forked from wolfSSL/wolfssl
Merge pull request #2118 from kojo1/ocsp_proxy
OCSP, CRL request with "Cache-Control: no-cache" for proxy
This commit is contained in:
John Safranek
GitHub
@ -341,6 +341,7 @@ static int CheckResponse(WOLFSSL_OCSP* ocsp, byte* response, int responseSz,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Replace existing certificate entry with updated */
|
/* Replace existing certificate entry with updated */
|
||||||
|
newStatus->next = status->next;
|
||||||
XMEMCPY(status, newStatus, sizeof(CertStatus));
|
XMEMCPY(status, newStatus, sizeof(CertStatus));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|||||||
49
src/wolfio.c
49
src/wolfio.c
@ -1144,12 +1144,18 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
|
|||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName,
|
||||||
int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
const char *path, int pathLen, int reqSz, const char *contentType,
|
||||||
const char* path, int pathLen, int reqSz, const char* contentType,
|
byte *buf, int bufSize)
|
||||||
byte* buf, int bufSize)
|
|
||||||
{
|
{
|
||||||
word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, maxLen;
|
return wolfIO_HttpBuildRequest_ex(reqType, domainName, path, pathLen, reqSz, contentType, "", buf, bufSize);
|
||||||
|
}
|
||||||
|
|
||||||
|
int wolfIO_HttpBuildRequest_ex(const char *reqType, const char *domainName,
|
||||||
|
const char *path, int pathLen, int reqSz, const char *contentType,
|
||||||
|
const char *exHdrs, byte *buf, int bufSize)
|
||||||
|
{
|
||||||
|
word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, exHdrsLen, maxLen;
|
||||||
char reqSzStr[6];
|
char reqSzStr[6];
|
||||||
char* req = (char*)buf;
|
char* req = (char*)buf;
|
||||||
const char* blankStr = " ";
|
const char* blankStr = " ";
|
||||||
@ -1157,9 +1163,10 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
|||||||
const char* hostStr = "\r\nHost: ";
|
const char* hostStr = "\r\nHost: ";
|
||||||
const char* contentLenStr = "\r\nContent-Length: ";
|
const char* contentLenStr = "\r\nContent-Length: ";
|
||||||
const char* contentTypeStr = "\r\nContent-Type: ";
|
const char* contentTypeStr = "\r\nContent-Type: ";
|
||||||
|
const char* singleCrLfStr = "\r\n";
|
||||||
const char* doubleCrLfStr = "\r\n\r\n";
|
const char* doubleCrLfStr = "\r\n\r\n";
|
||||||
word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen,
|
word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen,
|
||||||
contentTypeStrLen, doubleCrLfStrLen;
|
contentTypeStrLen, singleCrLfStrLen, doubleCrLfStrLen;
|
||||||
|
|
||||||
reqTypeLen = (word32)XSTRLEN(reqType);
|
reqTypeLen = (word32)XSTRLEN(reqType);
|
||||||
domainNameLen = (word32)XSTRLEN(domainName);
|
domainNameLen = (word32)XSTRLEN(domainName);
|
||||||
@ -1171,6 +1178,15 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
|||||||
hostStrLen = (word32)XSTRLEN(hostStr);
|
hostStrLen = (word32)XSTRLEN(hostStr);
|
||||||
contentLenStrLen = (word32)XSTRLEN(contentLenStr);
|
contentLenStrLen = (word32)XSTRLEN(contentLenStr);
|
||||||
contentTypeStrLen = (word32)XSTRLEN(contentTypeStr);
|
contentTypeStrLen = (word32)XSTRLEN(contentTypeStr);
|
||||||
|
|
||||||
|
if(exHdrs){
|
||||||
|
singleCrLfStrLen = (word32)XSTRLEN(singleCrLfStr);
|
||||||
|
exHdrsLen = (word32)XSTRLEN(exHdrs);
|
||||||
|
} else {
|
||||||
|
singleCrLfStrLen = 0;
|
||||||
|
exHdrsLen = 0;
|
||||||
|
}
|
||||||
|
|
||||||
doubleCrLfStrLen = (word32)XSTRLEN(doubleCrLfStr);
|
doubleCrLfStrLen = (word32)XSTRLEN(doubleCrLfStr);
|
||||||
|
|
||||||
/* determine max length and check it */
|
/* determine max length and check it */
|
||||||
@ -1185,6 +1201,8 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
|||||||
reqSzStrLen +
|
reqSzStrLen +
|
||||||
contentTypeStrLen +
|
contentTypeStrLen +
|
||||||
contentTypeLen +
|
contentTypeLen +
|
||||||
|
singleCrLfStrLen +
|
||||||
|
exHdrsLen +
|
||||||
doubleCrLfStrLen +
|
doubleCrLfStrLen +
|
||||||
1 /* null term */;
|
1 /* null term */;
|
||||||
if (maxLen > (word32)bufSize)
|
if (maxLen > (word32)bufSize)
|
||||||
@ -1216,6 +1234,15 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
|||||||
XSTRNCPY((char*)buf, contentType, bufSize);
|
XSTRNCPY((char*)buf, contentType, bufSize);
|
||||||
buf += contentTypeLen; bufSize -= contentTypeLen;
|
buf += contentTypeLen; bufSize -= contentTypeLen;
|
||||||
}
|
}
|
||||||
|
if (exHdrsLen > 0)
|
||||||
|
{
|
||||||
|
XSTRNCPY((char *)buf, singleCrLfStr, bufSize);
|
||||||
|
buf += singleCrLfStrLen;
|
||||||
|
bufSize -= singleCrLfStrLen;
|
||||||
|
XSTRNCPY((char *)buf, exHdrs, bufSize);
|
||||||
|
buf += exHdrsLen;
|
||||||
|
bufSize -= exHdrsLen;
|
||||||
|
}
|
||||||
XSTRNCPY((char*)buf, doubleCrLfStr, bufSize);
|
XSTRNCPY((char*)buf, doubleCrLfStr, bufSize);
|
||||||
buf += doubleCrLfStrLen;
|
buf += doubleCrLfStrLen;
|
||||||
|
|
||||||
@ -1233,8 +1260,9 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
|||||||
int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path,
|
int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path,
|
||||||
int ocspReqSz, byte* buf, int bufSize)
|
int ocspReqSz, byte* buf, int bufSize)
|
||||||
{
|
{
|
||||||
return wolfIO_HttpBuildRequest("POST", domainName, path, (int)XSTRLEN(path),
|
const char *cacheCtl = "Cache-Control: no-cache";
|
||||||
ocspReqSz, "application/ocsp-request", buf, bufSize);
|
return wolfIO_HttpBuildRequest_ex("POST", domainName, path, (int)XSTRLEN(path),
|
||||||
|
ocspReqSz, "application/ocsp-request", cacheCtl, buf, bufSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* return: >0 OCSP Response Size
|
/* return: >0 OCSP Response Size
|
||||||
@ -1346,8 +1374,9 @@ void EmbedOcspRespFree(void* ctx, byte *resp)
|
|||||||
int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz,
|
int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz,
|
||||||
const char* domainName, byte* buf, int bufSize)
|
const char* domainName, byte* buf, int bufSize)
|
||||||
{
|
{
|
||||||
return wolfIO_HttpBuildRequest("GET", domainName, url, urlSz, 0, "",
|
const char *cacheCtl = "Cache-Control: no-cache";
|
||||||
buf, bufSize);
|
return wolfIO_HttpBuildRequest_ex("GET", domainName, url, urlSz, 0, "",
|
||||||
|
cacheCtl, buf, bufSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd, byte* httpBuf,
|
int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd, byte* httpBuf,
|
||||||
|
|||||||
@ -404,6 +404,9 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
|
|||||||
WOLFSSL_API int wolfIO_HttpBuildRequest(const char* reqType,
|
WOLFSSL_API int wolfIO_HttpBuildRequest(const char* reqType,
|
||||||
const char* domainName, const char* path, int pathLen, int reqSz,
|
const char* domainName, const char* path, int pathLen, int reqSz,
|
||||||
const char* contentType, unsigned char* buf, int bufSize);
|
const char* contentType, unsigned char* buf, int bufSize);
|
||||||
|
WOLFSSL_LOCAL int wolfIO_HttpBuildRequest_ex(const char* reqType,
|
||||||
|
const char* domainName, const char* path, int pathLen, int reqSz,
|
||||||
|
const char* contentType, const char *exHdrs, unsigned char* buf, int bufSize);
|
||||||
WOLFSSL_API int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
|
WOLFSSL_API int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
|
||||||
unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
|
unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
|
||||||
int dynType, void* heap);
|
int dynType, void* heap);
|
||||||
|
|||||||
Reference in New Issue
Block a user