httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Reid <da...@jetnet.co.uk>
Subject Re: [PATCH] ssl_ext_lookup
Date Mon, 12 Sep 2005 14:29:10 GMT
David Reid wrote:
> Joe Orton wrote:
> 
>>On Sat, Sep 10, 2005 at 02:47:17AM +0100, David Reid wrote:
>>
>>
>>>Following patch makes some changes to ssl_ext_lookup and changes it's
>>>API, hence the post for review.
>>>
>>>Add some more warnings when things don't go as advertised.
>>
>>
>>I don't think it's appropriate to log warnings (at least at 
>>APLOG_WARNING level) from a function like this - only the caller knows 
>>whether or not failures require user-visibile warnings or not.
> 
> 
> OK. I think it makes sense to log them at some level though as otherwise
> there is no indication what's wrong. When testing these caught me out
> for a while, hence my additions. Maybe INFO would be a better level to
> log at?
> 
> 
>>
>>>We now allow the "known" names to be used as extensions to lookup
>>>expanding the flexability of the function.
>>>
>>>Add an index to allow repeated calls to get different values to handle
>>>the case when the same extension is present multiple times (there is no
>>>restriction how often they can appear I'm aware of).
>>
>>
>>Use of the index seems fine though this is starting to overlap in 
>>functionality with the ssl_extlist_by_oid function?
> 
> 
> Hmm, maybe. Maybe ssl_extlist could just call ssl_ext_lookup?

Like this possibly...

Index: modules/ssl/ssl_expr_eval.c
===================================================================
--- modules/ssl/ssl_expr_eval.c (revision 279892)
+++ modules/ssl/ssl_expr_eval.c (working copy)
@@ -200,55 +200,24 @@

 #define NUM_OID_ELTS 8 /* start with 8 oid slots, resize when needed */

-apr_array_header_t *ssl_extlist_by_oid(request_rec *r, const char *oidstr)
+apr_array_header_t *ssl_extlist_by_oid(request_rec *r, const char *extname)
 {
-    int count = 0, j;
-    X509 *xs = NULL;
-    ASN1_OBJECT *oid;
+    int count = 0, j, n = 0, len = 0;
     apr_array_header_t *val_array;
-    SSLConnRec *sslconn = myConnConfig(r->connection);
+    const char *val = NULL;

     /* trivia */
-    if (oidstr == NULL || sslconn == NULL || sslconn->ssl == NULL)
+    if (extname == NULL)
         return NULL;

-    /* Determine the oid we are looking for */
-    if ((oid = OBJ_txt2obj(oidstr, 1)) == NULL) {
-        ERR_clear_error();
-        return NULL;
-    }
-
-    /* are there any extensions in the cert? */
-    if ((xs = SSL_get_peer_certificate(sslconn->ssl)) == NULL ||
-        (count = X509_get_ext_count(xs)) == 0) {
-        return NULL;
-    }
-
     val_array = apr_array_make(r->pool, NUM_OID_ELTS, sizeof(char *));

-    /* Loop over all extensions, extract the desired oids */
-    for (j = 0; j < count; j++) {
-        X509_EXTENSION *ext = X509_get_ext(xs, j);
-
-        if (OBJ_cmp(ext->object, oid) == 0) {
-            BIO *bio = BIO_new(BIO_s_mem());
-
-            if (X509V3_EXT_print(bio, ext, 0, 0) == 1) {
-                BUF_MEM *buf;
-                char **new = apr_array_push(val_array);
-
-                BIO_get_mem_ptr(bio, &buf);
-
-                *new = apr_pstrdup(r->pool, buf->data);
-            }
-
-            BIO_vfree(bio);
-        }
+    while ((val = ssl_ext_lookup(r->pool, r->connection, 1, extname,
+                                 n++, &len))) {
+        char **newentry =apr_array_push(val_array);
+        *newentry = (char *)val;
     }

-    X509_free(xs);
-    ERR_clear_error();
-
     if (val_array->nelts == 0)
         return NULL;
     else


david

Mime
View raw message