Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
67c18019
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
67c18019
编写于
2月 13, 2001
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
New function OCSP_parse_url() and -url option for ocsp utility.
Doesn't handle SSL URLs yet.
上级
46a58ab9
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
137 addition
and
2 deletion
+137
-2
CHANGES
CHANGES
+5
-0
apps/ocsp.c
apps/ocsp.c
+24
-2
crypto/ocsp/ocsp.h
crypto/ocsp/ocsp.h
+4
-0
crypto/ocsp/ocsp_err.c
crypto/ocsp/ocsp_err.c
+2
-0
crypto/ocsp/ocsp_lib.c
crypto/ocsp/ocsp_lib.c
+102
-0
未找到文件。
CHANGES
浏览文件 @
67c18019
...
...
@@ -3,6 +3,11 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) New function OCSP_parse_url(). This splits up a URL into its host,
port and path components: primarily to parse OCSP URLs. New -url
option to ocsp utility.
[Steve Henson]
*) New nonce behavior. The return value of OCSP_check_nonce() now
reflects the various checks performed. Applications can decide
whether to tolerate certain situations such as an absent nonce
...
...
apps/ocsp.c
浏览文件 @
67c18019
...
...
@@ -78,12 +78,12 @@ int MAIN(int, char **);
int
MAIN
(
int
argc
,
char
**
argv
)
{
char
**
args
;
char
*
host
=
NULL
,
*
path
=
"/"
;
char
*
host
=
NULL
,
*
p
ort
=
NULL
,
*
p
ath
=
"/"
;
char
*
reqin
=
NULL
,
*
respin
=
NULL
;
char
*
reqout
=
NULL
,
*
respout
=
NULL
;
char
*
signfile
=
NULL
,
*
keyfile
=
NULL
;
char
*
outfile
=
NULL
;
int
add_nonce
=
1
,
noverify
=
0
;
int
add_nonce
=
1
,
noverify
=
0
,
use_ssl
=
-
1
;
OCSP_REQUEST
*
req
=
NULL
;
OCSP_RESPONSE
*
resp
=
NULL
;
OCSP_BASICRESP
*
bs
=
NULL
;
...
...
@@ -119,6 +119,19 @@ int MAIN(int argc, char **argv)
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
args
,
"-url"
))
{
if
(
args
[
1
])
{
args
++
;
if
(
!
OCSP_parse_url
(
*
args
,
&
host
,
&
port
,
&
path
,
&
use_ssl
))
{
BIO_printf
(
bio_err
,
"Error parsing URL
\n
"
);
badarg
=
1
;
}
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
args
,
"-host"
))
{
if
(
args
[
1
])
...
...
@@ -335,6 +348,7 @@ int MAIN(int argc, char **argv)
BIO_printf
(
bio_err
,
"-respin file read DER encoded OCSP reponse from
\"
file
\"\n
"
);
BIO_printf
(
bio_err
,
"-nonce add OCSP nonce to request
\n
"
);
BIO_printf
(
bio_err
,
"-no_nonce don't add OCSP nonce to request
\n
"
);
BIO_printf
(
bio_err
,
"-url URL OCSP responder URL
\n
"
);
BIO_printf
(
bio_err
,
"-host host:n send OCSP request to host on port n
\n
"
);
BIO_printf
(
bio_err
,
"-path path to use in OCSP request
\n
"
);
BIO_printf
(
bio_err
,
"-CApath dir trusted certificates directory
\n
"
);
...
...
@@ -436,6 +450,7 @@ int MAIN(int argc, char **argv)
BIO_printf
(
bio_err
,
"Error creating connect BIO
\n
"
);
goto
end
;
}
if
(
port
)
BIO_set_conn_port
(
cbio
,
port
);
if
(
BIO_do_connect
(
cbio
)
<=
0
)
{
BIO_printf
(
bio_err
,
"Error connecting BIO
\n
"
);
...
...
@@ -561,6 +576,13 @@ end:
sk_X509_pop_free
(
sign_other
,
X509_free
);
sk_X509_pop_free
(
verify_other
,
X509_free
);
if
(
use_ssl
!=
-
1
)
{
OPENSSL_free
(
host
);
OPENSSL_free
(
port
);
OPENSSL_free
(
path
);
}
EXIT
(
ret
);
}
...
...
crypto/ocsp/ocsp.h
浏览文件 @
67c18019
...
...
@@ -447,6 +447,8 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
int
OCSP_request_verify
(
OCSP_REQUEST
*
req
,
EVP_PKEY
*
pkey
);
int
OCSP_parse_url
(
char
*
url
,
char
**
phost
,
char
**
pport
,
char
**
ppath
,
int
*
pssl
);
int
OCSP_id_issuer_cmp
(
OCSP_CERTID
*
a
,
OCSP_CERTID
*
b
);
int
OCSP_id_cmp
(
OCSP_CERTID
*
a
,
OCSP_CERTID
*
b
);
...
...
@@ -568,6 +570,7 @@ void ERR_load_OCSP_strings(void);
#define OCSP_F_OCSP_CHECK_IDS 107
#define OCSP_F_OCSP_CHECK_ISSUER 108
#define OCSP_F_OCSP_MATCH_ISSUERID 109
#define OCSP_F_OCSP_PARSE_URL 114
#define OCSP_F_OCSP_REQUEST_SIGN 110
#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
#define OCSP_F_OCSP_SENDREQ_BIO 112
...
...
@@ -577,6 +580,7 @@ void ERR_load_OCSP_strings(void);
#define OCSP_R_BAD_DATA 100
#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
#define OCSP_R_DIGEST_ERR 102
#define OCSP_R_ERROR_PARSING_URL 121
#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103
#define OCSP_R_NOT_BASIC_RESPONSE 104
#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
...
...
crypto/ocsp/ocsp_err.c
浏览文件 @
67c18019
...
...
@@ -76,6 +76,7 @@ static ERR_STRING_DATA OCSP_str_functs[]=
{
ERR_PACK
(
0
,
OCSP_F_OCSP_CHECK_IDS
,
0
),
"OCSP_CHECK_IDS"
},
{
ERR_PACK
(
0
,
OCSP_F_OCSP_CHECK_ISSUER
,
0
),
"OCSP_CHECK_ISSUER"
},
{
ERR_PACK
(
0
,
OCSP_F_OCSP_MATCH_ISSUERID
,
0
),
"OCSP_MATCH_ISSUERID"
},
{
ERR_PACK
(
0
,
OCSP_F_OCSP_PARSE_URL
,
0
),
"OCSP_parse_url"
},
{
ERR_PACK
(
0
,
OCSP_F_OCSP_REQUEST_SIGN
,
0
),
"OCSP_request_sign"
},
{
ERR_PACK
(
0
,
OCSP_F_OCSP_RESPONSE_GET1_BASIC
,
0
),
"OCSP_response_get1_basic"
},
{
ERR_PACK
(
0
,
OCSP_F_OCSP_SENDREQ_BIO
,
0
),
"OCSP_sendreq_bio"
},
...
...
@@ -88,6 +89,7 @@ static ERR_STRING_DATA OCSP_str_reasons[]=
{
OCSP_R_BAD_DATA
,
"bad data"
},
{
OCSP_R_CERTIFICATE_VERIFY_ERROR
,
"certificate verify error"
},
{
OCSP_R_DIGEST_ERR
,
"digest err"
},
{
OCSP_R_ERROR_PARSING_URL
,
"error parsing url"
},
{
OCSP_R_MISSING_OCSPSIGNING_USAGE
,
"missing ocspsigning usage"
},
{
OCSP_R_NOT_BASIC_RESPONSE
,
"not basic response"
},
{
OCSP_R_NO_CERTIFICATES_IN_CHAIN
,
"no certificates in chain"
},
...
...
crypto/ocsp/ocsp_lib.c
浏览文件 @
67c18019
...
...
@@ -164,3 +164,105 @@ int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey)
}
return
OCSP_REQUEST_verify
(
req
,
pkey
);
}
/* Parse a URL and split it up into host, port and path components and whether
* it is SSL.
*/
int
OCSP_parse_url
(
char
*
url
,
char
**
phost
,
char
**
pport
,
char
**
ppath
,
int
*
pssl
)
{
char
*
p
,
*
buf
;
char
*
host
,
*
port
;
/* dup the buffer since we are going to mess with it */
buf
=
BUF_strdup
(
url
);
if
(
!
buf
)
goto
mem_err
;
*
phost
=
NULL
;
*
pport
=
NULL
;
*
ppath
=
NULL
;
/* Check for initial colon */
p
=
strchr
(
buf
,
':'
);
if
(
!
p
)
goto
parse_err
;
*
(
p
++
)
=
'\0'
;
if
(
!
strcmp
(
buf
,
"http"
))
{
*
pssl
=
0
;
port
=
"80"
;
}
else
if
(
!
strcmp
(
buf
,
"https"
))
{
*
pssl
=
1
;
port
=
"443"
;
}
else
goto
parse_err
;
/* Check for double slash */
if
((
p
[
0
]
!=
'/'
)
||
(
p
[
1
]
!=
'/'
))
goto
parse_err
;
p
+=
2
;
host
=
p
;
/* Check for trailing part of path */
p
=
strchr
(
p
,
'/'
);
if
(
!
p
)
*
ppath
=
BUF_strdup
(
"/"
);
else
{
*
ppath
=
BUF_strdup
(
p
);
/* Set start of path to 0 so hostname is valid */
*
p
=
'\0'
;
}
if
(
!*
ppath
)
goto
mem_err
;
/* Look for optional ':' for port number */
if
((
p
=
strchr
(
host
,
':'
)))
{
*
p
=
0
;
port
=
p
+
1
;
}
else
{
/* Not found: set default port */
if
(
*
pssl
)
port
=
"443"
;
else
port
=
"80"
;
}
*
pport
=
BUF_strdup
(
port
);
if
(
!*
pport
)
goto
mem_err
;
*
phost
=
BUF_strdup
(
host
);
if
(
!*
phost
)
goto
mem_err
;
OPENSSL_free
(
buf
);
return
1
;
mem_err:
OCSPerr
(
OCSP_F_OCSP_PARSE_URL
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
parse_err:
OCSPerr
(
OCSP_F_OCSP_PARSE_URL
,
OCSP_R_ERROR_PARSING_URL
);
err:
if
(
*
ppath
)
OPENSSL_free
(
*
ppath
);
if
(
*
pport
)
OPENSSL_free
(
*
pport
);
if
(
*
phost
)
OPENSSL_free
(
*
phost
);
return
0
;
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录