Relax checks for OCSP responder URIs:

* modules/ssl/ssl_engine_ocsp.c (determine_responder_uri): Allow
  NULL path; use default port for given schem.

* modules/ssl/ssl_util_ocsp.c (serialize_request): Use / if no path
  specified.

Submitted by: Kaspar Brand <asfbugz velox.ch>
PR: 45522

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@683242 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c
index a47efd06f1c26693a16801c14be4c44c8e412b98..c5e21535e24799709a3d3cbeed1db63f2478e58f 100644 (file)
--- a/modules/ssl/ssl_engine_ocsp.c
+++ b/modules/ssl/ssl_engine_ocsp.c
@@ -80,7 +80,7 @@ static apr_uri_t *determine_responder_uri(SSLSrvConfigRec *sc, X509 *cert,
     }
 
     rv = apr_uri_parse(p, s, u);
-    if (rv || !u->hostname || !u->path) {    
+    if (rv || !u->hostname) {    
         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, 
                       "failed to parse OCSP responder URI '%s'", s);
         return NULL;
@@ -92,6 +92,10 @@ static apr_uri_t *determine_responder_uri(SSLSrvConfigRec *sc, X509 *cert,
         return NULL;
     }
 
+    if (!u->port) {
+        u->port = apr_uri_port_of_scheme(u->scheme);
+    }
+
     return u;
 }
 

diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index 7bf6036a3addd4a08aec7e2521862cdb71e8daf6..928a27e45e4af614d96031e693096d6d940d26cf 100644 (file)
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -40,7 +40,8 @@ static BIO *serialize_request(OCSP_REQUEST *req, const apr_uri_t *uri)
                "Host: %s:%d\r\n"
                "Content-Length: %d\r\n"
                "\r\n", 
-               uri->path, uri->query ? "?" : "", uri->query ? uri->query : "",
+               uri->path ? uri->path : "/",
+               uri->query ? "?" : "", uri->query ? uri->query : "",
                uri->hostname, uri->port, len);
 
     if (i2d_OCSP_REQUEST_bio(bio, req) != 1) {