");
        return -1;
    }

    if (ocspRespBuf == NULL) {
        CYASSL_MSG("Cannot save OCSP response");
        return -1;
    }

    if (decode_url(url, urlSz, domainName, path, &port) < 0) {
        CYASSL_MSG("Unable to decode OCSP URL");
        return -1;
    }
    
    httpBufSz = SCRATCH_BUFFER_SIZE;
    httpBuf = (byte*)XMALLOC(httpBufSz, NULL, DYNAMIC_TYPE_IN_BUFFER);

    if (httpBuf == NULL) {
        CYASSL_MSG("Unable to create OCSP response buffer");
        return -1;
    }
    *ocspRespBuf = httpBuf;

    httpBufSz = build_http_request(domainName, path, ocspReqSz,
                                                        httpBuf, httpBufSz);

    if ((tcp_connect(&sfd, domainName, port) == 0) && (sfd > 0)) {
        int written;
        written = (int)write(sfd, httpBuf, httpBufSz);
        if (written == httpBufSz) {
            written = (int)write(sfd, ocspReqBuf, ocspReqSz);
            if (written == ocspReqSz) {
                httpBufSz = (int)read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
                if (httpBufSz > 0) {
                    ocspRespSz = decode_http_response(httpBuf, httpBufSz,
                        ocspRespBuf);
                }
            }
        }
        close(sfd);
        if (ocspRespSz == 0) {
            CYASSL_MSG("OCSP response was not OK, no OCSP response");
            return -1;
        }
    } else {
        CYASSL_MSG("OCSP Responder connection failed");
        close(sfd);
        return -1;
    }

    return ocspRespSz;
}