diff options
author | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2019-08-02 11:11:02 +0200 |
---|---|---|
committer | Tomasz Swierczek <t.swierczek@samsung.com> | 2019-08-02 11:25:16 +0000 |
commit | 3ceae7aff77dee488273343d27775af6e8d448de (patch) | |
tree | 8022fdd0a848055752da64853ba7365153842611 | |
parent | 064cee2d549883cc572eda97051f13e23e9de5a0 (diff) | |
download | key-manager-3ceae7aff77dee488273343d27775af6e8d448de.tar.gz key-manager-3ceae7aff77dee488273343d27775af6e8d448de.tar.bz2 key-manager-3ceae7aff77dee488273343d27775af6e8d448de.zip |
Assume http if no protocol is given in proxy url
Change-Id: I080f5afe373e23376b07518485a41d62edd4a130
-rw-r--r-- | src/manager/service/ocsp.cpp | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/manager/service/ocsp.cpp b/src/manager/service/ocsp.cpp index acbf9d30..60cdb5b1 100644 --- a/src/manager/service/ocsp.cpp +++ b/src/manager/service/ocsp.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co. + * Copyright (c) 2014 - 2019 Samsung Electronics Co. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,6 +28,8 @@ #include <openssl/ssl.h> #include <fts.h> #include <unistd.h> +#include <string.h> +#include <stdio.h> #include <dpl/log/log.h> #include <certificate-impl.h> #include <openssl_utils.h> @@ -43,6 +45,11 @@ namespace CKM { namespace { +const char *const HTTP_PREFIX = "http://"; +const size_t HTTP_PREFIX_LEN = sizeof(HTTP_PREFIX) / sizeof(HTTP_PREFIX[0]); +const char *const HTTPS_PREFIX = "https://"; +const size_t HTTPS_PREFIX_LEN = sizeof(HTTPS_PREFIX) / sizeof(HTTPS_PREFIX[0]); + typedef std::unique_ptr<BIO, std::function<void(BIO *)>> BioUniquePtr; void BIO_write_and_free(BIO *bio) @@ -187,6 +194,17 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, LogDebug("Using proxy: " << proxy.get()); + if (strncmp(HTTP_PREFIX, proxy.get(), HTTP_PREFIX_LEN) != 0 && + strncmp(HTTPS_PREFIX, proxy.get(), HTTPS_PREFIX_LEN) != 0) { + LogDebug("No http/https prefix. Assuming http."); + char *tmp = NULL; + if (asprintf(&tmp, "%s%s", HTTP_PREFIX, proxy.get()) == -1) { + LogError("Http prefix application failed."); + return CKM_API_OCSP_STATUS_INTERNAL_ERROR; + } + proxy.reset(tmp); + } + if (!OCSP_parse_url(proxy.get(), &phost, &pport, &ppath, &use_ssl)) { return CKM_API_OCSP_STATUS_INVALID_URL; } |