summaryrefslogtreecommitdiff
path: root/app/openssl/crypto/ocsp
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-12-20 12:06:03 +0100
committerParménides GV <parmegv@sdf.org>2014-12-20 12:06:03 +0100
commit5f6cb652dbd2ef0879673cf7338520dc2be236b9 (patch)
treebc47c8ccbcd48bfc5aee6b404c8ef3f1d9a359cb /app/openssl/crypto/ocsp
parent576b0c26baf9b5b1418650a572604325ca7fb3af (diff)
parentf347c871d0433ef3efb85beb5e386b58d700faad (diff)
Merge branch 'develop'
Diffstat (limited to 'app/openssl/crypto/ocsp')
-rw-r--r--app/openssl/crypto/ocsp/ocsp_ht.c16
-rw-r--r--app/openssl/crypto/ocsp/ocsp_lib.c13
-rw-r--r--app/openssl/crypto/ocsp/ocsp_vfy.c7
3 files changed, 29 insertions, 7 deletions
diff --git a/app/openssl/crypto/ocsp/ocsp_ht.c b/app/openssl/crypto/ocsp/ocsp_ht.c
index af5fc166..09eb855d 100644
--- a/app/openssl/crypto/ocsp/ocsp_ht.c
+++ b/app/openssl/crypto/ocsp/ocsp_ht.c
@@ -158,6 +158,8 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
OCSP_REQ_CTX *rctx;
rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
+ if (!rctx)
+ return NULL;
rctx->state = OHS_ERROR;
rctx->mem = BIO_new(BIO_s_mem());
rctx->io = io;
@@ -167,18 +169,21 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
else
rctx->iobuflen = OCSP_MAX_LINE_LEN;
rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
- if (!rctx->iobuf)
- return 0;
+ if (!rctx->mem || !rctx->iobuf)
+ goto err;
if (!path)
path = "/";
if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
- return 0;
+ goto err;
if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
- return 0;
+ goto err;
return rctx;
+ err:
+ OCSP_REQ_CTX_free(rctx);
+ return NULL;
}
/* Parse the HTTP response. This will look like this:
@@ -490,6 +495,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
ctx = OCSP_sendreq_new(b, path, req, -1);
+ if (!ctx)
+ return NULL;
+
do
{
rv = OCSP_sendreq_nbio(&resp, ctx);
diff --git a/app/openssl/crypto/ocsp/ocsp_lib.c b/app/openssl/crypto/ocsp/ocsp_lib.c
index a94dc838..5061c057 100644
--- a/app/openssl/crypto/ocsp/ocsp_lib.c
+++ b/app/openssl/crypto/ocsp/ocsp_lib.c
@@ -222,8 +222,19 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
if (!*ppath) goto mem_err;
+ p = host;
+ if(host[0] == '[')
+ {
+ /* ipv6 literal */
+ host++;
+ p = strchr(host, ']');
+ if(!p) goto parse_err;
+ *p = '\0';
+ p++;
+ }
+
/* Look for optional ':' for port number */
- if ((p = strchr(host, ':')))
+ if ((p = strchr(p, ':')))
{
*p = 0;
port = p + 1;
diff --git a/app/openssl/crypto/ocsp/ocsp_vfy.c b/app/openssl/crypto/ocsp/ocsp_vfy.c
index 27671830..fc0d4cc0 100644
--- a/app/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/app/openssl/crypto/ocsp/ocsp_vfy.c
@@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm
if(!(flags & OCSP_NOINTERN))
{
signer = X509_find_by_subject(req->optionalSignature->certs, nm);
- *psigner = signer;
- return 1;
+ if (signer)
+ {
+ *psigner = signer;
+ return 1;
+ }
}
signer = X509_find_by_subject(certs, nm);