Lines 53-80
typedef struct {
Link Here
|
53 |
char *uri; |
53 |
char *uri; |
54 |
} certinfo; |
54 |
} certinfo; |
55 |
|
55 |
|
56 |
static void certinfo_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |
|
|
57 |
int idx, long argl, void *argp) |
58 |
{ |
59 |
certinfo *cinf = ptr; |
60 |
|
61 |
if (!cinf) |
62 |
return; |
63 |
if (cinf->uri) |
64 |
OPENSSL_free(cinf->uri); |
65 |
OPENSSL_free(cinf); |
66 |
} |
67 |
|
68 |
static int stapling_ex_idx = -1; |
69 |
|
70 |
void ssl_stapling_ex_init(void) |
71 |
{ |
72 |
if (stapling_ex_idx != -1) |
73 |
return; |
74 |
stapling_ex_idx = X509_get_ex_new_index(0, "X509 cached OCSP info", 0, 0, |
75 |
certinfo_free); |
76 |
} |
77 |
|
78 |
static X509 *stapling_get_issuer(modssl_ctx_t *mctx, X509 *x) |
56 |
static X509 *stapling_get_issuer(modssl_ctx_t *mctx, X509 *x) |
79 |
{ |
57 |
{ |
80 |
X509 *issuer = NULL; |
58 |
X509 *issuer = NULL; |
Lines 106-112
static X509 *stapling_get_issuer(modssl_ctx_t *mctx, X509 *x)
Link Here
|
106 |
|
84 |
|
107 |
} |
85 |
} |
108 |
|
86 |
|
109 |
int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x) |
87 |
int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x, apr_pool_t *p) |
110 |
{ |
88 |
{ |
111 |
certinfo *cinf; |
89 |
certinfo *cinf; |
112 |
X509 *issuer = NULL; |
90 |
X509 *issuer = NULL; |
Lines 114-134
int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x)
Link Here
|
114 |
|
92 |
|
115 |
if (x == NULL) |
93 |
if (x == NULL) |
116 |
return 0; |
94 |
return 0; |
117 |
cinf = X509_get_ex_data(x, stapling_ex_idx); |
95 |
|
118 |
if (cinf) { |
96 |
if (mctx->pks->stapling_info == NULL) |
119 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02215) |
97 |
mctx->pks->stapling_info = apr_hash_make(p); |
120 |
"ssl_stapling_init_cert: certificate already initialized!"); |
98 |
|
|
|
99 |
if (mctx->pks->stapling_info == NULL) { |
100 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02216) |
101 |
"ssl_stapling_init_cert: error allocating memory!"); |
121 |
return 0; |
102 |
return 0; |
122 |
} |
103 |
} |
123 |
cinf = OPENSSL_malloc(sizeof(certinfo)); |
104 |
|
|
|
105 |
cinf = apr_pcalloc(p, sizeof(certinfo)); |
124 |
if (!cinf) { |
106 |
if (!cinf) { |
125 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02216) |
107 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02216) |
126 |
"ssl_stapling_init_cert: error allocating memory!"); |
108 |
"ssl_stapling_init_cert: error allocating memory!"); |
127 |
return 0; |
109 |
return 0; |
128 |
} |
110 |
} |
129 |
cinf->cid = NULL; |
|
|
130 |
cinf->uri = NULL; |
131 |
X509_set_ex_data(x, stapling_ex_idx, cinf); |
132 |
|
111 |
|
133 |
issuer = stapling_get_issuer(mctx, x); |
112 |
issuer = stapling_get_issuer(mctx, x); |
134 |
|
113 |
|
Lines 146-159
int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x)
Link Here
|
146 |
|
125 |
|
147 |
aia = X509_get1_ocsp(x); |
126 |
aia = X509_get1_ocsp(x); |
148 |
if (aia) { |
127 |
if (aia) { |
149 |
cinf->uri = sk_OPENSSL_STRING_pop(aia); |
128 |
/* Ugly: ensure memory managed by apr */ |
150 |
X509_email_free(aia); |
129 |
char *uri; |
|
|
130 |
uri = sk_OPENSSL_STRING_pop(aia); |
131 |
cinf->uri = apr_pstrdup(p, uri); |
132 |
OPENSSL_free(uri); |
151 |
} |
133 |
} |
152 |
if (!cinf->uri && !mctx->stapling_force_url) { |
134 |
if (!cinf->uri && !mctx->stapling_force_url) { |
153 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02218) |
135 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02218) |
154 |
"ssl_stapling_init_cert: no responder URL"); |
136 |
"ssl_stapling_init_cert: no responder URL"); |
155 |
return 0; |
137 |
return 0; |
156 |
} |
138 |
} |
|
|
139 |
|
140 |
if (apr_hash_get(mctx->pks->stapling_info, cinf->idx, sizeof(cinf->idx))) { |
141 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02215) |
142 |
"ssl_stapling_init_cert: certificate already initialized!"); |
143 |
return 0; |
144 |
} |
145 |
|
146 |
apr_hash_set(mctx->pks->stapling_info, cinf->idx, sizeof(cinf->idx), cinf); |
147 |
|
157 |
return 1; |
148 |
return 1; |
158 |
} |
149 |
} |
159 |
|
150 |
|
Lines 162-171
static certinfo *stapling_get_cert_info(server_rec *s, modssl_ctx_t *mctx,
Link Here
|
162 |
{ |
153 |
{ |
163 |
certinfo *cinf; |
154 |
certinfo *cinf; |
164 |
X509 *x; |
155 |
X509 *x; |
|
|
156 |
UCHAR idx[20]; |
165 |
x = SSL_get_certificate(ssl); |
157 |
x = SSL_get_certificate(ssl); |
166 |
if (x == NULL) |
158 |
if (x == NULL) |
167 |
return NULL; |
159 |
return NULL; |
168 |
cinf = X509_get_ex_data(x, stapling_ex_idx); |
160 |
X509_digest(x, EVP_sha1(), idx, NULL); |
|
|
161 |
cinf = apr_hash_get(mctx->pks->stapling_info, idx, sizeof(idx)); |
169 |
if (cinf && cinf->cid) |
162 |
if (cinf && cinf->cid) |
170 |
return cinf; |
163 |
return cinf; |
171 |
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01926) |
164 |
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01926) |
172 |
- |
|
|