1 files changed, 32 insertions, 2 deletions
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index 2da88f4281..9ed60a2aa9 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -50,8 +50,6 @@ tls_ocsp_free(struct tls_ocsp *ocsp)
        ocsp->ocsp_result = NULL;
        free(ocsp->ocsp_url);
        ocsp->ocsp_url = NULL;
-        free(ocsp->request_data);
-        ocsp->request_data = NULL;
        free(ocsp);
 }
@@ -322,6 +320,38 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg)
        return (res == 0) ? 1 : 0;
 }
+/* Staple the OCSP information in ctx->ocsp to the server handshake. */
+int
+tls_ocsp_stapling_cb(SSL *ssl, void *arg)
+{
+        struct tls *ctx;
+        unsigned char *ocsp_staple = NULL;
+        int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+        if ((ctx = SSL_get_app_data(ssl)) == NULL)
+                goto err;
+        if (ctx->config->ocsp_staple == NULL ||
+            ctx->config->ocsp_staple_len == 0)
+                return SSL_TLSEXT_ERR_NOACK;
+        if ((ocsp_staple = malloc(ctx->config->ocsp_staple_len)) == NULL)
+                goto err;
+        memcpy(ocsp_staple, ctx->config->ocsp_staple,
+            ctx->config->ocsp_staple_len);
+        if (SSL_set_tlsext_status_ocsp_resp(ctx->ssl_conn, ocsp_staple,
+                ctx->config->ocsp_staple_len) != 1)
+                goto err;
+        ret = SSL_TLSEXT_ERR_OK;
+ err:
+        if (ret != SSL_TLSEXT_ERR_OK)
+                free(ocsp_staple);
+        return ret;
+}
 /*
 * Public API
 */

diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c index 2da88f4281..9ed60a2aa9 100644 --- a/src/lib/libtls/tls_ocsp.c +++ b/src/lib/libtls/tls_ocsp.c
@@ -50,8 +50,6 @@ tls_ocsp_free(struct tls_ocsp *ocsp)
50	ocsp->ocsp_result = NULL;	50	ocsp->ocsp_result = NULL;
51	free(ocsp->ocsp_url);	51	free(ocsp->ocsp_url);
52	ocsp->ocsp_url = NULL;	52	ocsp->ocsp_url = NULL;
53	free(ocsp->request_data);
54	ocsp->request_data = NULL;
55	free(ocsp);	53	free(ocsp);
56	}	54	}
57		55
@@ -322,6 +320,38 @@ tls_ocsp_verify_cb(SSL ssl, void arg)
322	return (res == 0) ? 1 : 0;	320	return (res == 0) ? 1 : 0;
323	}	321	}
324		322
		323
		324	/* Staple the OCSP information in ctx->ocsp to the server handshake. */
		325	int
		326	tls_ocsp_stapling_cb(SSL ssl, void arg)
		327	{
		328	struct tls *ctx;
		329	unsigned char *ocsp_staple = NULL;
		330	int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		331
		332	if ((ctx = SSL_get_app_data(ssl)) == NULL)
		333	goto err;
		334
		335	if (ctx->config->ocsp_staple == NULL \|\|
		336	ctx->config->ocsp_staple_len == 0)
		337	return SSL_TLSEXT_ERR_NOACK;
		338
		339	if ((ocsp_staple = malloc(ctx->config->ocsp_staple_len)) == NULL)
		340	goto err;
		341
		342	memcpy(ocsp_staple, ctx->config->ocsp_staple,
		343	ctx->config->ocsp_staple_len);
		344	if (SSL_set_tlsext_status_ocsp_resp(ctx->ssl_conn, ocsp_staple,
		345	ctx->config->ocsp_staple_len) != 1)
		346	goto err;
		347
		348	ret = SSL_TLSEXT_ERR_OK;
		349	err:
		350	if (ret != SSL_TLSEXT_ERR_OK)
		351	free(ocsp_staple);
		352	return ret;
		353	}
		354
325	/*	355	/*
326	* Public API	356	* Public API
327	*/	357	*/