mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-28 14:21:00 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Keep the actual key length in the certificate_ocsp structure

Browse Source 
The OCSP tree entry key is a serialized version of the OCSP_CERTID of
the entry which is stored in a buffer that can be at most 128 bytes.
Depending on the length of the serial number, the actual non-zero part
of the key can be smaller than 128 bytes and this new structure member
allows to know how many of the bytes are filled. It will be useful when
dumping the key (in a "show ssl cert <cert>" output for instance).
This commit is contained in:
Remi Tricot-Le Breton 2021-06-10 13:51:12 +02:00 committed by William Lallemand
parent 12554d00f6
commit 5aa1dce5ee
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/ssl_sock.c
View File

@ -853,6 +853,7 @@ nosec:
struct certificate_ocsp { struct certificate_ocsp {
struct ebmb_node key; struct ebmb_node key;
unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH]; unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
unsigned int key_length;
struct buffer response; struct buffer response;
int refcount; int refcount;
long expire; long expire;
@ -1364,7 +1365,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc
goto out; goto out;
p = ocsp->key_data; p = ocsp->key_data;
i2d_OCSP_CERTID(cid, &p); ocsp->key_length = i2d_OCSP_CERTID(cid, &p);
iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH); iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
if (iocsp == ocsp) if (iocsp == ocsp)