C++ (Cpp) SSL_set_tlsext_status_ocsp_resp示例

示例#1

文件： sslapitest.c 项目： michaellukashov/Far-NetBox

static int ocsp_server_cb(SSL *s, void *arg)
{
    int *argi = (int *)arg;
    unsigned char *orespdercopy = NULL;
    STACK_OF(OCSP_RESPID) *ids = NULL;
    OCSP_RESPID *id = NULL;

    if (*argi == 2) {
        /* In this test we are expecting exactly 1 OCSP_RESPID */
        SSL_get_tlsext_status_ids(s, &ids);
        if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
            return SSL_TLSEXT_ERR_ALERT_FATAL;

        id = sk_OCSP_RESPID_value(ids, 0);
        if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
            return SSL_TLSEXT_ERR_ALERT_FATAL;
    } else if (*argi != 1) {
        return SSL_TLSEXT_ERR_ALERT_FATAL;
    }


    orespdercopy = OPENSSL_memdup(orespder, sizeof(orespder));
    if (orespdercopy == NULL)
        return SSL_TLSEXT_ERR_ALERT_FATAL;

    SSL_set_tlsext_status_ocsp_resp(s, orespdercopy, sizeof(orespder));

    ocsp_server_called = 1;

    return SSL_TLSEXT_ERR_OK;
}

示例#2

文件： ocsp.c 项目： laggyluke/bud

int bud_client_stapling_cb(SSL* ssl, void* arg) {
  bud_client_t* client;

  client = SSL_get_ex_data(ssl, kBudSSLClientIndex);
  if (client->stapling_ocsp_resp == NULL)
    return SSL_TLSEXT_ERR_NOACK;

  SSL_set_tlsext_status_ocsp_resp(ssl,
                                  client->stapling_ocsp_resp,
                                  client->stapling_ocsp_resp_len);
  client->stapling_ocsp_resp = NULL;
  return SSL_TLSEXT_ERR_OK;
}

示例#3

文件： handshake_helper.c 项目： Castaglia/openssl

static int server_ocsp_cb(SSL *s, void *arg)
{
    unsigned char *resp;

    resp = OPENSSL_malloc(1);
    if (resp == NULL)
        return SSL_TLSEXT_ERR_ALERT_FATAL;
    /*
     * For the purposes of testing we just send back a dummy OCSP response
     */
    *resp = *(unsigned char *)arg;
    if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1))
        return SSL_TLSEXT_ERR_ALERT_FATAL;

    return SSL_TLSEXT_ERR_OK;
}

示例#4

文件： ngx_event_openssl_stapling.c 项目： DashYang/nginx

static int
ngx_ssl_certificate_status_callback(ngx_ssl_conn_t *ssl_conn, void *data)
{
    int                  rc;
    X509                *cert;
    u_char              *p;
    ngx_connection_t    *c;
    ngx_ssl_stapling_t  *staple;

    c = ngx_ssl_get_connection(ssl_conn);

    ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
                   "SSL certificate status callback");

    rc = SSL_TLSEXT_ERR_NOACK;

    cert = SSL_get_certificate(ssl_conn);
    staple = X509_get_ex_data(cert, ngx_ssl_stapling_index);

    if (staple == NULL) {
        return rc;
    }

    if (staple->staple.len
        && staple->valid >= ngx_time())
    {
        /* we have to copy ocsp response as OpenSSL will free it by itself */

        p = OPENSSL_malloc(staple->staple.len);
        if (p == NULL) {
            ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "OPENSSL_malloc() failed");
            return SSL_TLSEXT_ERR_NOACK;
        }

        ngx_memcpy(p, staple->staple.data, staple->staple.len);

        SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, staple->staple.len);

        rc = SSL_TLSEXT_ERR_OK;
    }

    ngx_ssl_stapling_update(staple);

    return rc;
}

示例#5

文件： sslocspstapling.cpp 项目： 52M/openlitespeed

int SslOcspStapling::callback(SSL *ssl)
{
    int     iResult;
    unsigned char *pbuff;
    iResult = SSL_TLSEXT_ERR_NOACK;
    update();
    if (m_iDataLen > 0)
    {
        /*OpenSSL will free pbuff by itself */
        pbuff = (unsigned char *)malloc(m_iDataLen);
        if (pbuff == NULL)
            return SSL_TLSEXT_ERR_NOACK;
        memcpy(pbuff, m_pRespData, m_iDataLen);
        SSL_set_tlsext_status_ocsp_resp(ssl, pbuff, m_iDataLen);
        iResult = SSL_TLSEXT_ERR_OK;
    }
    return iResult;
}