Prepare timeout usage for OCSP.

diff --git a/emi.canl.canl-c/src/canl_ocsp.c b/emi.canl.canl-c/src/canl_ocsp.c
index 5abd034..ba98ece 100644 (file)
--- a/emi.canl.canl-c/src/canl_ocsp.c
+++ b/emi.canl.canl-c/src/canl_ocsp.c
@@ -99,7 +99,6 @@ void canl_x509store_free(canl_x509store_t *cs)
 
 int set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert)
 {
-
     if (!ocspreq)
         ocspreq = calloc(1, sizeof(*ocspreq));
     if (!ocspreq)
@@ -119,7 +118,6 @@ int set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert)
 
 int set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url)
 {
-
     int len = 0;
     if (!ocspreq)
         ocspreq = calloc(1, sizeof(*ocspreq));
@@ -142,7 +140,6 @@ int set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url)
 
 int set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer)
 {
-
     if (!ocspreq)
         ocspreq = calloc(1, sizeof(*ocspreq));
     if (!ocspreq)
@@ -161,7 +158,6 @@ int set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer)
 
 int set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert)
 {
-
     if (!ocspreq)
         ocspreq = calloc(1, sizeof(*ocspreq));
     if (!ocspreq)
@@ -180,7 +176,6 @@ int set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert)
 
 int set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key)
 {
-
     if (!ocspreq)
         ocspreq = calloc(1, sizeof(*ocspreq));
     if (!ocspreq)
@@ -196,9 +191,9 @@ int set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key)
     }
     return 0;
 }
+
 int set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew)
 {
-
     if (!ocspreq)
         ocspreq = calloc(1, sizeof(*ocspreq));
     if (!ocspreq)
@@ -207,9 +202,9 @@ int set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew)
         ocspreq->skew = skew;
     return 0;
 }
+
 int set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage)
 {
-
     if (!ocspreq)
         ocspreq = calloc(1, sizeof(*ocspreq));
     if (!ocspreq)
@@ -219,6 +214,17 @@ int set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage)
     return 0;
 }
 
+int set_ocsp_timeout(canl_ocsprequest_t *ocspreq, int timeout)
+{
+    if (!ocspreq)
+        ocspreq = calloc(1, sizeof(*ocspreq));
+    if (!ocspreq)
+        return 1;
+    if (timeout)
+        ocspreq->timeout = timeout;
+    return 0;
+}
+
 static canl_x509store_t * 
 store_dup(canl_x509store_t *store_from)
 {

diff --git a/emi.canl.canl-c/src/canl_ocsp.h b/emi.canl.canl-c/src/canl_ocsp.h
index 24c48f2..2ef7009 100644 (file)
--- a/emi.canl.canl-c/src/canl_ocsp.h
+++ b/emi.canl.canl-c/src/canl_ocsp.h
@@ -17,6 +17,7 @@ typedef struct {
     EVP_PKEY        *sign_key;
     long            skew;
     long            maxage;
+    int             timeout;
 } canl_ocsprequest_t;
 
 typedef enum {

diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c
index 97955c0..447169f 100644 (file)
--- a/emi.canl.canl-c/src/proxy/sslutils.c
+++ b/emi.canl.canl-c/src/proxy/sslutils.c
@@ -2201,6 +2201,7 @@ proxy_verify_callback(
         if (cert_dir){
             canl_x509store_t *c_store = NULL;
             if (!canl_x509store_init(&c_store)) {
+                /* TODO This is obviously wrong, cert_dir is not ca_cert_dir*/
                 c_store->ca_dir = strdup(cert_dir);
                 set_ocsp_store(ocsp_data, c_store);
                 canl_x509store_free(c_store);
@@ -2209,7 +2210,8 @@ proxy_verify_callback(
         }
         set_ocsp_skew(ocsp_data, MAX_VALIDITY_PERIOD);
         set_ocsp_maxage(ocsp_data, -1);
-
+        /*Timeout should be set here 
+       set_ocsp_timeout(pvd->timeout, -1); */
         do_ocsp_verify (ocsp_data);
         /* TODO sign key and cert */
     }