wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

finishes SendCertificateStatus(); sending the stored status;

Browse Source
This commit is contained in:
Moisés Guimarães
2015-11-15 14:37:24 -03:00
parent 8ae6bf1641
commit 12802f40c5
1 changed files with 81 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
src/internal.c
View File

@@ -8143,6 +8143,78 @@ int SendCertificateRequest(WOLFSSL* ssl)
} }
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer status)
{
byte* output = NULL;
word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
word32 length = ENUM_LEN + OPAQUE24_LEN + status.length;
int sendSz = idx + length;
int ret = 0;
WOLFSSL_ENTER("BuildCertificateStatus");
if (ssl->keys.encryptionOn)
sendSz += MAX_MSG_EXTRA;
if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) {
output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length;
AddHeaders(output, length, certificate_status, ssl);
output[idx++] = type;
c32to24(status.length, output + idx);
idx += OPAQUE24_LEN;
XMEMCPY(output + idx, status.buffer, status.length);
idx += status.length;
if (ssl->keys.encryptionOn) {
byte* input;
int inputSz = idx - RECORD_HEADER_SZ;
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0)
ret = sendSz;
}
else
ret = HashOutput(ssl, output, sendSz, 0);
#ifdef WOLFSSL_DTLS
if (ret == 0 && ssl->options.dtls)
ret = DtlsPoolSave(ssl, output, sendSz));
#endif
#ifdef WOLFSSL_CALLBACKS
if (ret == 0 && ssl->hsInfoOn)
AddPacketName("CertificateStatus", &ssl->handShakeInfo);
if (ret == 0 && ssl->toInfoOn)
AddPacketInfo("CertificateStatus", &ssl->timeoutInfo, output,
sendSz, ssl->heap);
#endif
if (ret == 0) {
ssl->buffers.outputBuffer.length += sendSz;
if (!ssl->options.groupMessages)
ret = SendBuffered(ssl);
}
}
WOLFSSL_LEAVE("BuildCertificateStatus", ret);
return ret;
}
#endif
int SendCertificateStatus(WOLFSSL* ssl) int SendCertificateStatus(WOLFSSL* ssl)
{ {
int ret = 0; int ret = 0;
@@ -8182,7 +8254,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
InitDecodedCert(cert, der.buffer, der.length, NULL); InitDecodedCert(cert, der.buffer, der.length, NULL);
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
ssl->ctx->cm)) != 0) { ssl->ctx->cm)) != 0) {
WOLFSSL_MSG("ParseCert failed"); WOLFSSL_MSG("ParseCert failed");
} }
@@ -8190,20 +8262,18 @@ int SendCertificateStatus(WOLFSSL* ssl)
ret = CheckCertOCSP(ssl->ctx->cm->ocsp_stapling, cert, ret = CheckCertOCSP(ssl->ctx->cm->ocsp_stapling, cert,
&response); &response);
/* Suppressing, not critical */
if (ret == OCSP_CERT_REVOKED
|| ret == OCSP_CERT_UNKNOWN
|| ret == OCSP_LOOKUP_FAIL)
ret = 0;
if (response.buffer) { if (response.buffer) {
if (ret == OCSP_CERT_REVOKED || ret == OCSP_CERT_UNKNOWN) { if (ret == 0)
ret = 0; /* Forward status to client */ ret = BuildCertificateStatus(ssl,status_type, response);
}
if (ret == 0) {
}
XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
} }
if (ret == OCSP_LOOKUP_FAIL)
ret = 0; /* Suppressing, not critical */
} }
FreeDecodedCert(cert); FreeDecodedCert(cert);