X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=crypto%2Fcmp%2Fcmp_http.c;h=600955efce87b8ff94c94955015aae637405dade;hb=19f97fe6f10bf0d1daec26a9ae2ad919127c67d5;hp=33b5f6af7a2438cebf0b1e9000f4e43bc398a92d;hpb=e74e562f1c518839cc9b63aafd4af6644e01d9ca;p=thirdparty%2Fopenssl.git diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c index 33b5f6af7a..600955efce 100644 --- a/crypto/cmp/cmp_http.c +++ b/crypto/cmp/cmp_http.c @@ -28,6 +28,19 @@ #include #include +static int keep_alive(int keep_alive, int body_type) +{ + if (keep_alive != 0 + /* Ask for persistent connection only if may need more round trips */ + && body_type != OSSL_CMP_PKIBODY_IR + && body_type != OSSL_CMP_PKIBODY_CR + && body_type != OSSL_CMP_PKIBODY_P10CR + && body_type != OSSL_CMP_PKIBODY_KUR + && body_type != OSSL_CMP_PKIBODY_POLLREQ) + keep_alive = 0; + return keep_alive; +} + /* * Send the PKIMessage req and on success return the response, else NULL. * Any previous error queue entries will likely be removed by ERR_clear_error(). @@ -37,33 +50,54 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, { char server_port[32] = { '\0' }; STACK_OF(CONF_VALUE) *headers = NULL; - const char *const content_type_pkix = "application/pkixcmp"; + const char content_type_pkix[] = "application/pkixcmp"; int tls_used; - OSSL_CMP_MSG *res; + const ASN1_ITEM *it = ASN1_ITEM_rptr(OSSL_CMP_MSG); + BIO *req_mem, *rsp; + OSSL_CMP_MSG *res = NULL; if (ctx == NULL || req == NULL) { - CMPerr(0, CMP_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return NULL; } if (!X509V3_add_value("Pragma", "no-cache", &headers)) return NULL; + if ((req_mem = ASN1_item_i2d_mem_bio(it, (const ASN1_VALUE *)req)) == NULL) + goto err; if (ctx->serverPort != 0) BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort); - tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL; - ossl_cmp_log2(DEBUG, ctx, "connecting to CMP server %s%s", - ctx->server, tls_used ? " using TLS" : ""); - res = (OSSL_CMP_MSG *) - OSSL_HTTP_post_asn1(ctx->server, server_port, ctx->serverPath, - tls_used, ctx->proxy, ctx->no_proxy, NULL, NULL, - ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), - headers, content_type_pkix, (const ASN1_VALUE *)req, - ASN1_ITEM_rptr(OSSL_CMP_MSG), - 0, 0, ctx->msg_timeout, content_type_pkix, - ASN1_ITEM_rptr(OSSL_CMP_MSG)); - ossl_cmp_debug(ctx, "disconnected from CMP server"); + if (ctx->http_ctx == NULL) + ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s", + ctx->server, server_port, tls_used ? " using TLS" : ""); + + rsp = OSSL_HTTP_transfer(&ctx->http_ctx, ctx->server, server_port, + ctx->serverPath, tls_used, + ctx->proxy, ctx->no_proxy, + NULL /* bio */, NULL /* rbio */, + ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), + 0 /* buf_size */, headers, + content_type_pkix, req_mem, + content_type_pkix, 1 /* expect_asn1 */, + OSSL_HTTP_DEFAULT_MAX_RESP_LEN, + ctx->msg_timeout, + keep_alive(ctx->keep_alive, req->body->type)); + BIO_free(req_mem); + res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL); + BIO_free(rsp); + + if (ctx->http_ctx == NULL) + ossl_cmp_debug(ctx, "disconnected from CMP server"); + /* + * Note that on normal successful end of the transaction the connection + * is not closed at this level, but this will be done by the CMP client + * application via OSSL_CMP_CTX_free() or OSSL_CMP_CTX_reinit(). + */ + if (res != NULL) + ossl_cmp_debug(ctx, "finished reading response from CMP server"); + err: sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); return res; }