forked from wolfSSL/wolfssl
sb fixes for crl and ocsp
This commit is contained in:
toddouska
@ -4295,7 +4295,8 @@ static int DecodeSingleResponse(byte* source,
|
|||||||
break;
|
break;
|
||||||
case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED):
|
case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED):
|
||||||
cs->status = CERT_REVOKED;
|
cs->status = CERT_REVOKED;
|
||||||
GetLength(source, &idx, &length, size);
|
if (GetLength(source, &idx, &length, size) < 0)
|
||||||
|
return ASN_PARSE_E;
|
||||||
idx += length;
|
idx += length;
|
||||||
break;
|
break;
|
||||||
case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN):
|
case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN):
|
||||||
|
|||||||
7
src/io.c
7
src/io.c
@ -506,6 +506,10 @@ static INLINE int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
|
|||||||
}
|
}
|
||||||
|
|
||||||
*sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
|
*sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
|
||||||
|
if (*sockfd < 0) {
|
||||||
|
CYASSL_MSG("bad socket fd, out of fds?");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
XMEMSET(&addr, 0, sizeof(SOCKADDR_IN_T));
|
XMEMSET(&addr, 0, sizeof(SOCKADDR_IN_T));
|
||||||
|
|
||||||
addr.sin_family = AF_INET_V;
|
addr.sin_family = AF_INET_V;
|
||||||
@ -672,7 +676,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
|
|||||||
byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
|
byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
|
||||||
{
|
{
|
||||||
char domainName[80], path[80];
|
char domainName[80], path[80];
|
||||||
int port, httpBufSz, sfd;
|
int port, httpBufSz, sfd = -1;
|
||||||
int ocspRespSz = 0;
|
int ocspRespSz = 0;
|
||||||
byte* httpBuf = NULL;
|
byte* httpBuf = NULL;
|
||||||
|
|
||||||
@ -725,6 +729,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
CYASSL_MSG("OCSP Responder connection failed");
|
CYASSL_MSG("OCSP Responder connection failed");
|
||||||
|
close(sfd);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -274,7 +274,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) {
|
if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) {
|
||||||
if (ocsp->overrideUrl != NULL) {
|
if (ocsp->overrideUrl[0] != '\0') {
|
||||||
url = ocsp->overrideUrl;
|
url = ocsp->overrideUrl;
|
||||||
urlSz = (int)XSTRLEN(url);
|
urlSz = (int)XSTRLEN(url);
|
||||||
}
|
}
|
||||||
@ -299,7 +299,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||||||
ocspReqBuf, ocspReqSz, &ocspRespBuf);
|
ocspReqBuf, ocspReqSz, &ocspRespBuf);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (result >= 0) {
|
if (result >= 0 && ocspRespBuf) {
|
||||||
InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, result);
|
InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, result);
|
||||||
OcspResponseDecode(&ocspResponse);
|
OcspResponseDecode(&ocspResponse);
|
||||||
|
|
||||||
|
|||||||
10
src/ssl.c
10
src/ssl.c
@ -955,7 +955,10 @@ int CyaSSL_Init(void)
|
|||||||
ret = BAD_MUTEX_ERROR;
|
ret = BAD_MUTEX_ERROR;
|
||||||
}
|
}
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
LockMutex(&count_mutex);
|
if (LockMutex(&count_mutex) != 0) {
|
||||||
|
CYASSL_MSG("Bad Lock Mutex count");
|
||||||
|
return BAD_MUTEX_ERROR;
|
||||||
|
}
|
||||||
initRefCount++;
|
initRefCount++;
|
||||||
UnLockMutex(&count_mutex);
|
UnLockMutex(&count_mutex);
|
||||||
}
|
}
|
||||||
@ -3018,7 +3021,10 @@ int CyaSSL_Cleanup(void)
|
|||||||
|
|
||||||
CYASSL_ENTER("CyaSSL_Cleanup");
|
CYASSL_ENTER("CyaSSL_Cleanup");
|
||||||
|
|
||||||
LockMutex(&count_mutex);
|
if (LockMutex(&count_mutex) != 0) {
|
||||||
|
CYASSL_MSG("Bad Lock Mutex count");
|
||||||
|
return BAD_MUTEX_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
release = initRefCount-- == 1;
|
release = initRefCount-- == 1;
|
||||||
if (initRefCount < 0)
|
if (initRefCount < 0)
|
||||||
|
|||||||
Reference in New Issue
Block a user