static int ocsp_server_cb(SSL *s, void *arg) { int *argi = (int *)arg; unsigned char *orespdercopy = NULL; STACK_OF(OCSP_RESPID) *ids = NULL; OCSP_RESPID *id = NULL; if (*argi == 2) { /* In this test we are expecting exactly 1 OCSP_RESPID */ SSL_get_tlsext_status_ids(s, &ids); if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1) return SSL_TLSEXT_ERR_ALERT_FATAL; id = sk_OCSP_RESPID_value(ids, 0); if (id == NULL || !OCSP_RESPID_match(id, ocspcert)) return SSL_TLSEXT_ERR_ALERT_FATAL; } else if (*argi != 1) { return SSL_TLSEXT_ERR_ALERT_FATAL; } orespdercopy = OPENSSL_memdup(orespder, sizeof(orespder)); if (orespdercopy == NULL) return SSL_TLSEXT_ERR_ALERT_FATAL; SSL_set_tlsext_status_ocsp_resp(s, orespdercopy, sizeof(orespder)); ocsp_server_called = 1; return SSL_TLSEXT_ERR_OK; }
int bud_client_stapling_cb(SSL* ssl, void* arg) { bud_client_t* client; client = SSL_get_ex_data(ssl, kBudSSLClientIndex); if (client->stapling_ocsp_resp == NULL) return SSL_TLSEXT_ERR_NOACK; SSL_set_tlsext_status_ocsp_resp(ssl, client->stapling_ocsp_resp, client->stapling_ocsp_resp_len); client->stapling_ocsp_resp = NULL; return SSL_TLSEXT_ERR_OK; }
static int server_ocsp_cb(SSL *s, void *arg) { unsigned char *resp; resp = OPENSSL_malloc(1); if (resp == NULL) return SSL_TLSEXT_ERR_ALERT_FATAL; /* * For the purposes of testing we just send back a dummy OCSP response */ *resp = *(unsigned char *)arg; if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1)) return SSL_TLSEXT_ERR_ALERT_FATAL; return SSL_TLSEXT_ERR_OK; }
static int ngx_ssl_certificate_status_callback(ngx_ssl_conn_t *ssl_conn, void *data) { int rc; X509 *cert; u_char *p; ngx_connection_t *c; ngx_ssl_stapling_t *staple; c = ngx_ssl_get_connection(ssl_conn); ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL certificate status callback"); rc = SSL_TLSEXT_ERR_NOACK; cert = SSL_get_certificate(ssl_conn); staple = X509_get_ex_data(cert, ngx_ssl_stapling_index); if (staple == NULL) { return rc; } if (staple->staple.len && staple->valid >= ngx_time()) { /* we have to copy ocsp response as OpenSSL will free it by itself */ p = OPENSSL_malloc(staple->staple.len); if (p == NULL) { ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "OPENSSL_malloc() failed"); return SSL_TLSEXT_ERR_NOACK; } ngx_memcpy(p, staple->staple.data, staple->staple.len); SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, staple->staple.len); rc = SSL_TLSEXT_ERR_OK; } ngx_ssl_stapling_update(staple); return rc; }
int SslOcspStapling::callback(SSL *ssl) { int iResult; unsigned char *pbuff; iResult = SSL_TLSEXT_ERR_NOACK; update(); if (m_iDataLen > 0) { /*OpenSSL will free pbuff by itself */ pbuff = (unsigned char *)malloc(m_iDataLen); if (pbuff == NULL) return SSL_TLSEXT_ERR_NOACK; memcpy(pbuff, m_pRespData, m_iDataLen); SSL_set_tlsext_status_ocsp_resp(ssl, pbuff, m_iDataLen); iResult = SSL_TLSEXT_ERR_OK; } return iResult; }