From: Joe Orton Date: Wed, 6 Aug 2008 12:14:00 +0000 (+0000) Subject: Relax checks for OCSP responder URIs: X-Git-Tag: 2.3.0~395 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b96fe2d2f1f5544a1fbe881ef10a2f7f3dcf0832;p=apache Relax checks for OCSP responder URIs: * modules/ssl/ssl_engine_ocsp.c (determine_responder_uri): Allow NULL path; use default port for given schem. * modules/ssl/ssl_util_ocsp.c (serialize_request): Use / if no path specified. Submitted by: Kaspar Brand PR: 45522 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@683242 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c index a47efd06f1..c5e21535e2 100644 --- a/modules/ssl/ssl_engine_ocsp.c +++ b/modules/ssl/ssl_engine_ocsp.c @@ -80,7 +80,7 @@ static apr_uri_t *determine_responder_uri(SSLSrvConfigRec *sc, X509 *cert, } rv = apr_uri_parse(p, s, u); - if (rv || !u->hostname || !u->path) { + if (rv || !u->hostname) { ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, "failed to parse OCSP responder URI '%s'", s); return NULL; @@ -92,6 +92,10 @@ static apr_uri_t *determine_responder_uri(SSLSrvConfigRec *sc, X509 *cert, return NULL; } + if (!u->port) { + u->port = apr_uri_port_of_scheme(u->scheme); + } + return u; } diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c index 7bf6036a3a..928a27e45e 100644 --- a/modules/ssl/ssl_util_ocsp.c +++ b/modules/ssl/ssl_util_ocsp.c @@ -40,7 +40,8 @@ static BIO *serialize_request(OCSP_REQUEST *req, const apr_uri_t *uri) "Host: %s:%d\r\n" "Content-Length: %d\r\n" "\r\n", - uri->path, uri->query ? "?" : "", uri->query ? uri->query : "", + uri->path ? uri->path : "/", + uri->query ? "?" : "", uri->query ? uri->query : "", uri->hostname, uri->port, len); if (i2d_OCSP_REQUEST_bio(bio, req) != 1) {