diff options
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/ocsp.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c index 3f01416053..f954d9697b 100644 --- a/src/usr.bin/openssl/ocsp.c +++ b/src/usr.bin/openssl/ocsp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ocsp.c,v 1.20 2020/10/08 23:46:57 beck Exp $ */ | 1 | /* $OpenBSD: ocsp.c,v 1.21 2020/10/13 18:25:35 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -97,7 +97,8 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, | |||
| 97 | char *port); | 97 | char *port); |
| 98 | static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); | 98 | static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); |
| 99 | static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, | 99 | static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, |
| 100 | STACK_OF(CONF_VALUE) *headers, OCSP_REQUEST *req, int req_timeout); | 100 | STACK_OF(CONF_VALUE) *headers, const char *host, OCSP_REQUEST *req, |
| 101 | int req_timeout); | ||
| 101 | 102 | ||
| 102 | static struct { | 103 | static struct { |
| 103 | int accept_count; | 104 | int accept_count; |
| @@ -1408,11 +1409,12 @@ send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) | |||
| 1408 | 1409 | ||
| 1409 | static OCSP_RESPONSE * | 1410 | static OCSP_RESPONSE * |
| 1410 | query_responder(BIO *err, BIO *cbio, char *path, STACK_OF(CONF_VALUE) *headers, | 1411 | query_responder(BIO *err, BIO *cbio, char *path, STACK_OF(CONF_VALUE) *headers, |
| 1411 | OCSP_REQUEST *req, int req_timeout) | 1412 | const char *host, OCSP_REQUEST *req, int req_timeout) |
| 1412 | { | 1413 | { |
| 1413 | int fd; | 1414 | int fd; |
| 1414 | int rv; | 1415 | int rv; |
| 1415 | int i; | 1416 | int i; |
| 1417 | int have_host = 0; | ||
| 1416 | OCSP_REQ_CTX *ctx = NULL; | 1418 | OCSP_REQ_CTX *ctx = NULL; |
| 1417 | OCSP_RESPONSE *rsp = NULL; | 1419 | OCSP_RESPONSE *rsp = NULL; |
| 1418 | struct pollfd pfd[1]; | 1420 | struct pollfd pfd[1]; |
| @@ -1449,10 +1451,17 @@ query_responder(BIO *err, BIO *cbio, char *path, STACK_OF(CONF_VALUE) *headers, | |||
| 1449 | 1451 | ||
| 1450 | for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { | 1452 | for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { |
| 1451 | CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i); | 1453 | CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i); |
| 1454 | if (strcasecmp("host", hdr->name) == 0) | ||
| 1455 | have_host = 1; | ||
| 1452 | if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value)) | 1456 | if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value)) |
| 1453 | goto err; | 1457 | goto err; |
| 1454 | } | 1458 | } |
| 1455 | 1459 | ||
| 1460 | if (!have_host) { | ||
| 1461 | if (!OCSP_REQ_CTX_add1_header(ctx, "Host", host)) | ||
| 1462 | goto err; | ||
| 1463 | } | ||
| 1464 | |||
| 1456 | if (!OCSP_REQ_CTX_set1_req(ctx, req)) | 1465 | if (!OCSP_REQ_CTX_set1_req(ctx, req)) |
| 1457 | goto err; | 1466 | goto err; |
| 1458 | 1467 | ||
| @@ -1513,7 +1522,7 @@ process_responder(BIO *err, OCSP_REQUEST *req, char *host, char *path, | |||
| 1513 | sbio = BIO_new_ssl(ctx, 1); | 1522 | sbio = BIO_new_ssl(ctx, 1); |
| 1514 | cbio = BIO_push(sbio, cbio); | 1523 | cbio = BIO_push(sbio, cbio); |
| 1515 | } | 1524 | } |
| 1516 | resp = query_responder(err, cbio, path, headers, req, req_timeout); | 1525 | resp = query_responder(err, cbio, path, headers, host, req, req_timeout); |
| 1517 | if (!resp) | 1526 | if (!resp) |
| 1518 | BIO_printf(bio_err, "Error querying OCSP responder\n"); | 1527 | BIO_printf(bio_err, "Error querying OCSP responder\n"); |
| 1519 | 1528 | ||