Deprecate OCSP_xxx API for OSSL_HTTP_xxx

Deprecations made:
    OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX
    OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new
    OCSP_REQ_CTX_free->OSSL_HTTP_REQ_CTX_free
    OCSP_REQ_CTX_http-> OSSL_HTTP_REQ_CTX_header
    OCSP_REQ_CTX_add1_header->OSSL_HTTP_REQ_CTX_add1_header
    OCSP_REQ_CTX_i2d->OSSL_HTTP_REQ_CTX_i2d
    OCSP_REQ_CTX_get0_mem_bio->OSSL_HTTP_REQ_CTX_get0_mem_bio
    OCSP_set_max_response_length->OSSL_HTTP_REQ_CTX_set_max_response_length
    OCSP_REQ_CTX_nbio_d2i->OSSL_HTTP_REQ_CTX_sendreq_d2i
    OCSP_REQ_CTX_nbio->OSSL_HTTP_REQ_CTX_nbio

Made some editorial changes to man3/OCSP_sendreq.pod; move the NOTES
text inline.  Some of the original functions had no documentation:
OCSP_REQ_CTX_new, OCSP_REQ_CTX_http, OCSP_REQ_CTX_get0_mem_bio,
OCSP_REQ_CTX_nbio_d2i, and OCSP_REQ_CTX_nbio.  Their new counterparts
are now documented in doc/man3/OSSL_HTTP_REQ_CTX.pod

Fixes #12234

Co-authored-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13742)
This commit is contained in:
Rich Salz 2020-12-26 10:21:41 -05:00 committed by Richard Levitte
parent fee0af0863
commit 83b6dc8dc7
12 changed files with 334 additions and 146 deletions

View File

@ -23,6 +23,21 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
* Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length(). These
were used to collect all necessary data to form a HTTP request, and to
perform the HTTP transfer with that request. With OpenSSL 3.0, the
type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(),
OSSL_HTTP_REQ_CTX_header(), OSSL_HTTP_REQ_CTX_add1_header(),
OSSL_HTTP_REQ_CTX_i2d(), OSSL_HTTP_REQ_CTX_nbio(),
OSSL_HTTP_REQ_CTX_sendreq_d2i(), OSSL_HTTP_REQ_CTX_get0_mem_bio() and
OSSL_HTTP_REQ_CTX_set_max_response_length().
*Rich Salz and Richard Levitte*
* Validation of SM2 keys has been separated from the validation of regular EC
keys, allowing to improve the SM2 validation process to reject loaded private
keys that are not conforming to the SM2 ISO standard.

View File

@ -13,20 +13,6 @@
# include <openssl/ocsp.h>
/* name aliases for legacy names with name prefix "OCSP_" */
typedef OCSP_REQ_CTX OSSL_HTTP_REQ_CTX;
/* functions meanwhile only used internally */
# define OSSL_HTTP_REQ_CTX_new OCSP_REQ_CTX_new
# define OSSL_HTTP_REQ_CTX_free OCSP_REQ_CTX_free
# define OSSL_HTTP_REQ_CTX_header OCSP_REQ_CTX_http
# define OSSL_HTTP_REQ_CTX_add1_header OCSP_REQ_CTX_add1_header
# define OSSL_HTTP_REQ_CTX_i2d OCSP_REQ_CTX_i2d
# define OSSL_HTTP_REQ_CTX_nbio OCSP_REQ_CTX_nbio
# define OSSL_HTTP_REQ_CTX_sendreq_d2i OCSP_REQ_CTX_nbio_d2i
/* functions that are meanwhile unused */
# define OSSL_HTTP_REQ_CTX_get0_mem_bio OCSP_REQ_CTX_get0_mem_bio /* undoc'd */
# define OSSL_HTTP_REQ_CTX_set_max_response_length OCSP_set_max_response_length
BIO *HTTP_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
OSSL_HTTP_REQ_CTX *HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int use_http_proxy,
const char *server, const char *port,

View File

@ -14,19 +14,20 @@
#ifndef OPENSSL_NO_OCSP
# ifndef OPENSSL_NO_DEPRECATED_3_0
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req)
int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req)
{
return OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request",
ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req);
return OSSL_HTTP_REQ_CTX_i2d(rctx, "application/ocsp-request",
ASN1_ITEM_rptr(OCSP_REQUEST),
(ASN1_VALUE *)req);
}
# endif
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
int maxline)
OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
OCSP_REQUEST *req, int maxline)
{
BIO *req_mem = HTTP_asn1_item2bio(ASN1_ITEM_rptr(OCSP_REQUEST),
(ASN1_VALUE *)req);
OCSP_REQ_CTX *res =
OSSL_HTTP_REQ_CTX *res =
HTTP_REQ_CTX_new(io, io, 0 /* no HTTP proxy used */, NULL, NULL, path,
NULL /* headers */, "application/ocsp-request",
req_mem /* may be NULL */,
@ -37,17 +38,17 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
return res;
}
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx)
{
*presp = (OCSP_RESPONSE *)
OCSP_REQ_CTX_nbio_d2i(rctx, ASN1_ITEM_rptr(OCSP_RESPONSE));
OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(OCSP_RESPONSE));
return *presp != NULL;
}
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
{
OCSP_RESPONSE *resp = NULL;
OCSP_REQ_CTX *ctx;
OSSL_HTTP_REQ_CTX *ctx;
int rv;
ctx = OCSP_sendreq_new(b, path, req, -1 /* default max resp line length */);
@ -57,7 +58,7 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
rv = OCSP_sendreq_nbio(&resp, ctx);
/* this indirectly calls ERR_clear_error(): */
OCSP_REQ_CTX_free(ctx);
OSSL_HTTP_REQ_CTX_free(ctx);
return rv == 1 ? resp : NULL;
}

View File

@ -4,11 +4,11 @@
OCSP_sendreq_new,
OCSP_sendreq_nbio,
OCSP_REQ_CTX_free,
OCSP_set_max_response_length,
OCSP_REQ_CTX_add1_header,
OCSP_sendreq_bio,
OCSP_REQ_CTX_i2d,
OCSP_REQ_CTX_add1_header,
OCSP_REQ_CTX_free,
OCSP_set_max_response_length,
OCSP_REQ_CTX_set1_req
- OCSP responder query functions
@ -16,104 +16,78 @@ OCSP_REQ_CTX_set1_req
#include <openssl/ocsp.h>
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
OCSP_REQUEST *req, int maxline);
OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
OCSP_REQUEST *req, int maxline);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx,
unsigned long len);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
const char *name, const char *value);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type,
const ASN1_ITEM *it, ASN1_VALUE *req);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const char *content_type,
const ASN1_ITEM *it, ASN1_VALUE *req);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx,
const char *name, const char *value);
void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
void OCSP_set_max_response_length(OCSP_REQ_CT *rctx,
unsigned long len);
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
=head1 DESCRIPTION
The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
responder B<io>, the URL path B<path>, the OCSP request B<req> and with a
response header maximum line length of B<maxline>. If B<maxline> is zero a
default value of 4k is used. The OCSP request B<req> may be set to B<NULL>
and provided later if required.
These functions perform an OCSP request / response transfer over HTTP, using
the HTTP request functions described in L<OSSL_HTTP_REQ_CTX(3)>.
OCSP_sendreq_nbio() performs I/O on the OCSP request context B<rctx>.
When the operation is complete it returns the response in B<*presp>.
The function OCSP_sendreq_new() builds a complete B<OSSL_HTTP_REQ_CTX>
structure using connection B<BIO> I<io>, the URL path I<path>, the OCSP
request I<req> and with a response header maximum line length of I<maxline>.
If I<maxline> is zero a default value of 4k is used. The OCSP request I<req>
may be set to NULL and provided later with L<OSSL_HTTP_REQ_CTX_i2d(3)> if
required.
OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
The I<io> and I<path> arguments to OCSP_sendreq_new() correspond to the
components of the URL.
For example if the responder URL is C<http://example.com/ocspreq> the BIO
I<io> should be connected to host C<example.com> on port 80 and I<path>
should be set to C</ocspreq>.
OCSP_set_max_response_length() sets the maximum response length
for B<rctx> to B<len>. If the response exceeds this length an error occurs.
If not set a default value of 100k is used.
OCSP_sendreq_nbio() performs I/O on the OCSP request context I<rctx>.
When the operation is complete it assigns the response, a pointer to a
B<OCSP_RESPONSE> structure, in I<*presp>.
OCSP_REQ_CTX_add1_header() adds header B<name> with value B<value> to the
context B<rctx>. It can be called more than once to add multiple headers.
It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req>
parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if
additional headers are set.
OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
path B<path>, the OCSP request B<req> and with a response header maximum line
length 4k. It waits indefinitely on a response.
OCSP_REQ_CTX_i2d() sets the request context B<rctx> to have the request
B<req>, which has the ASN.1 type B<it>.
The B<content_type>, if not NULL, will be included in the HTTP request.
The function should be called after all other headers have already been added.
OCSP_sendreq_bio() is the same as a call to OCSP_sendreq_new() followed by
OCSP_sendreq_nbio() and then OCSP_REQ_CTX_free() in a single call, with a
response header maximum line length 4k. It waits indefinitely on a response.
It does not support setting a timeout or adding headers and is retained
for compatibility; use OCSP_sendreq_nbio() instead.
OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:
OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request",
ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)
OSSL_HTTP_REQ_CTX_i2d(rctx, "application/ocsp-request",
ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)
The other deprecated type and functions have been superseded by the
following equivalents:
B<OCSP_REQ_CTX> by L<OSSL_HTTP_REQ_CTX(3)>,
OCSP_REQ_CTX_i2d() by L<OSSL_HTTP_REQ_CTX_i2d(3)>,
OCSP_REQ_CTX_add1_header() by L<OSSL_HTTP_REQ_CTX_add1_header(3)>,
OCSP_REQ_CTX_free() by L<OSSL_HTTP_REQ_CTX_free(3)>, and
OCSP_set_max_response_length() by
L<OSSL_HTTP_REQ_CTX_set_max_response_length(3)>.
=head1 RETURN VALUES
OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL>
OCSP_sendreq_new() returns a valid B<OSSL_HTTP_REQ_CTX> structure or NULL
if an error occurred.
OCSP_sendreq_nbio(), OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_i2d(),
and OCSP_REQ_CTX_set1_req()
return B<1> for success and B<0> for failure.
OCSP_sendreq_nbio(), OCSP_REQ_CTX_i2d(), and OCSP_REQ_CTX_set1_req()
return 1 for success and 0 for failure.
OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
responder or B<NULL> if an error occurred.
OCSP_REQ_CTX_free() and OCSP_set_max_response_length()
do not return values.
=head1 NOTES
These functions only perform a minimal HTTP query to a responder. If an
application wishes to support more advanced features it should use an
alternative more complete HTTP library.
Currently only HTTP POST queries to responders are supported.
The arguments to OCSP_sendreq_new() correspond to the components of the URL.
For example if the responder URL is B<http://ocsp.com/ocspreq> the BIO
B<io> should be connected to host B<ocsp.com> on port 80 and B<path>
should be set to B<"/ocspreq">
The headers added with OCSP_REQ_CTX_add1_header() are of the form
"B<name>: B<value>" or just "B<name>" if B<value> is B<NULL>. So to add
a Host header for B<ocsp.com> you would call:
OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
OCSP_sendreq_bio() does not support timeout nor setting extra headers.
It is retained for compatibility.
Better use B<OCSP_sendreq_nbio()> instead.
responder or NULL if an error occurred.
=head1 SEE ALSO
@ -126,11 +100,17 @@ L<OCSP_response_status(3)>
=head1 HISTORY
The OCSP_REQ_CTX_set1_req() function was deprecated in OpenSSL 3.0.
B<OCSP_REQ_CTX>,
OCSP_REQ_CTX_i2d(),
OCSP_REQ_CTX_add1_header(),
OCSP_REQ_CTX_free(),
OCSP_set_max_response_length(),
and OCSP_REQ_CTX_set1_req()
were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

View File

@ -0,0 +1,183 @@
=pod
=head1 NAME
OSSL_HTTP_REQ_CTX,
OSSL_HTTP_REQ_CTX_new,
OSSL_HTTP_REQ_CTX_free,
OSSL_HTTP_REQ_CTX_header,
OSSL_HTTP_REQ_CTX_add1_header,
OSSL_HTTP_REQ_CTX_i2d,
OSSL_HTTP_REQ_CTX_nbio,
OSSL_HTTP_REQ_CTX_sendreq_d2i,
OSSL_HTTP_REQ_CTX_get0_mem_bio,
OSSL_HTTP_REQ_CTX_set_max_response_length
- HTTP request functions
=head1 SYNOPSIS
#include <openssl/http.h>
typedef struct ossl_http_req_ctx_st OSSL_HTTP_REQ_CTX;
OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio,
int method_GET, int maxline,
unsigned long max_resp_len,
int timeout,
const char *expected_content_type,
int expect_asn1);
void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
int OSSL_HTTP_REQ_CTX_header(OSSL_HTTP_REQ_CTX *rctx,
const char *server,
const char *port, const char *path);
int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx,
const char *name, const char *value);
int OSSL_HTTP_REQ_CTX_i2d(OSSL_HTTP_REQ_CTX *rctx, const char *content_type,
const ASN1_ITEM *it, ASN1_VALUE *req);
int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx);
ASN1_VALUE *OSSL_HTTP_REQ_CTX_sendreq_d2i(OSSL_HTTP_REQ_CTX *rctx,
const ASN1_ITEM *it);
BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(OSSL_HTTP_REQ_CTX *rctx);
void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
unsigned long len);
=head1 DESCRIPTION
B<OSSL_HTTP_REQ_CTX> is a context structure for an HTTP request, used to
collect all the necessary data to perform that request.
This file documents low-level HTTP functions rarely used directly. High-level
HTTP client functions like L<OSSL_HTTP_get(3)> and L<OSSL_HTTP_transfer(3)>
should be preferred.
OSSL_HTTP_REQ_CTX_new() allocates a new HTTP request context structure, which
gets populated with the B<BIO> to send the request to (I<wbio>), the B<BIO> to
read the response from (I<rbio>, which may be the same as I<wbio>), the
request method (I<method_GET>, which may be 1 to indicate that the C<GET>
method is to be used, or 0 to indicate that the C<POST> method is to be used),
the maximum expected response header length (I<max_resp_len>, where any zero
or less indicates the default of 4KiB), a response timeout measure in seconds
(I<timeout>, where 0 indicates no timeout, i.e., waiting indefinitely), the
expected MIME content type of the response (I<expected_content_type>, which
may be NULL for no expectation), and a flag indicating that the response is
expected to be a DER encoded ASN.1 structure (I<expect_asn1>).
The allocated context structure is also populated with an internal allocated
memory B<BIO>, which collects the HTTP request and additional headers as text.
The returned context should only be used for a single HTTP request/response.
OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I<rctx>.
The I<wbio> and I<rbio> are not free'd and it is up to the application
to do so.
OSSL_HTTP_REQ_CTX_header() adds an HTTP request line to the request context.
The request command itself becomes C<GET> or C<POST> depending on the value
of I<method_GET> in the OSSL_HTTP_REQ_CTX_new() call. I<server> and I<port>
may be set to indicate a proxy server and port that the request should go
through, otherwise they should be left NULL. I<path> is the HTTP request path;
if left NULL, C</> is used.
OSSL_HTTP_REQ_CTX_add1_header() adds header I<name> with value I<value> to the
context I<rctx>. It can be called more than once to add multiple headers.
For example, to add a C<Host> header for C<example.com> you would call:
OSSL_HTTP_REQ_CTX_add1_header(ctx, "Host", "example.com");
OSSL_HTTP_REQ_CTX_i2d() finalizes the HTTP request context by adding the DER
encoding of I<req>, using the ASN.1 template I<it> to do the encoding. The
HTTP header C<Content-Length> is automatically filled out, and if
I<content_type> isn't NULL, the HTTP header C<Content-Type> is also added with
its content as value. All of this ends up in the internal memory B<BIO>.
This requires that the request type be C<POST>, i.e. that I<method_GET> is 0
in the OSSL_HTTP_REQ_CTX_new() call.
OSSL_HTTP_REQ_CTX_nbio() attempts the exchange of request and response via HTTP,
using the I<rbio> and I<wbio> that were given in the OSSL_HTTP_REQ_CTX_new()
call. When successful, the contents of the internal memory B<BIO> is replaced
with the contents of the HTTP response, without the response headers.
It may need to be called again if its result is -1, which indicates
L<BIO_should_retry(3)>. In such a case it is advisable to sleep a little in
between to prevent a busy loop.
OSSL_HTTP_REQ_CTX_sendreq_d2i() calls OSSL_HTTP_REQ_CTX_nbio(), possibly
several times until a timeout is reached, and DER decodes the received
response using the ASN.1 template I<it>.
OSSL_HTTP_REQ_CTX_set_max_response_length() sets the maximum response length
for I<rctx> to I<len>. If the response exceeds this length an error occurs.
If not set a default value of 100k is used.
OSSL_HTTP_REQ_CTX_get0_mem_bio() returns the internal memory B<BIO>. This can
be used to affect the HTTP request text. I<Use with caution!>
=head1 WARNINGS
The server's response may be unexpected if the hostname that was used to
create the I<wbio>, any C<Host> header, and the host specified in the
request URL do not match.
Many of these functions must be called in a certain order.
First, the HTTP request context must be allocated:
OSSL_HTTP_REQ_CTX_new().
Then, the HTTP request must be prepared with request data:
=over 4
=item 1.
Calling OSSL_HTTP_REQ_CTX_header(). This must be done exactly once.
=item 2.
Adding extra headers with OSSL_HTTP_REQ_CTX_add1_header(). This is optional.
=item 3.
Add C<POST> data with OSSL_HTTP_REQ_CTX_i2d(). This may only be done if
I<method_GET> was 0 in the OSSL_HTTP_REQ_CTX_new() call, and must be done
exactly once in that case.
=back
When the request context is fully prepared, the HTTP exchange may be performed
with OSSL_HTTP_REQ_CTX_nbio() or OSSL_HTTP_REQ_CTX_sendreq_d2i().
Furthermore, all calls of OSSL_HTTP_REQ_CTX_header() and
OSSL_HTTP_REQ_CTX_add1_header() must be done before any call to
int OSSL_HTTP_REQ_CTX_nbio() or OSSL_HTTP_REQ_CTX_sendreq_d2i().
=head1 RETURN VALUES
OSSL_HTTP_REQ_CTX_new() returns a pointer to a B<OSSL_HTTP_REQ_CTX>, or NULL
on error.
OSSL_HTTP_REQ_CTX_free() and OSSL_HTTP_REQ_CTX_set_max_response_length()
do not return values.
OSSL_HTTP_REQ_CTX_header(), OSSL_HTTP_REQ_CTX_add1_header(),
OSSL_HTTP_REQ_CTX_i2d() and OSSL_HTTP_REQ_CTX_nbio return 1 for success and 0
for failure.
OSSL_HTTP_REQ_CTX_sendreq_d2i() returns a pointer to an B<ASN1_VALUE> for
success and NULL for failure.
OSSL_HTTP_REQ_CTX_get0_mem_bio() returns the internal memory B<BIO>.
=head1 SEE ALSO
L<OSSL_HTTP_transfer(3)>
=head1 COPYRIGHT
Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

View File

@ -35,6 +35,27 @@ typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail)
# define OPENSSL_HTTP_PROXY "HTTP_PROXY"
# define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio,
int method_GET, int maxline,
unsigned long max_resp_len,
int timeout,
const char *expected_content_type,
int expect_asn1);
void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
int OSSL_HTTP_REQ_CTX_header(OSSL_HTTP_REQ_CTX *rctx,
const char *server,
const char *port, const char *path);
int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx,
const char *name, const char *value);
int OSSL_HTTP_REQ_CTX_i2d(OSSL_HTTP_REQ_CTX *rctx, const char *content_type,
const ASN1_ITEM *it, ASN1_VALUE *req);
int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx);
ASN1_VALUE *OSSL_HTTP_REQ_CTX_sendreq_d2i(OSSL_HTTP_REQ_CTX *rctx,
const ASN1_ITEM *it);
BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(OSSL_HTTP_REQ_CTX *rctx);
void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
unsigned long len);
BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
BIO *bio, BIO *rbio,
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,

View File

@ -23,7 +23,8 @@ use OpenSSL::stackhash qw(generate_stack_macros);
# endif
# include <openssl/opensslconf.h>
# include <openssl/http.h> /* for OSSL_HTTP_parse_url */
# include <openssl/http.h>
# include <openssl/asn1.h>
/*
* These definitions are outside the OPENSSL_NO_OCSP guard because although for
@ -56,30 +57,6 @@ use OpenSSL::stackhash qw(generate_stack_macros);
# define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9
# define OCSP_REVOKED_STATUS_AACOMPROMISE 10
/*
* These definitions are outside the OPENSSL_NO_OCSP guard because although for
* historical reasons they have OCSP_* names, they are used for the HTTP client.
*/
# include <openssl/asn1.h>
/* The following functions are used only internally */
OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *wbio, BIO *rbio,
int method_GET, int maxline,
unsigned long max_resp_len, int timeout,
const char *expected_content_type,
int expect_asn1);
void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx,
const char *server, const char *port, const char *path);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
const char *name, const char *value);
int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type,
const ASN1_ITEM *it, ASN1_VALUE *req);
int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
ASN1_VALUE *OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it);
BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
/* End of functions used only internally */
# ifndef OPENSSL_NO_OCSP
@ -194,13 +171,33 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID)
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
int maxline);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
OCSP_REQUEST *req, int maxline);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
# ifndef OPENSSL_NO_DEPRECATED_3_0
typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
OSSL_DEPRECATEDIN_3_0
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req);
# define OCSP_REQ_CTX_new(wb, rb, m, ml, mrl, t, ect, ea) \
OSSL_HTTP_REQ_CTX_new(wb, rb, m, ml, mrl, t, ect, ea)
# define OCSP_REQ_CTX_free(r) \
OSSL_HTTP_REQ_CTX_free(r)
# define OCSP_REQ_CTX_http(r, s, po, pa) \
OSSL_HTTP_REQ_CTX_header(r, s, po, pa)
# define OCSP_REQ_CTX_add1_header(r, n, v) \
OSSL_HTTP_REQ_CTX_add1_header(r, n, v)
# define OCSP_REQ_CTX_i2d(r, c, i, req) \
OSSL_HTTP_REQ_CTX_i2d(r, c, i, req)
# define OCSP_REQ_CTX_nbio(r) \
OSSL_HTTP_REQ_CTX_nbio(r)
# define OCSP_REQ_CTX_nbio_d2i(r, i) \
OSSL_HTTP_REQ_CTX_sendreq_d2i(r, i)
# define OCSP_REQ_CTX_get0_mem_bio(r) \
OSSL_HTTP_REQ_CTX_get0_mem_bio(r)
# define OCSP_set_max_response_length(r, l) \
OSSL_HTTP_REQ_CTX_set_max_response_length(r, l)
# endif
OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,

View File

@ -196,7 +196,7 @@ typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
typedef struct ossl_http_req_ctx_st OCSP_REQ_CTX; /* backward compatibility */
typedef struct ossl_http_req_ctx_st OSSL_HTTP_REQ_CTX;
typedef struct ocsp_response_st OCSP_RESPONSE;
typedef struct ocsp_responder_id_st OCSP_RESPID;

View File

@ -302,7 +302,7 @@
-T OCSP_ONEREQ
-T OCSP_REQINFO
-T OCSP_REQUEST
-T OCSP_REQ_CTX
-T OSSL_HTTP_REQ_CTX
-T OCSP_RESPBYTES
-T OCSP_RESPDATA
-T OCSP_RESPID

View File

@ -133,7 +133,7 @@ d2i_OCSP_BASICRESP 134 3_0_0 EXIST::FUNCTION:OCSP
X509v3_add_ext 135 3_0_0 EXIST::FUNCTION:
X509v3_addr_subset 136 3_0_0 EXIST::FUNCTION:RFC3779
CRYPTO_strndup 137 3_0_0 EXIST::FUNCTION:
OCSP_REQ_CTX_free 138 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_free 138 3_0_0 EXIST::FUNCTION:
X509_STORE_new 140 3_0_0 EXIST::FUNCTION:
ASN1_TYPE_free 141 3_0_0 EXIST::FUNCTION:
PKCS12_BAGS_new 142 3_0_0 EXIST::FUNCTION:
@ -615,7 +615,7 @@ UI_get0_result_string 629 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_add_policy 630 3_0_0 EXIST::FUNCTION:TS
X509_REQ_dup 631 3_0_0 EXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_sendreq_d2i 634 3_0_0 EXIST::FUNCTION:
d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:
@ -1115,7 +1115,7 @@ PEM_write_bio_PKCS7 1141 3_0_0 EXIST::FUNCTION:
MDC2_Final 1142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
SMIME_crlf_copy 1143 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_count 1144 3_0_0 EXIST::FUNCTION:OCSP
OCSP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION:
X509_load_cert_crl_file 1146 3_0_0 EXIST::FUNCTION:
EVP_PKEY_new_mac_key 1147 3_0_0 EXIST::FUNCTION:
DIST_POINT_new 1148 3_0_0 EXIST::FUNCTION:
@ -1379,7 +1379,7 @@ BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION:
SHA512 1412 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION:
EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION:
OCSP_REQ_CTX_http 1415 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_header 1415 3_0_0 EXIST::FUNCTION:
EVP_MD_CTX_reset 1416 3_0_0 EXIST::FUNCTION:
X509_NAME_new 1417 3_0_0 EXIST::FUNCTION:
ASN1_item_pack 1418 3_0_0 EXIST::FUNCTION:
@ -1577,7 +1577,7 @@ BIO_ADDRINFO_address 1613 3_0_0 EXIST::FUNCTION:SOCK
ASN1_STRING_print_ex 1614 3_0_0 EXIST::FUNCTION:
i2d_CMS_ReceiptRequest 1615 3_0_0 EXIST::FUNCTION:CMS
d2i_TS_REQ_fp 1616 3_0_0 EXIST::FUNCTION:STDIO,TS
OCSP_REQ_CTX_i2d 1617 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_i2d 1617 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get_default_digest_nid 1618 3_0_0 EXIST::FUNCTION:
ASIdOrRange_new 1619 3_0_0 EXIST::FUNCTION:RFC3779
ASN1_SCTX_new 1620 3_0_0 EXIST::FUNCTION:
@ -1593,7 +1593,7 @@ CRYPTO_ocb128_cleanup 1629 3_0_0 EXIST::FUNCTION:OCB
EVP_des_ede_cbc 1630 3_0_0 EXIST::FUNCTION:DES
i2d_ASN1_TIME 1631 3_0_0 EXIST::FUNCTION:
ENGINE_register_all_pkey_asn1_meths 1632 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
OCSP_set_max_response_length 1633 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_set_max_response_length 1633 3_0_0 EXIST::FUNCTION:
d2i_ISSUING_DIST_POINT 1634 3_0_0 EXIST::FUNCTION:
CMS_RecipientInfo_set0_key 1635 3_0_0 EXIST::FUNCTION:CMS
NCONF_new 1636 3_0_0 EXIST::FUNCTION:
@ -1850,7 +1850,7 @@ OCSP_ONEREQ_add_ext 1892 3_0_0 EXIST::FUNCTION:OCSP
CMS_uncompress 1893 3_0_0 EXIST::FUNCTION:CMS
CRYPTO_mem_debug_pop 1895 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
EVP_aes_192_cfb128 1896 3_0_0 EXIST::FUNCTION:
OCSP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_copy 1898 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_allocated 1899 3_0_0 EXIST::FUNCTION:
UI_UTIL_read_pw_string 1900 3_0_0 EXIST::FUNCTION:
@ -2416,7 +2416,7 @@ Camellia_decrypt 2466 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPR
X509_signature_print 2467 3_0_0 EXIST::FUNCTION:
EVP_camellia_128_ecb 2468 3_0_0 EXIST::FUNCTION:CAMELLIA
MD2_Final 2469 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2
OCSP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:
NETSCAPE_SPKAC_it 2471 3_0_0 EXIST::FUNCTION:
ASIdOrRange_free 2472 3_0_0 EXIST::FUNCTION:RFC3779
EC_POINT_get_Jprojective_coordinates_GFp 2473 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
@ -3762,7 +3762,7 @@ i2d_PrivateKey_bio 3843 3_0_0 EXIST::FUNCTION:
RSA_padding_add_PKCS1_type_1 3844 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
i2d_re_X509_tbs 3845 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_iv_length 3846 3_0_0 EXIST::FUNCTION:
OCSP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION:
i2d_PKCS8PrivateKeyInfo_bio 3848 3_0_0 EXIST::FUNCTION:
d2i_OCSP_CERTID 3849 3_0_0 EXIST::FUNCTION:OCSP
EVP_CIPHER_meth_set_init 3850 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0

View File

@ -791,6 +791,11 @@ OCSP_ONEREQ_get_ext_by_critical(3)
OCSP_ONEREQ_get_ext_count(3)
OCSP_ONEREQ_it(3)
OCSP_REQINFO_it(3)
OCSP_REQ_CTX_get0_mem_bio(3)
OCSP_REQ_CTX_http(3)
OCSP_REQ_CTX_new(3)
OCSP_REQ_CTX_nbio(3)
OCSP_REQ_CTX_nbio_d2i(3)
OCSP_REQUEST_add1_ext_i2d(3)
OCSP_REQUEST_add_ext(3)
OCSP_REQUEST_delete_ext(3)
@ -802,11 +807,6 @@ OCSP_REQUEST_get_ext_by_critical(3)
OCSP_REQUEST_get_ext_count(3)
OCSP_REQUEST_it(3)
OCSP_REQUEST_print(3)
OCSP_REQ_CTX_get0_mem_bio(3)
OCSP_REQ_CTX_http(3)
OCSP_REQ_CTX_nbio(3)
OCSP_REQ_CTX_nbio_d2i(3)
OCSP_REQ_CTX_new(3)
OCSP_RESPBYTES_it(3)
OCSP_RESPDATA_it(3)
OCSP_RESPID_it(3)

View File

@ -55,6 +55,7 @@ OSSL_ENCODER_CTX datatype
OSSL_ENCODER_CONSTRUCT datatype
OSSL_ENCODER_CLEANUP datatype
OSSL_ENCODER_INSTANCE datatype
OSSL_HTTP_REQ_CTX datatype
OSSL_STORE_CTX datatype
OSSL_STORE_INFO datatype
OSSL_STORE_LOADER datatype
@ -332,6 +333,10 @@ EVP_seed_cfb define
EVP_sm4_cfb define
OBJ_cleanup define deprecated 1.1.0
OCSP_parse_url define
OCSP_REQ_CTX_add1_header define deprecated 3.0.0
OCSP_REQ_CTX_free define deprecated 3.0.0
OCSP_REQ_CTX_i2d define deprecated 3.0.0
OCSP_set_max_response_length define deprecated 3.0.0
OPENSSL_FILE define
OPENSSL_FUNC define
OPENSSL_LINE define