#include <certificate-impl.h>
#include <openssl_utils.h>
#include <ckm/ckm-error.h>
+#include <vconf.h>
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
OCSP_CERTID *certid = NULL;
BIO *cbio = NULL;
SSL_CTX *use_ssl_ctx = NULL;
- char *host = NULL, *port = NULL, *path = NULL;
+ std::string host, port, path;
ASN1_GENERALIZEDTIME *rev = NULL;
ASN1_GENERALIZEDTIME *thisupd = NULL;
ASN1_GENERALIZEDTIME *nextupd = NULL;
std::vector<char> url(constUrl.begin(), constUrl.end());
url.push_back(0);
- if (!OCSP_parse_url(url.data(), &host, &port, &path, &use_ssl))
- /* report error */
- return CKM_API_OCSP_STATUS_INVALID_URL;
+ {
+ char *chost = NULL, *cport = NULL, *cpath = NULL;
+
+ if (!OCSP_parse_url(url.data(), &chost, &cport, &cpath, &use_ssl))
+ /* report error */
+ return CKM_API_OCSP_STATUS_INVALID_URL;
+
+ if (chost) host = chost;
+ if (cport) port = cport;
+ if (cpath) path = cpath;
+
+ OPENSSL_free(chost);
+ OPENSSL_free(cport);
+ OPENSSL_free(cpath);
+ }
LogDebug("Host: " << host);
LogDebug("Port: " << port);
LogDebug("Path: " << path);
LogDebug("Use_ssl: " << use_ssl);
- cbio = BIO_new_connect(host);
+ std::unique_ptr<char, decltype(free)*> proxy(vconf_get_str(VCONFKEY_NETWORK_PROXY), free);
+
+ if (proxy && strlen(proxy.get()) > 0) {
+ char *phost = NULL, *pport = NULL, *ppath = NULL;
+
+ LogDebug("Using proxy: " << proxy.get());
+
+ if (!OCSP_parse_url(proxy.get(), &phost, &pport, &ppath, &use_ssl)) {
+ return CKM_API_OCSP_STATUS_INVALID_URL;
+ }
+
+ path = url.data();
+ if (phost) host = phost;
+ if (pport) port = pport;
+
+ OPENSSL_free(phost);
+ OPENSSL_free(pport);
+ OPENSSL_free(ppath);
+ }
+
+ cbio = BIO_new_connect(host.c_str());
if (cbio == NULL) {
/*BIO_printf(bio_err, "Error creating connect BIO\n");*/
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
- if (port != NULL)
- BIO_set_conn_port(cbio, port);
+ if (!port.empty())
+ BIO_set_conn_port(cbio, port.c_str());
if (use_ssl == 1) {
BIO *sbio = NULL;
ERR_print_errors(bioLogger.get());
/* report error */
- /* free stuff */
- if (host != NULL)
- OPENSSL_free(host);
-
- if (port != NULL)
- OPENSSL_free(port);
-
- if (path != NULL)
- OPENSSL_free(path);
-
- host = port = path = NULL;
-
if (use_ssl && use_ssl_ctx)
SSL_CTX_free(use_ssl_ctx);
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
- resp = OCSP_sendreq_bio(cbio, path, req);
-
- /* free some stuff we no longer need */
- if (host != NULL)
- OPENSSL_free(host);
-
- if (port != NULL)
- OPENSSL_free(port);
-
- if (path != NULL)
- OPENSSL_free(path);
-
- host = port = path = NULL;
+ resp = OCSP_sendreq_bio(cbio, path.c_str(), req);
if (use_ssl && use_ssl_ctx)
SSL_CTX_free(use_ssl_ctx);