From b9c00fc9b76977ad38b4d189c8cff7429dbc0588 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Fri, 14 Sep 2012 16:04:24 +0000 Subject: [PATCH] Prepare timeout usage for OCSP. --- emi.canl.canl-c/src/canl_ocsp.c | 20 +++++++++++++------- emi.canl.canl-c/src/canl_ocsp.h | 1 + emi.canl.canl-c/src/proxy/sslutils.c | 4 +++- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/emi.canl.canl-c/src/canl_ocsp.c b/emi.canl.canl-c/src/canl_ocsp.c index 5abd034..ba98ece 100644 --- a/emi.canl.canl-c/src/canl_ocsp.c +++ b/emi.canl.canl-c/src/canl_ocsp.c @@ -99,7 +99,6 @@ void canl_x509store_free(canl_x509store_t *cs) int set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert) { - if (!ocspreq) ocspreq = calloc(1, sizeof(*ocspreq)); if (!ocspreq) @@ -119,7 +118,6 @@ int set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert) int set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url) { - int len = 0; if (!ocspreq) ocspreq = calloc(1, sizeof(*ocspreq)); @@ -142,7 +140,6 @@ int set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url) int set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer) { - if (!ocspreq) ocspreq = calloc(1, sizeof(*ocspreq)); if (!ocspreq) @@ -161,7 +158,6 @@ int set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer) int set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert) { - if (!ocspreq) ocspreq = calloc(1, sizeof(*ocspreq)); if (!ocspreq) @@ -180,7 +176,6 @@ int set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert) int set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key) { - if (!ocspreq) ocspreq = calloc(1, sizeof(*ocspreq)); if (!ocspreq) @@ -196,9 +191,9 @@ int set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key) } return 0; } + int set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew) { - if (!ocspreq) ocspreq = calloc(1, sizeof(*ocspreq)); if (!ocspreq) @@ -207,9 +202,9 @@ int set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew) ocspreq->skew = skew; return 0; } + int set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage) { - if (!ocspreq) ocspreq = calloc(1, sizeof(*ocspreq)); if (!ocspreq) @@ -219,6 +214,17 @@ int set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage) return 0; } +int set_ocsp_timeout(canl_ocsprequest_t *ocspreq, int timeout) +{ + if (!ocspreq) + ocspreq = calloc(1, sizeof(*ocspreq)); + if (!ocspreq) + return 1; + if (timeout) + ocspreq->timeout = timeout; + return 0; +} + static canl_x509store_t * store_dup(canl_x509store_t *store_from) { diff --git a/emi.canl.canl-c/src/canl_ocsp.h b/emi.canl.canl-c/src/canl_ocsp.h index 24c48f2..2ef7009 100644 --- a/emi.canl.canl-c/src/canl_ocsp.h +++ b/emi.canl.canl-c/src/canl_ocsp.h @@ -17,6 +17,7 @@ typedef struct { EVP_PKEY *sign_key; long skew; long maxage; + int timeout; } canl_ocsprequest_t; typedef enum { diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c index 97955c0..447169f 100644 --- a/emi.canl.canl-c/src/proxy/sslutils.c +++ b/emi.canl.canl-c/src/proxy/sslutils.c @@ -2201,6 +2201,7 @@ proxy_verify_callback( if (cert_dir){ canl_x509store_t *c_store = NULL; if (!canl_x509store_init(&c_store)) { + /* TODO This is obviously wrong, cert_dir is not ca_cert_dir*/ c_store->ca_dir = strdup(cert_dir); set_ocsp_store(ocsp_data, c_store); canl_x509store_free(c_store); @@ -2209,7 +2210,8 @@ proxy_verify_callback( } set_ocsp_skew(ocsp_data, MAX_VALIDITY_PERIOD); set_ocsp_maxage(ocsp_data, -1); - + /*Timeout should be set here + set_ocsp_timeout(pvd->timeout, -1); */ do_ocsp_verify (ocsp_data); /* TODO sign key and cert */ } -- 1.8.2.3