Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 19f97fe6 编写于 作者: D Dr. David von Oheimb 提交者: Dr. David von Oheimb
浏览文件
操作

HTTP: Implement persistent connections (keep-alive) 

Both at API and at CLI level (for the CMP app only, so far)
there is a new parameter/option: keep_alive.
* 0 means HTTP connections are not kept open after
receiving a response, which is the default behavior for HTTP 1.0.
* 1 means that persistent connections are requested.
* 2 means that persistent connections are required, i.e.,
in case the server does not grant them an error occurs.

For the CMP app the default value is 1, which means preferring to keep
the connection open. For all other internal uses of the HTTP client
(fetching an OCSP response, a cert, or a CRL) it does not matter
because these operations just take one round trip.

If the client application requested or required a persistent connection
and this was granted by the server, it can keep the OSSL_HTTP_REQ_CTX *
as long as it wants to send further requests and OSSL_HTTP_is_alive()
returns nonzero,
else it should call OSSL_HTTP_REQ_CTX_free() or OSSL_HTTP_close().
In case the client application keeps the OSSL_HTTP_REQ_CTX *
but the connection then dies for any reason at the server side, it will
notice this obtaining an I/O error when trying to send the next request.

This requires extending the HTTP header parsing and
rearranging the high-level HTTP client API. In particular:
* Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
  OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
* Split the timeout functionality accordingly and improve default behavior.
* Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().
* Extend struct ossl_http_req_ctx_st accordingly.

Use the new feature for the CMP client, which requires extending
related transaction management of CMP client and test server.

Update the documentation and extend the tests accordingly.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)
上级 19a39b29
展开全部 隐藏空白更改
内联 并排
Showing with 706 addition and 365 deletion
apps/cmp.c
浏览文件 @ 19f97fe6
......@@ -72,6 +72,7 @@ static char *opt_path = NULL;
static char *opt_proxy = NULL;
static char *opt_no_proxy = NULL;
static char *opt_recipient = NULL;
static int opt_keep_alive = 1;
static int opt_msg_timeout = -1;
static int opt_total_timeout = -1;
......@@ -205,7 +206,7 @@ typedef enum OPTION_choice {
OPT_SERVER, OPT_PATH, OPT_PROXY, OPT_NO_PROXY,
OPT_RECIPIENT,
OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT,
OPT_KEEP_ALIVE, OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT,
OPT_TRUSTED, OPT_UNTRUSTED, OPT_SRVCERT,
OPT_EXPECT_SENDER,
......@@ -344,8 +345,10 @@ const OPTIONS cmp_options[] = {
"Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
{"recipient", OPT_RECIPIENT, 's',
"DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"},
{"keep_alive", OPT_KEEP_ALIVE, 'N',
"Persistent HTTP connections. 0: no, 1 (the default): request, 2: require"},
{"msg_timeout", OPT_MSG_TIMEOUT, 'N',
"Timeout per CMP message round trip (or 0 for none). Default 120 seconds"},
"Number of seconds allowed per CMP message round trip, or 0 for infinite"},
{"total_timeout", OPT_TOTAL_TIMEOUT, 'N',
"Overall time an enrollment incl. polling may take. Default 0 = infinite"},
......@@ -530,7 +533,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{&opt_oldcert}, {(char **)&opt_revreason},
{&opt_server}, {&opt_path}, {&opt_proxy}, {&opt_no_proxy},
{&opt_recipient},
{&opt_recipient}, {(char **)&opt_keep_alive},
{(char **)&opt_msg_timeout}, {(char **)&opt_total_timeout},
{&opt_trusted}, {&opt_untrusted}, {&opt_srvcert},
......@@ -1817,6 +1820,15 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (!setup_verification_ctx(ctx))
goto err;
if (opt_keep_alive != 1)
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_KEEP_ALIVE,
opt_keep_alive);
if (opt_total_timeout > 0 && opt_msg_timeout > 0
&& opt_total_timeout < opt_msg_timeout) {
CMP_err2("-total_timeout argument = %d must not be < %d (-msg_timeout)",
opt_total_timeout, opt_msg_timeout);
goto err;
}
if (opt_msg_timeout >= 0) /* must do this before setup_ssl_ctx() */
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT,
opt_msg_timeout);
......@@ -2232,6 +2244,13 @@ static int get_opts(int argc, char **argv)
case OPT_RECIPIENT:
opt_recipient = opt_str();
break;
case OPT_KEEP_ALIVE:
opt_keep_alive = opt_int_arg();
if (opt_keep_alive > 2) {
CMP_err("-keep_alive argument must be 0, 1, or 2");
goto opthelp;
}
break;
case OPT_MSG_TIMEOUT:
opt_msg_timeout = opt_int_arg();
break;
......@@ -2668,6 +2687,7 @@ int cmp_main(int argc, char **argv)
#else
BIO *acbio;
BIO *cbio = NULL;
int keep_alive = 0;
int msgs = 0;
int retry = 1;
......@@ -2680,7 +2700,8 @@ int cmp_main(int argc, char **argv)
ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG),
(ASN1_VALUE **)&req, &path,
&cbio, acbio, prog, 0, 0);
&cbio, acbio, &keep_alive,
prog, opt_port, 0, 0);
if (ret == 0) { /* no request yet */
if (retry) {
sleep(1);
......@@ -2712,7 +2733,8 @@ int cmp_main(int argc, char **argv)
500, "Internal Server Error");
break; /* treated as fatal error */
}
ret = http_server_send_asn1_resp(cbio, "application/pkixcmp",
ret = http_server_send_asn1_resp(cbio, keep_alive,
"application/pkixcmp",
ASN1_ITEM_rptr(OSSL_CMP_MSG),
(const ASN1_VALUE *)resp);
OSSL_CMP_MSG_free(resp);
......@@ -2724,8 +2746,12 @@ int cmp_main(int argc, char **argv)
(void)OSSL_CMP_CTX_set1_transactionID(srv_cmp_ctx, NULL);
(void)OSSL_CMP_CTX_set1_senderNonce(srv_cmp_ctx, NULL);
}
BIO_free_all(cbio);
cbio = NULL;
if (!ret || !keep_alive
|| OSSL_CMP_CTX_get_status(srv_cmp_ctx) == -1
/* transaction closed by OSSL_CMP_CTX_server_perform() */) {
BIO_free_all(cbio);
cbio = NULL;
}
}
BIO_free_all(cbio);
BIO_free_all(acbio);
......
apps/include/http_server.h
浏览文件 @ 19f97fe6
......@@ -67,10 +67,12 @@ BIO *http_server_init_bio(const char *prog, const char *port);
* Accept an ASN.1-formatted HTTP request
* it: the expected request ASN.1 type
* preq: pointer to variable where to place the parsed request
* pcbio: pointer to variable where to place the BIO for sending the response to
* ppath: pointer to variable where to place the request path, or NULL
* pcbio: pointer to variable where to place the BIO for sending the response to
* acbio: the listening bio (typically as returned by http_server_init_bio())
* prog: the name of the current app
* found_keep_alive: for returning flag if client requests persistent connection
* prog: the name of the current app, for diagnostics only
* port: the local port listening to, for diagnostics only
* accept_get: whether to accept GET requests (in addition to POST requests)
* timeout: connection timeout (in seconds), or 0 for none/infinite
* returns 0 in case caller should retry, then *preq == *ppath == *pcbio == NULL
......@@ -83,19 +85,22 @@ BIO *http_server_init_bio(const char *prog, const char *port);
*/
int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
char **ppath, BIO **pcbio, BIO *acbio,
const char *prog, int accept_get, int timeout);
int *found_keep_alive,
const char *prog, const char *port,
int accept_get, int timeout);
/*-
* Send an ASN.1-formatted HTTP response
* cbio: destination BIO (typically as returned by http_server_get_asn1_req())
* note: cbio should not do an encoding that changes the output length
* keep_alive: grant persistent connnection
* content_type: string identifying the type of the response
* it: the response ASN.1 type
* valit: the response ASN.1 type
* resp: the response to send
* returns 1 on success, 0 on failure
*/
int http_server_send_asn1_resp(BIO *cbio, const char *content_type,
int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
const char *content_type,
const ASN1_ITEM *it, const ASN1_VALUE *resp);
/*-
......
apps/lib/http_server.c
浏览文件 @ 19f97fe6
......@@ -31,7 +31,14 @@
#endif
static int verbosity = LOG_INFO;
#define HTTP_PREFIX "HTTP/"
#define HTTP_VERSION_PATT "1." /* allow 1.x */
#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */
#ifdef HTTP_DAEMON
int multi = 0; /* run multiple responder processes */
int acfd = (int) INVALID_SOCKET;
......@@ -262,11 +269,15 @@ static int urldecode(char *p)
return (int)(out - save);
}
/* if *pcbio != NULL, continue given connected session, else accept new */
/* if found_keep_alive != NULL, return this way connection persistence state */
int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
char **ppath, BIO **pcbio, BIO *acbio,
const char *prog, int accept_get, int timeout)
int *found_keep_alive,
const char *prog, const char *port,
int accept_get, int timeout)
{
BIO *cbio = NULL, *getbio = NULL, *b64 = NULL;
BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL;
int len;
char reqbuf[2048], inbuf[2048];
char *meth, *url, *end;
......@@ -276,14 +287,18 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
*preq = NULL;
if (ppath != NULL)
*ppath = NULL;
*pcbio = NULL;
log_message(prog, LOG_DEBUG, "Awaiting next request...");
/* Connection loss before accept() is routine, ignore silently */
if (BIO_do_accept(acbio) <= 0)
return ret;
if (cbio == NULL) {
log_message(prog, LOG_DEBUG,
"Awaiting new connection on port %s...", port);
if (BIO_do_accept(acbio) <= 0)
/* Connection loss before accept() is routine, ignore silently */
return ret;
*pcbio = cbio = BIO_pop(acbio);
*pcbio = cbio = BIO_pop(acbio);
} else {
log_message(prog, LOG_DEBUG, "Awaiting next request...");
}
if (cbio == NULL) {
/* Cannot call http_server_send_status(cbio, ...) */
ret = -1;
......@@ -316,6 +331,9 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
url = meth + 3;
if ((accept_get && strncmp(meth, "GET ", 4) == 0)
|| (url++, strncmp(meth, "POST ", 5) == 0)) {
static const char http_version_str[] = " "HTTP_PREFIX_VERSION;
static const size_t http_version_str_len = sizeof(http_version_str) - 1;
/* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */
*(url++) = '\0';
while (*url == ' ')
......@@ -333,7 +351,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
for (end = url; *end != '\0'; end++)
if (*end == ' ')
break;
if (strncmp(end, " HTTP/1.", 7) != 0) {
if (strncmp(end, http_version_str, http_version_str_len) != 0) {
log_message(prog, LOG_WARNING,
"Invalid %s -- bad HTTP/version string: %s",
meth, end + 1);
......@@ -341,6 +359,9 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
goto out;
}
*end = '\0';
/* above HTTP 1.0, connection persistence is the default */
if (found_keep_alive != NULL)
*found_keep_alive = end[http_version_str_len] > '0';
/*-
* Skip "GET / HTTP..." requests often used by load-balancers.
......@@ -373,7 +394,8 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
}
} else {
log_message(prog, LOG_WARNING,
"HTTP request does not start with GET/POST: %s", reqbuf);
"HTTP request does not begin with %sPOST: %s",
accept_get ? "GET or " : "", reqbuf);
/* TODO provide better diagnosis in case client tries TLS */
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
......@@ -388,15 +410,50 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
/* Read and skip past the headers. */
for (;;) {
char *key, *value, *line_end = NULL;
len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0) {
log_message(prog, LOG_WARNING,
"Error skipping remaining HTTP headers");
log_message(prog, LOG_WARNING, "Error reading HTTP header");
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
if (inbuf[0] == '\r' || inbuf[0] == '\n')
break;
key = inbuf;
value = strchr(key, ':');
if (value != NULL) {
*(value++) = '\0';
while (*value == ' ')
value++;
line_end = strchr(value, '\r');
if (line_end == NULL)
line_end = strchr(value, '\n');
if (line_end != NULL)
*line_end = '\0';
} else {
log_message(prog, LOG_WARNING,
"Error parsing HTTP header: missing ':'");
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
if (value != NULL && line_end != NULL) {
/* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) {
if (strcasecmp(value, "keep-alive") == 0)
*found_keep_alive = 1;
if (strcasecmp(value, "close") == 0)
*found_keep_alive = 0;
}
} else {
log_message(prog, LOG_WARNING,
"Error parsing HTTP header: missing end of line");
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
}
# ifdef HTTP_DAEMON
......@@ -408,7 +465,8 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
/* Try to read and parse request */
req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL);
if (req == NULL) {
log_message(prog, LOG_WARNING, "Error parsing DER-encoded request content");
log_message(prog, LOG_WARNING,
"Error parsing DER-encoded request content");
(void)http_server_send_status(cbio, 400, "Bad Request");
} else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) {
log_message(prog, LOG_ERR,
......@@ -441,11 +499,15 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
}
/* assumes that cbio does not do an encoding that changes the output length */
int http_server_send_asn1_resp(BIO *cbio, const char *content_type,
int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
const char *content_type,
const ASN1_ITEM *it, const ASN1_VALUE *resp)
{
int ret = BIO_printf(cbio, "HTTP/1.0 200 OK\r\nContent-type: %s\r\n"
"Content-Length: %d\r\n\r\n", content_type,
int ret = BIO_printf(cbio, HTTP_1_0" 200 OK\r\n%s"
"Content-type: %s\r\n"
"Content-Length: %d\r\n\r\n",
keep_alive ? "Connection: keep-alive\r\n" : "",
content_type,
ASN1_item_i2d(resp, NULL, it)) > 0
&& ASN1_item_i2d_bio(it, cbio, resp) > 0;
......@@ -455,7 +517,9 @@ int http_server_send_asn1_resp(BIO *cbio, const char *content_type,
int http_server_send_status(BIO *cbio, int status, const char *reason)
{
int ret = BIO_printf(cbio, "HTTP/1.0 %d %s\r\n\r\n", status, reason) > 0;
int ret = BIO_printf(cbio, HTTP_1_0" %d %s\r\n\r\n",
/* This implicitly cancels keep-alive */
status, reason) > 0;
(void)BIO_flush(cbio);
return ret;
......
apps/ocsp.c
浏览文件 @ 19f97fe6
......@@ -76,7 +76,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
int timeout);
const char *port, int timeout);
static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp);
static char *prog;
......@@ -631,7 +631,7 @@ redo_accept:
#endif
req = NULL;
res = do_responder(&req, &cbio, acbio, req_timeout);
res = do_responder(&req, &cbio, acbio, port, req_timeout);
if (res == 0)
goto redo_accept;
......@@ -1162,12 +1162,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
}
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
int timeout)
const char *port, int timeout)
{
#ifndef OPENSSL_NO_SOCK
return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST),
(ASN1_VALUE **)preq, NULL, pcbio, acbio,
prog, 1 /* accept_get */, timeout);
NULL /* found_keep_alive */,
prog, port, 1 /* accept_get */, timeout);
#else
BIO_printf(bio_err,
"Error getting OCSP request - sockets not supported\n");
......@@ -1179,7 +1180,9 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp)
{
#ifndef OPENSSL_NO_SOCK
return http_server_send_asn1_resp(cbio, "application/ocsp-response",
return http_server_send_asn1_resp(cbio,
0 /* no keep-alive */,
"application/ocsp-response",
ASN1_ITEM_rptr(OCSP_RESPONSE),
(const ASN1_VALUE *)resp);
#else
......
crypto/cmp/cmp_ctx.c
浏览文件 @ 19f97fe6
......@@ -115,7 +115,8 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
ctx->status = -1;
ctx->failInfoCode = -1;
ctx->msg_timeout = 2 * 60;
ctx->keep_alive = 1;
ctx->msg_timeout = -1;
if ((ctx->untrusted = sk_X509_new_null()) == NULL)
goto oom;
......@@ -149,6 +150,11 @@ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
return 0;
}
if (ctx->http_ctx != NULL) {
(void)OSSL_HTTP_close(ctx->http_ctx, 1);
ossl_cmp_debug(ctx, "disconnected from CMP server");
ctx->http_ctx = NULL;
}
ctx->status = -1;
ctx->failInfoCode = -1;
......@@ -169,6 +175,10 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
if (ctx == NULL)
return;
if (ctx->http_ctx != NULL) {
(void)OSSL_HTTP_close(ctx->http_ctx, 1);
ossl_cmp_debug(ctx, "disconnected from CMP server");
}
OPENSSL_free(ctx->serverPath);
OPENSSL_free(ctx->server);
OPENSSL_free(ctx->proxy);
......@@ -1041,6 +1051,9 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val)
case OSSL_CMP_OPT_MAC_ALGNID:
ctx->pbm_mac = val;
break;
case OSSL_CMP_OPT_KEEP_ALIVE:
ctx->keep_alive = val;
break;
case OSSL_CMP_OPT_MSG_TIMEOUT:
ctx->msg_timeout = val;
break;
......@@ -1105,6 +1118,8 @@ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt)
return EVP_MD_type(ctx->pbm_owf);
case OSSL_CMP_OPT_MAC_ALGNID:
return ctx->pbm_mac;
case OSSL_CMP_OPT_KEEP_ALIVE:
return ctx->keep_alive;
case OSSL_CMP_OPT_MSG_TIMEOUT:
return ctx->msg_timeout;
case OSSL_CMP_OPT_TOTAL_TIMEOUT:
......
crypto/cmp/cmp_http.c
浏览文件 @ 19f97fe6
......@@ -28,6 +28,19 @@
#include <openssl/cmp.h>
#include <openssl/err.h>
static int keep_alive(int keep_alive, int body_type)
{
if (keep_alive != 0
/* Ask for persistent connection only if may need more round trips */
&& body_type != OSSL_CMP_PKIBODY_IR
&& body_type != OSSL_CMP_PKIBODY_CR
&& body_type != OSSL_CMP_PKIBODY_P10CR
&& body_type != OSSL_CMP_PKIBODY_KUR
&& body_type != OSSL_CMP_PKIBODY_POLLREQ)
keep_alive = 0;
return keep_alive;
}
/*
* Send the PKIMessage req and on success return the response, else NULL.
* Any previous error queue entries will likely be removed by ERR_clear_error().
......@@ -55,11 +68,12 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
if (ctx->serverPort != 0)
BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort);
tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL;
ossl_cmp_log2(DEBUG, ctx, "connecting to CMP server %s%s",
ctx->server, tls_used ? " using TLS" : "");
rsp = OSSL_HTTP_transfer(NULL, ctx->server, server_port,
if (ctx->http_ctx == NULL)
ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s",
ctx->server, server_port, tls_used ? " using TLS" : "");
rsp = OSSL_HTTP_transfer(&ctx->http_ctx, ctx->server, server_port,
ctx->serverPath, tls_used,
ctx->proxy, ctx->no_proxy,
NULL /* bio */, NULL /* rbio */,
......@@ -67,12 +81,22 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
0 /* buf_size */, headers,
content_type_pkix, req_mem,
content_type_pkix, 1 /* expect_asn1 */,
HTTP_DEFAULT_MAX_RESP_LEN,
ctx->msg_timeout, 0 /* keep_alive */);
OSSL_HTTP_DEFAULT_MAX_RESP_LEN,
ctx->msg_timeout,
keep_alive(ctx->keep_alive, req->body->type));
BIO_free(req_mem);
res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL);
BIO_free(rsp);
ossl_cmp_debug(ctx, "disconnected from CMP server");
if (ctx->http_ctx == NULL)
ossl_cmp_debug(ctx, "disconnected from CMP server");
/*
* Note that on normal successful end of the transaction the connection
* is not closed at this level, but this will be done by the CMP client
* application via OSSL_CMP_CTX_free() or OSSL_CMP_CTX_reinit().
*/
if (res != NULL)
ossl_cmp_debug(ctx, "finished reading response from CMP server");
err:
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
return res;
......
crypto/cmp/cmp_local.h
浏览文件 @ 19f97fe6
......@@ -40,11 +40,13 @@ struct ossl_cmp_ctx_st {
OSSL_CMP_transfer_cb_t transfer_cb; /* default: OSSL_CMP_MSG_http_perform */
void *transfer_cb_arg; /* allows to store optional argument to cb */
/* HTTP-based transfer */
OSSL_HTTP_REQ_CTX *http_ctx;
char *serverPath;
char *server;
int serverPort;
char *proxy;
char *no_proxy;
int keep_alive; /* persistent connection: 0=no, 1=prefer, 2=require */
int msg_timeout; /* max seconds to wait for each CMP message round trip */
int total_timeout; /* max number of seconds an enrollment may take, incl. */
/* attempts polling for a response if a 'waiting' PKIStatus is received */
......
crypto/err/openssl.txt
浏览文件 @ 19f97fe6
......@@ -760,6 +760,7 @@ HTTP_R_ERROR_PARSING_URL:101:error parsing url
HTTP_R_ERROR_RECEIVING:103:error receiving
HTTP_R_ERROR_SENDING:102:error sending
HTTP_R_FAILED_READING_DATA:128:failed reading data
HTTP_R_HEADER_PARSE_ERROR:126:header parse error
HTTP_R_INCONSISTENT_CONTENT_LENGTH:120:inconsistent content length
HTTP_R_INVALID_PORT_NUMBER:123:invalid port number
HTTP_R_INVALID_URL_PATH:125:invalid url path
......@@ -774,6 +775,7 @@ HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP:112:redirection from https to http
HTTP_R_REDIRECTION_NOT_ENABLED:116:redirection not enabled
HTTP_R_RESPONSE_LINE_TOO_LONG:113:response line too long
HTTP_R_RESPONSE_PARSE_ERROR:104:response parse error
HTTP_R_SERVER_CANCELED_CONNECTION:127:server canceled connection
HTTP_R_SOCK_NOT_SUPPORTED:122:sock not supported
HTTP_R_STATUS_CODE_UNSUPPORTED:114:status code unsupported
HTTP_R_TLS_NOT_ENABLED:107:tls not enabled
......
crypto/http/http_client.c
浏览文件 @ 19f97fe6
此差异已折叠。
crypto/http/http_err.c
浏览文件 @ 19f97fe6
......@@ -27,6 +27,8 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = {
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_SENDING), "error sending"},
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_FAILED_READING_DATA),
"failed reading data"},
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_HEADER_PARSE_ERROR),
"header parse error"},
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INCONSISTENT_CONTENT_LENGTH),
"inconsistent content length"},
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_PORT_NUMBER),
......@@ -53,6 +55,8 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = {
"response line too long"},
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RESPONSE_PARSE_ERROR),
"response parse error"},
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SERVER_CANCELED_CONNECTION),
"server canceled connection"},
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SOCK_NOT_SUPPORTED),
"sock not supported"},
{ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_STATUS_CODE_UNSUPPORTED),
......
crypto/ocsp/ocsp_http.c
浏览文件 @ 19f97fe6
......@@ -20,10 +20,19 @@ OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
if (rctx == NULL)
return NULL;
if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, 1 /* POST */, NULL, NULL, path))
/*-
* by default:
* no bio_update_fn (and consequently no arg)
* no ssl
* no proxy
* no timeout (blocking indefinitely)
* no expected content type
* max_resp_len = 100 KiB
*/
if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, 1 /* POST */,
NULL, NULL, path))
goto err;
/* by default, no extra headers */
if (!OSSL_HTTP_REQ_CTX_set_expected(rctx,
NULL /* content_type */, 1 /* asn1 */,
0 /* timeout */, 0 /* keep_alive */))
......@@ -31,9 +40,8 @@ OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
if (req != NULL
&& !OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request",
ASN1_ITEM_rptr(OCSP_REQUEST),
(ASN1_VALUE *)req))
(const ASN1_VALUE *)req))
goto err;
return rctx;
err:
......@@ -47,7 +55,7 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
OSSL_HTTP_REQ_CTX *ctx;
BIO *mem;
ctx = OCSP_sendreq_new(b, path, req, -1 /* default max resp line length */);
ctx = OCSP_sendreq_new(b, path, req, 0 /* default buf_size */);
if (ctx == NULL)
return NULL;
mem = OSSL_HTTP_REQ_CTX_exchange(ctx);
......
doc/man3/OSSL_CMP_CTX_new.pod
浏览文件 @ 19f97fe6
......@@ -194,10 +194,20 @@ The following options can be set:
due to errors, warnings, general info, debugging, etc.
Default is OSSL_CMP_LOG_INFO. See also L<OSSL_CMP_log_open(3)>.
=item B<OSSL_CMP_OPT_KEEP_ALIVE>
If the given value is 0 then HTTP connections are not kept open
after receiving a response, which is the default behavior for HTTP 1.0.
If the value is 1 or 2 then persistent connections are requested.
If the value is 2 then persistent connections are required,
i.e., in case the server does not grant them an error occurs.
The default value is 1: prefer to keep the connection open.
=item B<OSSL_CMP_OPT_MSG_TIMEOUT>
Number of seconds (or 0 for infinite) a CMP message round trip is
allowed to take before a timeout error is returned. Default is 120.
allowed to take before a timeout error is returned.
Default is to use the B<OSSL_CMP_OPT_MSG_TIMEOUT> setting.
=item B<OSSL_CMP_OPT_TOTAL_TIMEOUT>
......@@ -602,6 +612,7 @@ OSSL_CMP_CTX_set_certConf_cb_arg(), or NULL if unset.
OSSL_CMP_CTX_get_status() returns the PKIstatus from the last received
CertRepMessage or Revocation Response or error message, or -1 if unset.
For server contexts it returns -2 if a transaction is open, else -1.
OSSL_CMP_CTX_get0_statusString() returns the statusString from the last received
CertRepMessage or Revocation Response or error message, or NULL if unset.
......
doc/man3/OSSL_CMP_SRV_CTX_new.pod
浏览文件 @ 19f97fe6
......@@ -89,6 +89,10 @@ Its arguments are the B<OSSL_CMP_SRV_CTX> I<srv_ctx> and the CMP request message
I<req>. It does the typical generic checks on I<req>, calls
the respective callback function (if present) for more specific processing,
and then assembles a result message, which may be a CMP error message.
If after return of the function the expression
I<OSSL_CMP_CTX_get_status(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx))> yields -1
then the function has closed the current transaction,
which may be due to normal successful end of the transaction or due to an error.
OSSL_CMP_CTX_server_perform() is an interface to
OSSL_CMP_SRV_process_request() that can be used by a CMP client
......
doc/man3/OSSL_HTTP_REQ_CTX.pod
浏览文件 @ 19f97fe6
......@@ -65,7 +65,7 @@ the B<BIO> to read/receive the response from (I<rbio>, which may be equal to
I<wbio>), and the maximum expected response header line length I<buf_size>.
A value <= 0 indicates that
the B<HTTP_DEFAULT_MAX_LINE_LENGTH> of 4KiB should be used.
I<buf_size> is also used as the number of content bytes that are read at a time.
This length is also used as the number of content bytes that are read at a time.
The allocated context structure is also populated with an internal allocated
memory B<BIO>, which collects the HTTP request and additional headers as text.
......@@ -87,19 +87,16 @@ For example, to add a C<Host> header for C<example.com> you would call:
OSSL_HTTP_REQ_CTX_add1_header(ctx, "Host", "example.com");
OSSL_HTTP_REQ_CTX_set_expected() optionally sets in I<rctx> some expectations
of the HTTP client on the response.
of the HTTP client.
Due to the structure of an HTTP request, if the I<keep_alive> argument is
nonzero the function must be used before calling OSSL_HTTP_REQ_CTX_set1_req().
If the I<content_type> parameter
is not NULL then the client will check that the given content type string
is included in the HTTP header of the response and return an error if not.
If the I<asn1> parameter is nonzero a structure in ASN.1 encoding will be
expected as the response content and input streaming is disabled. This means
that an ASN.1 sequence header is required, its length field is checked, and
OSSL_HTTP_REQ_CTX_get0_mem_bio() should be used to get the buffered response.
expected as the response content. This means that an ASN.1 sequence header
is required and the its length field is checked.
Else any form of input is allowed without length checks, which is the default.
In this case the BIO given as I<rbio> argument to OSSL_HTTP_REQ_CTX_new() should
be used directly to read the response contents, which may support streaming.
If the I<timeout> parameter is > 0 this indicates the maximum number of seconds
the subsequent HTTP transfer (sending the request and receiving a response)
is allowed to take.
......@@ -124,6 +121,8 @@ All of this ends up in the internal memory B<BIO>.
OSSL_HTTP_REQ_CTX_nbio() attempts to send the request prepared in I<rctx>
and to gather the response via HTTP, using the I<wbio> and I<rbio>
that were given when calling OSSL_HTTP_REQ_CTX_new().
If successful, the contents of the internal memory B<BIO> contains
the contents of the HTTP response, without the response headers.
The function may need to be called again if its result is -1, which indicates
L<BIO_should_retry(3)>. In such a case it is advisable to sleep a little in
between, using L<BIO_wait(3)> on the read BIO to prevent a busy loop.
......
doc/man3/OSSL_HTTP_transfer.pod
浏览文件 @ 19f97fe6
......@@ -52,8 +52,8 @@ OSSL_HTTP_close
=head1 DESCRIPTION
OSSL_HTTP_open() initiates an HTTP session using the I<bio> argument if not
NULL, else by connecting to a given I<server> optionally via a I<proxy>.
OSSL_HTTP_open() initiates an HTTP session using I<bio> if not NULL, else
by connecting to a given I<server> optionally via a I<proxy>.
Typically the OpenSSL build supports sockets and the I<bio> parameter is NULL.
In this case I<rbio> must be NULL as well, and the
......@@ -125,7 +125,9 @@ After disconnect the modified BIO will be deallocated using BIO_free_all().
The I<buf_size> parameter specifies the response header maximum line length.
A value <= 0 indicates that
the B<HTTP_DEFAULT_MAX_LINE_LENGTH> of 4KiB should be used.
I<buf_size> is also used as the number of content bytes that are read at a time.
This length is also used as the number of content bytes that are read at a time.
The I<max_resp_len> specifies the maximum allowed response content length.
The value 0 indicates B<HTTP_DEFAULT_MAX_RESP_LEN>, which currently is 100 KiB.
If the I<overall_timeout> parameter is > 0 this indicates the maximum number of
seconds the overall HTTP transfer (i.e., connection setup if needed,
......@@ -146,21 +148,18 @@ Since this function is typically called by applications such as
L<openssl-s_client(1)> it uses the I<bio_err> and I<prog> parameters (unless
NULL) to print additional diagnostic information in a user-oriented way.
OSSL_HTTP_set_request() sets up in I<rctx> the request header and content data
and expectations on the response using the following parameters.
If I<path> is NULL it defaults to "/".
If I<req> is NULL the HTTP GET method will be used to send the request
else HTTP POST with the contents of I<req> and optional I<content_type>, where
the length of the data in I<req> does not need to be determined in advance: the
BIO will be read on-the-fly while sending the request, which supports streaming.
If I<req_mem> is NULL the HTTP GET method will be used to send the request
else HTTP POST with the contents of I<req_mem> and optional I<content_type>.
The optional list I<headers> may contain additional custom HTTP header lines.
If the parameter I<expected_content_type>
is not NULL then the client will check that the given content type string
is included in the HTTP header of the response and return an error if not.
If the I<expect_asn1> parameter is nonzero,
a structure in ASN.1 encoding will be expected as response content.
The I<max_resp_len> parameter specifies the maximum allowed
response content length, where the value 0 indicates no limit.
If the I<timeout> parameter is > 0 this indicates the maximum number of seconds
the subsequent HTTP transfer (sending the request and receiving a response)
is allowed to take.
......@@ -173,15 +172,15 @@ If the value is 1 or 2 then a persistent connection is requested.
If the value is 2 then a persistent connection is required,
i.e., an error occurs in case the server does not grant it.
OSSL_HTTP_exchange() exchanges any form of HTTP request and response
OSSL_HTTP_transfer() exchanges any form of HTTP request and response
as specified by I<rctx>, which must include both connection and request data,
typically set up using OSSL_HTTP_open() and OSSL_HTTP_set_request().
It implements the core of the functions described below.
If the HTTP method is GET and I<redirection_url>
is not NULL the latter pointer is used to provide any new location that
the server may return with HTTP code 301 (MOVED_PERMANENTLY) or 302 (FOUND).
In this case the function returns NULL and the caller is
responsible for deallocating the URL with L<OPENSSL_free(3)>.
In this case the caller is responsible for deallocating this URL with
L<OPENSSL_free(3)>.
If the response header contains one or more "Content-Length" header lines and/or
an ASN.1-encoded response is expected, which should include a total length,
the length indications received are checked for consistency
......@@ -204,17 +203,6 @@ and the I<bio_update_fn>, as described for OSSL_HTTP_open(), must be provided.
Also the remaining parameters are interpreted as described for OSSL_HTTP_open()
and OSSL_HTTP_set_request(), respectively.
OSSL_HTTP_transfer() exchanges an HTTP request and response
over a connection managed via I<prctx> without supporting redirection.
It combines OSSL_HTTP_open(), OSSL_HTTP_set_request(), OSSL_HTTP_exchange(),
and OSSL_HTTP_close().
If I<prctx> is not NULL it reuses any open connection represented by a non-NULL
I<*prctx>. It keeps the connection open if a persistent connection is requested
or required and this was granted by the server, else it closes the connection
and assigns NULL to I<*prctx>.
The remaining parameters are interpreted as described for OSSL_HTTP_open()
and OSSL_HTTP_set_request(), respectively.
OSSL_HTTP_close() closes the connection and releases I<rctx>.
The I<ok> parameter is passed to any BIO update function
given during setup as described above for OSSL_HTTP_open().
......
include/openssl/http.h
浏览文件 @ 19f97fe6
......@@ -65,22 +65,23 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
const char *proxy, const char *no_proxy,
int use_ssl, BIO *bio, BIO *rbio,
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
int buf_size, int overall_timeout);
int buf_size, unsigned long max_resp_len,
int overall_timeout);
int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
const char *proxyuser, const char *proxypass,
int timeout, BIO *bio_err, const char *prog);
int OSSL_HTTP_set_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
const STACK_OF(CONF_VALUE) *headers,
const char *content_type, BIO *req,
const char *content_type, BIO *req_mem,
const char *expected_content_type, int expect_asn1,
size_t max_resp_len, int timeout, int keep_alive);
int timeout, int keep_alive);
BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url);
BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
BIO *bio, BIO *rbio,
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
int buf_size, const STACK_OF(CONF_VALUE) *headers,
const char *expected_content_type, int expect_asn1,
size_t max_resp_len, int timeout);
unsigned long max_resp_len, int timeout);
BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
const char *server, const char *port,
const char *path, int use_ssl,
......@@ -90,7 +91,7 @@ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
int buf_size, const STACK_OF(CONF_VALUE) *headers,
const char *content_type, BIO *req,
const char *expected_content_type, int expect_asn1,
size_t max_resp_len, int timeout, int keep_alive);
unsigned long max_resp_len, int timeout, int keep_alive);
int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok);
/* Auxiliary functions */
......
test/http_test.c
浏览文件 @ 19f97fe6
......@@ -17,26 +17,30 @@
static const ASN1_ITEM *x509_it = NULL;
static X509 *x509 = NULL;
#define SERVER "mock.server"
#define PORT "81"
#define RPATH "path/any.crt"
static const char *rpath;
/*
* pretty trivial HTTP mock server:
* for POST, copy request headers+body from mem BIO 'in' as response to 'out'
* for GET, first redirect the request then respond with 'rsp' of ASN1 type 'it'
#define RPATH "/path/result.crt"
typedef struct {
BIO *out;
char version;
int keep_alive;
} server_args;
/*-
* Pretty trivial HTTP mock server:
* For POST, copy request headers+body from mem BIO 'in' as response to 'out'.
* For GET, redirect to RPATH, else respond with 'rsp' of ASN1 type 'it'.
* Respond with HTTP version 1.'version' and 'keep_alive' (unless implicit).
*/
static int mock_http_server(BIO *in, BIO *out,
static int mock_http_server(BIO *in, BIO *out, char version, int keep_alive,
ASN1_VALUE *rsp, const ASN1_ITEM *it)
{
const char *req;
const char *req, *path;
long count = BIO_get_mem_data(in, (unsigned char **)&req);
const char *hdr = (char *)req;
int is_get = count >= 4 && strncmp(hdr, "GET ", 4) == 0;
int len;
/* first line should contain "<GET or POST> <rpath> HTTP/1.x" */
/* first line should contain "<GET or POST> <path> HTTP/1.x" */
if (is_get)
hdr += 4;
else if (TEST_true(count >= 5 && strncmp(hdr, "POST ", 5) == 0))
......@@ -44,16 +48,12 @@ static int mock_http_server(BIO *in, BIO *out,
else
return 0;
while (*rpath == '/')
rpath++;
while (*hdr == '/')
hdr++;
len = strlen(rpath);
if (!TEST_strn_eq(hdr, rpath, len) || !TEST_char_eq(hdr++[len], ' '))
path = hdr;
hdr = strchr(hdr, ' ');
if (hdr == NULL)
return 0;
hdr += len;
len = strlen("HTTP/1.");
if (!TEST_strn_eq(hdr, "HTTP/1.", len))
if (!TEST_strn_eq(++hdr, "HTTP/1.", len))
return 0;
hdr += len;
/* check for HTTP version 1.0 .. 1.1 */
......@@ -62,16 +62,22 @@ static int mock_http_server(BIO *in, BIO *out,
if (!TEST_char_eq(*hdr++, '\r') || !TEST_char_eq(*hdr++, '\n'))
return 0;
count -= (hdr - req);
if (count <= 0 || out == NULL)
if (count < 0 || out == NULL)
return 0;
if (is_get && strcmp(rpath, RPATH) == 0) {
rpath = "path/new.crt";
return BIO_printf(out, "HTTP/1.1 301 Moved Permanently\r\n"
"Location: /%s\r\n\r\n", rpath) > 0; /* same server */
if (strncmp(path, RPATH, strlen(RPATH)) != 0) {
if (!is_get)
return 0;
return BIO_printf(out, "HTTP/1.%c 301 Moved Permanently\r\n"
"Location: %s\r\n\r\n",
version, RPATH) > 0; /* same server */
}
if (BIO_printf(out, "HTTP/1.1 200 OK\r\n") <= 0)
if (BIO_printf(out, "HTTP/1.%c 200 OK\r\n", version) <= 0)
return 0;
if ((version == '0') == keep_alive) /* otherwise, default */
if (BIO_printf(out, "Connection: %s\r\n",
version == '0' ? "keep-alive" : "close") <= 0)
return 0;
if (is_get) { /* construct new header and body */
if ((len = ASN1_item_i2d(rsp, NULL, it)) <= 0)
return 0;
......@@ -80,16 +86,26 @@ static int mock_http_server(BIO *in, BIO *out,
return 0;
return ASN1_item_i2d_bio(it, out, rsp);
} else {
return BIO_write(out, hdr, count) == count; /* echo header and body */
len = strlen("Connection: ");
if (strncmp(hdr, "Connection: ", len) == 0) {
/* skip req Connection header */
hdr = strstr(hdr + len, "\r\n");
if (hdr == NULL)
return 0;
hdr += 2;
}
/* echo remaining request header and body */
return BIO_write(out, hdr, count) == count;
}
}
static long http_bio_cb_ex(BIO *bio, int oper, const char *argp, size_t len,
int cmd, long argl, int ret, size_t *processed)
{
server_args *args = (server_args *)BIO_get_callback_arg(bio);
if (oper == (BIO_CB_CTRL | BIO_CB_RETURN) && cmd == BIO_CTRL_FLUSH)
ret = mock_http_server(bio, (BIO *)BIO_get_callback_arg(bio),
ret = mock_http_server(bio, args->out, args->version, args->keep_alive,
(ASN1_VALUE *)x509, x509_it);
return ret;
}
......@@ -99,6 +115,7 @@ static int test_http_x509(int do_get)
X509 *rcert = NULL;
BIO *wbio = BIO_new(BIO_s_mem());
BIO *rbio = BIO_new(BIO_s_mem());
server_args mock_args = { NULL, '0', 0 };
BIO *rsp, *req = ASN1_item_i2d_mem_bio(x509_it, (ASN1_VALUE *)x509);
STACK_OF(CONF_VALUE) *headers = NULL;
const char content_type[] = "application/x-x509-ca-cert";
......@@ -106,14 +123,14 @@ static int test_http_x509(int do_get)
if (wbio == NULL || rbio == NULL || req == NULL)
goto err;
mock_args.out = rbio;
BIO_set_callback_ex(wbio, http_bio_cb_ex);
BIO_set_callback_arg(wbio, (char *)rbio);
BIO_set_callback_arg(wbio, (char *)&mock_args);
rpath = RPATH;
rsp = do_get ?
OSSL_HTTP_get("http://"SERVER":"PORT"/"RPATH,
OSSL_HTTP_get("/will-be-redirected",
NULL /* proxy */, NULL /* no_proxy */,
wbio, rbio, NULL /* bio_fn */, NULL /* arg */,
wbio, rbio, NULL /* bio_update_fn */, NULL /* arg */,
0 /* buf_size */, headers, content_type,
1 /* expect_asn1 */,
HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */)
......@@ -137,6 +154,52 @@ static int test_http_x509(int do_get)
return res;
}
static int test_http_keep_alive(char version, int keep_alive, int kept_alive)
{
BIO *wbio = BIO_new(BIO_s_mem());
BIO *rbio = BIO_new(BIO_s_mem());
BIO *rsp;
server_args mock_args = { NULL, '0', 0 };
const char *const content_type = "application/x-x509-ca-cert";
OSSL_HTTP_REQ_CTX *rctx = NULL;
int i, res = 0;
if (wbio == NULL || rbio == NULL)
goto err;
mock_args.out = rbio;
mock_args.version = version;
mock_args.keep_alive = kept_alive;
BIO_set_callback_ex(wbio, http_bio_cb_ex);
BIO_set_callback_arg(wbio, (char *)&mock_args);
for (res = 1, i = 1; res && i <= 2; i++) {
rsp = OSSL_HTTP_transfer(&rctx, NULL /* server */, NULL /* port */,
RPATH, 0 /* use_ssl */,
NULL /* proxy */, NULL /* no_proxy */,
wbio, rbio, NULL /* bio_update_fn */, NULL,
0 /* buf_size */, NULL /* headers */,
NULL /* content_type */, NULL /* req => GET */,
content_type, 0 /* ASN.1 not expected */,
0 /* max_resp_len */, 0 /* timeout */,
keep_alive);
if (keep_alive == 2 && kept_alive == 0)
res = res && TEST_ptr_null(rsp)
&& TEST_int_eq(OSSL_HTTP_is_alive(rctx), 0);
else
res = res && TEST_ptr(rsp)
&& TEST_int_eq(OSSL_HTTP_is_alive(rctx), keep_alive > 0);
BIO_free(rsp);
(void)BIO_reset(rbio); /* discard response contents */
keep_alive = 0;
}
OSSL_HTTP_close(rctx, res);
err:
BIO_free(wbio);
BIO_free(rbio);
return res;
}
static int test_http_url_ok(const char *url, int exp_ssl, const char *exp_host,
const char *exp_port, const char *exp_path)
{
......@@ -253,21 +316,61 @@ static int test_http_post_x509(void)
return test_http_x509(0);
}
static int test_http_keep_alive_0_no_no(void)
{
return test_http_keep_alive('0', 0, 0);
}
static int test_http_keep_alive_1_no_no(void)
{
return test_http_keep_alive('1', 0, 0);
}
static int test_http_keep_alive_0_prefer_yes(void)
{
return test_http_keep_alive('0', 1, 1);
}
static int test_http_keep_alive_1_prefer_yes(void)
{
return test_http_keep_alive('1', 1, 1);
}
static int test_http_keep_alive_0_require_yes(void)
{
return test_http_keep_alive('0', 2, 1);
}
static int test_http_keep_alive_1_require_yes(void)
{
return test_http_keep_alive('1', 2, 1);
}
static int test_http_keep_alive_0_require_no(void)
{
return test_http_keep_alive('0', 2, 0);
}
static int test_http_keep_alive_1_require_no(void)
{
return test_http_keep_alive('1', 2, 0);
}
void cleanup_tests(void)
{
X509_free(x509);
}
OPT_TEST_DECLARE_USAGE("cert.pem\n")
int setup_tests(void)
{
if (!test_skip_common_options()) {
TEST_error("Error parsing test options\n");
if (!test_skip_common_options())
return 0;
}
x509_it = ASN1_ITEM_rptr(X509);
if (!TEST_ptr((x509 = load_cert_pem(test_get_argument(0), NULL))))
return 1;
return 0;
ADD_TEST(test_http_url_dns);
ADD_TEST(test_http_url_path_query);
......@@ -279,5 +382,13 @@ int setup_tests(void)
ADD_TEST(test_http_url_invalid_path);
ADD_TEST(test_http_get_x509);
ADD_TEST(test_http_post_x509);
ADD_TEST(test_http_keep_alive_0_no_no);
ADD_TEST(test_http_keep_alive_1_no_no);
ADD_TEST(test_http_keep_alive_0_prefer_yes);
ADD_TEST(test_http_keep_alive_1_prefer_yes);
ADD_TEST(test_http_keep_alive_0_require_yes);
ADD_TEST(test_http_keep_alive_1_require_yes);
ADD_TEST(test_http_keep_alive_0_require_no);
ADD_TEST(test_http_keep_alive_1_require_no);
return 1;
}
test/recipes/80-test_cmp_http_data/test_connection.csv
浏览文件 @ 19f97fe6
expected,description, -section,val, -server,val, -proxy,val, -path,val, -msg_timeout,int, -total_timeout,int, -tls_used,noarg, -no_proxy,val
,Message transfer options:,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,
0,default config, -section,,,,,,,,BLANK,,BLANK,,BLANK,,BLANK,
TBD,Domain name, -section,, -server,_SERVER_CN:_SERVER_PORT,,,,
TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,
1,wrong server, -section,, -server,example.com:_SERVER_PORT,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK,
1,wrong server port, -section,, -server,_SERVER_HOST:99,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK,
1,server default port, -section,, -server,_SERVER_HOST,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK,
1,server port out of range, -section,, -server,_SERVER_HOST:65536,,,,,BLANK,,BLANK,,BLANK,,BLANK,
1,server port negative, -section,, -server,_SERVER_HOST:-10,,,,,BLANK,,BLANK,,BLANK,,BLANK,
1,server missing argument, -section,, -server,,,,,,BLANK,,BLANK,,BLANK,,BLANK,
1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,BLANK,,BLANK,,BLANK,
1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,BLANK,,BLANK,,BLANK,
1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,BLANK,,BLANK,,BLANK,
1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,BLANK,,BLANK,,BLANK,
TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,BLANK,,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,,,,,,,
1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1
1,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1
1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1
1,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com
,,,,,,,,,,,,,,,,,,,,,,,,,
0,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,,BLANK,
0,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,,BLANK,
0,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,, -path,"""",BLANK,,BLANK,,BLANK,,BLANK,
1,path missing argument, -section,,,,,, -path,,BLANK,,BLANK,,BLANK,,BLANK,
1,path wrong, -section,,,,,, -path,/publicweb/cmp/example,BLANK,,BLANK,,BLANK,,BLANK,
0,path with additional '/'s fine according to RFC 3986, -section,,,,,, -path,/_SERVER_PATH////,BLANK,,BLANK,,BLANK,,BLANK
1,path mixed case, -section,,,,,, -path,pKiX/,BLANK,,BLANK,,BLANK,,BLANK,
1,path upper case, -section,,,,,, -path,PKIX/,BLANK,,BLANK,,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,,,,,,,
1,msg_timeout missing argument, -section,,,,,,,, -msg_timeout,,BLANK,,BLANK,,BLANK,
1,msg_timeout negative, -section,,,,,,,, -msg_timeout,-5,BLANK,,BLANK,,BLANK,
0,msg_timeout 5, -section,,,,,,,, -msg_timeout,5,BLANK,,BLANK,,BLANK,
0,msg_timeout 0, -section,,,,,,,, -msg_timeout,0,BLANK,,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,,,,,,,
1,total_timeout missing argument, -section,,,,,,,,BLANK,, -total_timeout,,BLANK,,BLANK,
1,total_timeout negative, -section,,,,,,,,BLANK,, -total_timeout,-5,BLANK,,BLANK,
0,total_timeout 10, -section,,,,,,,,BLANK,, -total_timeout,10,BLANK,,BLANK,
0,total_timeout 0, -section,,,,,,,,BLANK,, -total_timeout,0,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,,,,,,,
expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls_used,noarg, -path,val, -msg_timeout,int, -total_timeout,int, -keep_alive,val
,Message transfer options:,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,
0,default config, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
TBD,Domain name, -section,, -server,_SERVER_CN:_SERVER_PORT,,,,,,,,,,,,,,
TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,
1,wrong server, -section,, -server,example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
1,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
1,server default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
1,server port out of range, -section,, -server,_SERVER_HOST:65536,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
1,server port negative, -section,, -server,_SERVER_HOST:-10,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
1,server missing argument, -section,, -server,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,
1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
1,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
1,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,, -no_proxy,nonmatch.com,BLANK,,,,BLANK,,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,
0,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,
0,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,
0,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,,,,BLANK,, -path,"""",BLANK,,BLANK,,BLANK,
1,path missing argument, -section,,,,,,,,BLANK,, -path,,BLANK,,BLANK,,BLANK,
1,path wrong, -section,,,,,,,,BLANK,, -path,/publicweb/cmp/example,BLANK,,BLANK,,BLANK,
0,path with additional '/'s fine according to RFC 3986, -section,,,,,,,,BLANK,, -path,/_SERVER_PATH////,BLANK,,BLANK,,BLANK,
1,path mixed case, -section,,,,,,,,BLANK,, -path,pKiX/,BLANK,,BLANK,,BLANK,
1,path upper case, -section,,,,,,,,BLANK,, -path,PKIX/,BLANK,,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,
1,msg_timeout missing argument, -section,,,,,,,,BLANK,,,, -msg_timeout,,BLANK,,BLANK,
1,msg_timeout negative, -section,,,,,,,,BLANK,,,, -msg_timeout,-5,BLANK,,BLANK,
0,msg_timeout 5, -section,,,,,,,,BLANK,,,, -msg_timeout,5,BLANK,,BLANK,
0,msg_timeout 0, -section,,,,,,,,BLANK,,,, -msg_timeout,0,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,
1,total_timeout missing argument, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,,BLANK,
1,total_timeout negative, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,-5,BLANK,
0,total_timeout 10, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,10,BLANK,
0,total_timeout 0, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,0,BLANK,
,,,,,,,,,,,,,,,,,,,
1,keep_alive missing argument, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,
1,keep_alive negative, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,-1
0,keep_alive 0, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,0
0,keep_alive 1, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,1
0,keep_alive 2, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,2
1,keep_alive 3, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,3
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册