From: Marcel Poul <marcel.poul@cern.ch>
Date: Mon, 13 Aug 2012 14:38:18 +0000 (+0000)
Subject: get proper host out of url, free host and chosen url at the end of the routine.
X-Git-Tag: glite-lbjp-common-gss_R_3_2_4_1~7
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=841df7dcfcd74de36975d129b271de53ea409f28;p=jra1mw.git

get proper host out of url, free host and chosen url at the end of the routine.
---

diff --git a/emi.canl.canl-c/Makefile b/emi.canl.canl-c/Makefile
index 3f6779c..e578aaf 100644
--- a/emi.canl.canl-c/Makefile
+++ b/emi.canl.canl-c/Makefile
@@ -51,7 +51,7 @@ LFLAGS_PRX=-L. -lcanl_c
 CFLAGS_DEL=-Wall -g -I${top_srcdir}/src -I.
 LFLAGS_DEL=-L. -lcanl_c -lcrypto 
 
-HEAD_CANL=canl.h canl_locl.h canl_err.h canl_cred.h canl_ssl.h canl_mech_ssl.h
+HEAD_CANL=canl.h canl_locl.h canl_err.h canl_cred.h canl_ssl.h canl_mech_ssl.h canl_ocsp.h
 
 SRC_CLI=canl_sample_client.c
 HEAD_CLI=canl.h
diff --git a/emi.canl.canl-c/src/canl_ocsp.c b/emi.canl.canl-c/src/canl_ocsp.c
index 4eda8dc..92389fd 100644
--- a/emi.canl.canl-c/src/canl_ocsp.c
+++ b/emi.canl.canl-c/src/canl_ocsp.c
@@ -387,10 +387,11 @@ int do_ocsp_verify (canl_ocsprequest_t *data)
     }
 
     /*get url from cert or use some implicit value*/
+    /*TODO duplicate the value*/
     if (data->url)
-        host = data->url;
+        chosenurl = strdup(data->url);
     else
-        if (!get_ocsp_url_from_aia(data->cert, &host)) {
+        if (!get_ocsp_url_from_aia(data->cert, &chosenurl)) {
             result = CANL_OCSPRESULT_ERROR_NOAIAOCSPURI;
             goto end;
         }
@@ -499,6 +500,8 @@ end:
     if (req) OCSP_REQUEST_free(req);
     if (resp) OCSP_RESPONSE_free(resp);
     if (basic) OCSP_BASICRESP_free(basic);
+    if (chosenurl)
+        free(chosenurl);
     if (verify_other)
         sk_X509_pop_free(verify_other, X509_free);
     if (store)
diff --git a/emi.canl.canl-c/src/canl_ocsp.h b/emi.canl.canl-c/src/canl_ocsp.h
index 76d0d64..3f9bf1f 100644
--- a/emi.canl.canl-c/src/canl_ocsp.h
+++ b/emi.canl.canl-c/src/canl_ocsp.h
@@ -54,4 +54,6 @@ void ocsprequest_free(canl_ocsprequest_t *or);
 int canl_x509store_init(canl_x509store_t **cs);
 void canl_x509store_free(canl_x509store_t *cs);
 
+int do_ocsp_verify (canl_ocsprequest_t *data);
+
 #endif
diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c
index 588053d..c972ff5 100644
--- a/emi.canl.canl-c/src/proxy/sslutils.c
+++ b/emi.canl.canl-c/src/proxy/sslutils.c
@@ -2189,7 +2189,16 @@ proxy_verify_callback(
     /*
        OCSP check
      */
-//    do_ocsp_verify (ocsp_data);
+    if (!ocsp_data)
+        ocsprequest_init(&ocsp_data);
+    if (ocsp_data) {
+        if (ctx->current_cert)
+            set_ocsp_cert(ocsp_data, ctx->current_cert);
+        if (ctx->current_issuer)
+            set_ocsp_issuer(ocsp_data, ctx->current_issuer);
+        do_ocsp_verify (ocsp_data);
+        /* TODO sign key and cert */
+    }
 
     EVP_PKEY_free(key);