cert auth: use a single callback to call for OCSP

That is, when selecting the certificate to use, point to
the callback to use as well (whether it being the global or
a specific) one, for OCSP.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 465bcf4888f83f50bbe1d5748d751322eec7b14f..54a15db2ad34302a3878e536484725a3c25d9384 100644 (file)
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -394,7 +394,7 @@ call_get_cert_callback(gnutls_session_t session,
                selected_certs_set(session, pcert, pcert_length,
                                   ocsp, ocsp_length,
                                   local_key, flags&GNUTLS_CERT_RETR_DEINIT_ALL?1:0,
-                                  NULL, NULL);
+                                  cred->glob_ocsp_func, cred->glob_ocsp_func_ptr);
 
                return 0;
        } else {
@@ -1427,23 +1427,29 @@ _gnutls_server_select_cert(gnutls_session_t session, const gnutls_cipher_suite_e
         */
  finished:
        if (idx >= 0) {
-               if (cred->certs[idx].ocsp_func) {
-                       selected_certs_set(session,
-                                          &cred->certs[idx].cert_list[0],
-                                          cred->certs[idx].cert_list_length,
-                                          NULL, 0,
-                                          cred->certs[idx].pkey, 0,
-                                          cred->certs[idx].ocsp_func,
-                                          cred->certs[idx].ocsp_func_ptr);
-               } else {
-                       selected_certs_set(session,
-                                          &cred->certs[idx].cert_list[0],
-                                          cred->certs[idx].cert_list_length,
-                                          &cred->certs[idx].ocsp_data[0],
-                                          cred->certs[idx].ocsp_data_length,
-                                          cred->certs[idx].pkey, 0,
-                                          NULL, NULL);
+               gnutls_status_request_ocsp_func ocsp_func = NULL;
+               void *ocsp_ptr = NULL;
+               gnutls_ocsp_data_st *ocsp = NULL;
+               unsigned nocsp = 0;
+
+               if (cred->certs[idx].ocsp_data_length > 0) {
+                       ocsp = &cred->certs[idx].ocsp_data[0];
+                       nocsp = cred->certs[idx].ocsp_data_length;
+               } else if (cred->glob_ocsp_func != NULL) {
+                       ocsp_func = cred->glob_ocsp_func;
+                       ocsp_ptr = cred->glob_ocsp_func_ptr;
+               } else if (cred->certs[idx].ocsp_func != NULL) {
+                       ocsp_func = cred->certs[idx].ocsp_func;
+                       ocsp_ptr = cred->certs[idx].ocsp_func_ptr;
                }
+
+               selected_certs_set(session,
+                                  &cred->certs[idx].cert_list[0],
+                                  cred->certs[idx].cert_list_length,
+                                  ocsp, nocsp,
+                                  cred->certs[idx].pkey, 0,
+                                  ocsp_func,
+                                  ocsp_ptr);
        } else {
                gnutls_assert();
                /* Certificate does not support REQUESTED_ALGO.  */

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index a16a092e22963ef7566f35cdeedcce53881b5fd1..550b4307d39298906b95df8f0ec24034658ad148 100644 (file)
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -192,9 +192,6 @@ server_send(gnutls_session_t session,
        } else if (session->internals.selected_ocsp_func) {
                func = session->internals.selected_ocsp_func;
                func_ptr = session->internals.selected_ocsp_func_ptr;
-       } else if (cred->glob_ocsp_func) {
-               func = cred->glob_ocsp_func;
-               func_ptr = cred->glob_ocsp_func_ptr;
        } else {
                return 0;
        }

diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c
index b8451220e9fb0d218c5d13aa10bbf9c3d6371fac..1d688de0b2462f96e1c570b3f77032da81df49bc 100644 (file)
--- a/lib/tls13/certificate.c
+++ b/lib/tls13/certificate.c
@@ -123,7 +123,7 @@ int append_status_request(void *_ctx, gnutls_buffer_st *buf)
        gnutls_datum_t resp;
        unsigned free_resp = 0;
 
-       assert(session->internals.selected_ocsp_func != NULL || ctx->cred->glob_ocsp_func != NULL ||
+       assert(session->internals.selected_ocsp_func != NULL ||
               session->internals.selected_ocsp_length != 0);
 
        /* The global ocsp callback function can only be used to return
@@ -152,13 +152,6 @@ int append_status_request(void *_ctx, gnutls_buffer_st *buf)
                } else {
                        return 0;
                }
-       } else if (ctx->cred->glob_ocsp_func) {
-               if (ctx->cert_index == 0) {
-                       ret = ctx->cred->glob_ocsp_func(session, ctx->cred->glob_ocsp_func_ptr, &resp);
-                       free_resp = 1;
-               } else {
-                       return 0;
-               }
        } else
                return 0;
 
@@ -261,8 +254,7 @@ int _gnutls13_send_certificate(gnutls_session_t session, unsigned again)
 
 #ifdef ENABLE_OCSP
                        if ((session->internals.selected_ocsp_length > 0 ||
-                            session->internals.selected_ocsp_func ||
-                            cred->glob_ocsp_func) &&
+                            session->internals.selected_ocsp_func) &&
                            _gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_STATUS_REQUEST)) {
                                /* append status response if available */
                                ret = _gnutls_extv_append_init(&buf);