| #
f99b3495 |
| 22-Oct-2021 |
Tomas Mraz |
OCSP_sendreq_bio: Avoid doublefree of mem BIO
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16886)
|
| #
ab9d67ef |
| 12-Jun-2021 |
Dr. David von Oheimb |
HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c
For this reason, export this function, which allows removing http_local.h
Reviewed-by: Tomas Mraz <tom
HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c
For this reason, export this function, which allows removing http_local.h
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15764)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
| #
19f97fe6 |
| 27-Apr-2021 |
Dr. David von Oheimb |
HTTP: Implement persistent connections (keep-alive)
Both at API and at CLI level (for the CMP app only, so far)
there is a new parameter/option: keep_alive.
* 0 means HTTP connection
HTTP: Implement persistent connections (keep-alive)
Both at API and at CLI level (for the CMP app only, so far)
there is a new parameter/option: keep_alive.
* 0 means HTTP connections are not kept open after
receiving a response, which is the default behavior for HTTP 1.0.
* 1 means that persistent connections are requested.
* 2 means that persistent connections are required, i.e.,
in case the server does not grant them an error occurs.
For the CMP app the default value is 1, which means preferring to keep
the connection open. For all other internal uses of the HTTP client
(fetching an OCSP response, a cert, or a CRL) it does not matter
because these operations just take one round trip.
If the client application requested or required a persistent connection
and this was granted by the server, it can keep the OSSL_HTTP_REQ_CTX *
as long as it wants to send further requests and OSSL_HTTP_is_alive()
returns nonzero,
else it should call OSSL_HTTP_REQ_CTX_free() or OSSL_HTTP_close().
In case the client application keeps the OSSL_HTTP_REQ_CTX *
but the connection then dies for any reason at the server side, it will
notice this obtaining an I/O error when trying to send the next request.
This requires extending the HTTP header parsing and
rearranging the high-level HTTP client API. In particular:
* Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
* Split the timeout functionality accordingly and improve default behavior.
* Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().
* Extend struct ossl_http_req_ctx_st accordingly.
Use the new feature for the CMP client, which requires extending
related transaction management of CMP client and test server.
Update the documentation and extend the tests accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)
show more ...
|
| #
68bb06f7 |
| 12-May-2021 |
Dr. David von Oheimb |
HTTP client: Rename 'maxline' parameter to 'buf_size' for clarity
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)
|
| #
8f965908 |
| 04-May-2021 |
Dr. David von Oheimb |
HTTP client: Minimal changes that include the improved API
This is a minimal version of pull request #15053 including all the
proposed improvements to the HTTP client API and its documen
HTTP client: Minimal changes that include the improved API
This is a minimal version of pull request #15053 including all the
proposed improvements to the HTTP client API and its documentation
but only those code adaptations strictly needed for it.
The proposed new features include
* support for persistent connections (keep-alive),
* generalization to arbitrary request and response types, and
* support for streaming BIOs for request and response data.
The related API changes include:
* Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
* Split the timeout functionality accordingly and improve default behavior.
* Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15147)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
| #
534725fd |
| 20-Mar-2021 |
Dr. David von Oheimb |
HTTP: Fix method_POST param by moving it to OSSL_HTTP_REQ_CTX_set_request_line()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14699)
|
| #
1c8505fb |
| 20-Mar-2021 |
Dr. David von Oheimb |
HTTP: Rename OSSL_HTTP_REQ_CTX_i2d() to OSSL_HTTP_REQ_CTX_set1_req()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14677)
|
|
Revision tags: openssl-3.0.0-alpha13 |
|
| #
73e6e3e0 |
| 01-Mar-2021 |
Dr. David von Oheimb |
Simplify OCSP_sendreq_bio()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14356)
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
| #
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
|
| #
c9603dfa |
| 18-Jan-2021 |
Dr. David von Oheimb |
OCSP HTTP: Restore API of undocumented and recently deprecated functions
Restore parameters of OCSP_REQ_CTX_new(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_i2d().
Fix a bug (wrong HTTP method s
OCSP HTTP: Restore API of undocumented and recently deprecated functions
Restore parameters of OCSP_REQ_CTX_new(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_i2d().
Fix a bug (wrong HTTP method selected on req == NULL in OCSP_sendreq_new().
Minor further fixes in OSSL_HTTP_REQ_CTX.pod
Fixes #13873
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha10 |
|
| #
83b6dc8d |
| 26-Dec-2020 |
Rich Salz |
Deprecate OCSP_xxx API for OSSL_HTTP_xxx
Deprecations made:
OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX
OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new
OCSP_REQ_CTX_free->OSSL_HT
Deprecate OCSP_xxx API for OSSL_HTTP_xxx
Deprecations made:
OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX
OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new
OCSP_REQ_CTX_free->OSSL_HTTP_REQ_CTX_free
OCSP_REQ_CTX_http-> OSSL_HTTP_REQ_CTX_header
OCSP_REQ_CTX_add1_header->OSSL_HTTP_REQ_CTX_add1_header
OCSP_REQ_CTX_i2d->OSSL_HTTP_REQ_CTX_i2d
OCSP_REQ_CTX_get0_mem_bio->OSSL_HTTP_REQ_CTX_get0_mem_bio
OCSP_set_max_response_length->OSSL_HTTP_REQ_CTX_set_max_response_length
OCSP_REQ_CTX_nbio_d2i->OSSL_HTTP_REQ_CTX_sendreq_d2i
OCSP_REQ_CTX_nbio->OSSL_HTTP_REQ_CTX_nbio
Made some editorial changes to man3/OCSP_sendreq.pod; move the NOTES
text inline. Some of the original functions had no documentation:
OCSP_REQ_CTX_new, OCSP_REQ_CTX_http, OCSP_REQ_CTX_get0_mem_bio,
OCSP_REQ_CTX_nbio_d2i, and OCSP_REQ_CTX_nbio. Their new counterparts
are now documented in doc/man3/OSSL_HTTP_REQ_CTX.pod
Fixes #12234
Co-authored-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13742)
show more ...
|
|
Revision tags: OpenSSL_1_1_1i |
|
| #
ecef17c3 |
| 05-Dec-2020 |
Rich Salz |
Deprecate OCSP_REQ_CTX_set1_req
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl
Deprecate OCSP_REQ_CTX_set1_req
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13620)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
e8d0819d |
| 21-Feb-2020 |
Dr. David von Oheimb |
Don't exclude quite so much in a no-sock build
We were excluding more code than we needed to in the OCSP/HTTP code in
the event of no-sock. We should also not assume that a BIO passed to
Don't exclude quite so much in a no-sock build
We were excluding more code than we needed to in the OCSP/HTTP code in
the event of no-sock. We should also not assume that a BIO passed to our
API is socket based.
This fixes the no-sock build
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11134)
show more ...
|
|
Revision tags: OpenSSL_1_0_2u |
|
| #
29f178bd |
| 30-Oct-2019 |
Dr. David von Oheimb |
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c
The new client has become an independent libcrpyto module in crypto/http/ and
* can handle any types of requests
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c
The new client has become an independent libcrpyto module in crypto/http/ and
* can handle any types of requests and responses (ASN.1-encoded and plain)
* does not include potentially busy loops when waiting for responses but
* makes use of a new timeout mechanism integrated with socket-based BIO
* supports the use of HTTP proxies and TLS, including HTTPS over proxies
* supports HTTP redirection via codes 301 and 302 for GET requests
* returns more useful diagnostics in various error situations
Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/,
crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10667)
show more ...
|
