/* Serialize an OCSP request which will be sent to the responder at * given URI to a memory BIO object, which is returned. */ static BIO *serialize_request(OCSP_REQUEST *req, const apr_uri_t *uri, const apr_uri_t *proxy_uri) { BIO *bio; int len; len = i2d_OCSP_REQUEST(req, NULL); bio = BIO_new(BIO_s_mem()); BIO_printf(bio, "POST "); /* Use full URL instead of URI in case of a request through a proxy */ if (proxy_uri) { BIO_printf(bio, "http://%s:%d", uri->hostname, uri->port); } BIO_printf(bio, "%s%s%s HTTP/1.0\r\n" "Host: %s:%d\r\n" "Content-Type: application/ocsp-request\r\n" "Content-Length: %d\r\n" "\r\n", uri->path ? uri->path : "/", uri->query ? "?" : "", uri->query ? uri->query : "", uri->hostname, uri->port, len); if (i2d_OCSP_REQUEST_bio(bio, req) != 1) { BIO_free(bio); return NULL; } return bio; }
/* Serialize an OCSP request which will be sent to the responder at * given URI to a memory BIO object, which is returned. */ static BIO *serialize_request(OCSP_REQUEST *req, const apr_uri_t *uri) { BIO *bio; int len; len = i2d_OCSP_REQUEST(req, NULL); bio = BIO_new(BIO_s_mem()); BIO_printf(bio, "POST %s%s%s HTTP/1.0\r\n" "Host: %s:%d\r\n" "Content-Type: application/ocsp-request\r\n" "Content-Length: %d\r\n" "\r\n", uri->path ? uri->path : "/", uri->query ? "?" : "", uri->query ? uri->query : "", uri->hostname, uri->port, len); if (i2d_OCSP_REQUEST_bio(bio, req) != 1) { BIO_free(bio); return NULL; } return bio; }
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, int maxline) { static char post_hdr[] = "POST %s HTTP/1.0\r\n" "Content-Type: application/ocsp-request\r\n" "Content-Length: %d\r\n\r\n"; OCSP_REQ_CTX *rctx; rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); rctx->state = OHS_FIRSTLINE; rctx->mem = BIO_new(BIO_s_mem()); rctx->io = io; if (maxline > 0) rctx->iobuflen = maxline; else rctx->iobuflen = OCSP_MAX_LINE_LEN; rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); if (!path) path = "/"; if (BIO_printf(rctx->mem, post_hdr, path, i2d_OCSP_REQUEST(req, NULL)) <= 0) { rctx->state = OHS_ERROR; return 0; } if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) { rctx->state = OHS_ERROR; return 0; } rctx->state = OHS_ASN1_WRITE; rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); return rctx; }
static VALUE ossl_ocspreq_to_der(VALUE self) { OCSP_REQUEST *req; VALUE str; unsigned char *p; long len; GetOCSPReq(self, req); if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); p = RSTRING_PTR(str); if(i2d_OCSP_REQUEST(req, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); return str; }
static VALUE ossl_ocspreq_to_der(VALUE self, SEL sel) { OCSP_REQUEST *req; VALUE str; unsigned char *p; long len; GetOCSPReq(self, req); if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_bstr_new(); rb_bstr_resize(str, len); p = (unsigned char *)rb_bstr_bytes(str); if(i2d_OCSP_REQUEST(req, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); return str; }
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req) { if (BIO_printf(rctx->mem, "Content-Type: application/ocsp-request\r\n" "Content-Length: %d\r\n\r\n", i2d_OCSP_REQUEST(req, NULL)) <= 0) return 0; if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) return 0; rctx->state = OHS_ASN1_WRITE; rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); return 1; }
int SslOcspStapling::getRequestData(unsigned char *pReqData) { int len = -1; OCSP_REQUEST *ocsp; OCSP_CERTID *id; if (m_pCertId == NULL) return LS_FAIL; ocsp = OCSP_REQUEST_new(); if (ocsp == NULL) return LS_FAIL; id = OCSP_CERTID_dup(m_pCertId); if (OCSP_request_add0_id(ocsp, id) != NULL) { len = i2d_OCSP_REQUEST(ocsp, &pReqData); if (len > 0) *pReqData = 0; } OCSP_REQUEST_free(ocsp); return len; }
static ngx_int_t ngx_ssl_ocsp_create_request(ngx_ssl_ocsp_ctx_t *ctx) { int len; u_char *p; uintptr_t escape; ngx_str_t binary, base64; ngx_buf_t *b; OCSP_CERTID *id; OCSP_REQUEST *ocsp; ocsp = OCSP_REQUEST_new(); if (ocsp == NULL) { ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, "OCSP_REQUEST_new() failed"); return NGX_ERROR; } id = OCSP_cert_to_id(NULL, ctx->cert, ctx->issuer); if (id == NULL) { ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, "OCSP_cert_to_id() failed"); goto failed; } if (OCSP_request_add0_id(ocsp, id) == NULL) { ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, "OCSP_request_add0_id() failed"); OCSP_CERTID_free(id); goto failed; } len = i2d_OCSP_REQUEST(ocsp, NULL); if (len <= 0) { ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0, "i2d_OCSP_REQUEST() failed"); goto failed; } binary.len = len; binary.data = ngx_palloc(ctx->pool, len); if (binary.data == NULL) { goto failed; } p = binary.data; len = i2d_OCSP_REQUEST(ocsp, &p); if (len <= 0) { ngx_ssl_error(NGX_LOG_EMERG, ctx->log, 0, "i2d_OCSP_REQUEST() failed"); goto failed; } base64.len = ngx_base64_encoded_length(binary.len); base64.data = ngx_palloc(ctx->pool, base64.len); if (base64.data == NULL) { goto failed; } ngx_encode_base64(&base64, &binary); escape = ngx_escape_uri(NULL, base64.data, base64.len, NGX_ESCAPE_URI_COMPONENT); ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ctx->log, 0, "ssl ocsp request length %z, escape %d", base64.len, (int) escape); len = sizeof("GET ") - 1 + ctx->uri.len + sizeof("/") - 1 + base64.len + 2 * escape + sizeof(" HTTP/1.0" CRLF) - 1 + sizeof("Host: ") - 1 + ctx->host.len + sizeof(CRLF) - 1 + sizeof(CRLF) - 1; b = ngx_create_temp_buf(ctx->pool, len); if (b == NULL) { goto failed; } p = b->last; p = ngx_cpymem(p, "GET ", sizeof("GET ") - 1); p = ngx_cpymem(p, ctx->uri.data, ctx->uri.len); if (ctx->uri.data[ctx->uri.len - 1] != '/') { *p++ = '/'; } if (escape == 0) { p = ngx_cpymem(p, base64.data, base64.len); } else { p = (u_char *) ngx_escape_uri(p, base64.data, base64.len, NGX_ESCAPE_URI_COMPONENT); } p = ngx_cpymem(p, " HTTP/1.0" CRLF, sizeof(" HTTP/1.0" CRLF) - 1); p = ngx_cpymem(p, "Host: ", sizeof("Host: ") - 1); p = ngx_cpymem(p, ctx->host.data, ctx->host.len); *p++ = CR; *p++ = LF; /* add "\r\n" at the header end */ *p++ = CR; *p++ = LF; b->last = p; ctx->request = b; OCSP_REQUEST_free(ocsp); return NGX_OK; failed: OCSP_REQUEST_free(ocsp); return NGX_ERROR; }
const char* bud_context_get_ocsp_req(bud_context_t* context, size_t* size, char** ocsp_request, size_t* ocsp_request_len) { STACK_OF(OPENSSL_STRING)* urls; OCSP_REQUEST* req; OCSP_CERTID* id; char* encoded; unsigned char* pencoded; size_t encoded_len; urls = NULL; id = NULL; encoded = NULL; /* Cached url */ if (context->ocsp_url != NULL) goto has_url; urls = X509_get1_ocsp(context->cert); if (urls == NULL) goto done; context->ocsp_url = sk_OPENSSL_STRING_pop(urls); context->ocsp_url_len = strlen(context->ocsp_url); has_url: if (context->ocsp_url == NULL) goto done; id = OCSP_CERTID_dup(context->ocsp_id); if (id == NULL) goto done; /* Create request */ req = OCSP_REQUEST_new(); if (req == NULL) goto done; if (!OCSP_request_add0_id(req, id)) goto done; id = NULL; encoded_len = i2d_OCSP_REQUEST(req, NULL); encoded = malloc(encoded_len); if (encoded == NULL) goto done; pencoded = (unsigned char*) encoded; i2d_OCSP_REQUEST(req, &pencoded); OCSP_REQUEST_free(req); *ocsp_request = encoded; *ocsp_request_len = encoded_len; encoded = NULL; done: if (id != NULL) OCSP_CERTID_free(id); if (urls != NULL) X509_email_free(urls); if (encoded != NULL) free(encoded); *size = context->ocsp_url_len; return context->ocsp_url; }