openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

allow to disable http 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21108)
This commit is contained in:
Vladimír Kotal 2023-06-01 19:55:54 +02:00 committed by Pauli
parent c69756e7a0
commit 3ca28c9e81
18 changed files with 131 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/run-checker-ci.yml vendored
View File

@ -23,9 +23,9 @@ jobs:
no-dtls,
no-ec,
no-ec2m,
no-http,
no-siv,
no-legacy,
no-rfc3779,
no-sock,
no-srp,
no-srtp,

5
Configure
View File

@ -459,6 +459,7 @@ my @disablables = (
"fuzz-afl",
"fuzz-libfuzzer",
"gost",
"http",
"idea",
"ktls",
"legacy",
@ -672,7 +673,9 @@ my @disable_cascades = (
"blake2" => [ "argon2" ],
"deprecated-3.0" => [ "engine", "srp" ]
"deprecated-3.0" => [ "engine", "srp" ],
"http" => [ "ocsp" ]
);
# Avoid protocol support holes. Also disable all versions below N, if version

66
apps/cmp.c
View File

@ -68,7 +68,7 @@ typedef enum {
} cmp_cmd_t;
/* message transfer */
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
static char *opt_server = NULL;
static char *opt_proxy = NULL;
static char *opt_no_proxy = NULL;
@ -141,7 +141,7 @@ static int opt_keyform = FORMAT_UNDEF;
static char *opt_otherpass = NULL;
static char *opt_engine = NULL;
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
/* TLS connection */
static int opt_tls_used = 0;
static char *opt_tls_cert = NULL;
@ -164,7 +164,7 @@ static char *opt_rspout = NULL;
static int opt_use_mock_srv = 0;
/* mock server */
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
static char *opt_port = NULL;
static int opt_max_msgs = 0;
#endif
@ -213,7 +213,7 @@ typedef enum OPTION_choice {
OPT_OLDCERT, OPT_REVREASON,
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
OPT_SERVER, OPT_PROXY, OPT_NO_PROXY,
#endif
OPT_RECIPIENT, OPT_PATH,
@ -236,7 +236,7 @@ typedef enum OPTION_choice {
OPT_PROV_ENUM,
OPT_R_ENUM,
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY,
OPT_TLS_KEYPASS,
OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST,
@ -246,7 +246,7 @@ typedef enum OPTION_choice {
OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT,
OPT_USE_MOCK_SRV,
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
OPT_PORT, OPT_MAX_MSGS,
#endif
OPT_SRV_REF, OPT_SRV_SECRET,
@ -346,9 +346,9 @@ const OPTIONS cmp_options[] = {
"0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"},
OPT_SECTION("Message transfer"),
#ifdef OPENSSL_NO_SOCK
#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
{OPT_MORE_STR, 0, 0,
"NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"},
"NOTE: -server, -proxy, and -no_proxy not supported due to no-sock/no-http build"},
#else
{"server", OPT_SERVER, 's',
"[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."},
@ -441,9 +441,9 @@ const OPTIONS cmp_options[] = {
OPT_R_OPTIONS,
OPT_SECTION("TLS connection"),
#ifdef OPENSSL_NO_SOCK
#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
{OPT_MORE_STR, 0, 0,
"NOTE: -tls_used and all other TLS options not supported due to no-sock build"},
"NOTE: -tls_used and all other TLS options not supported due to no-sock/no-http build"},
#else
{"tls_used", OPT_TLS_USED, '-',
"Enable using TLS (also when other TLS options are not set)"},
@ -482,9 +482,9 @@ const OPTIONS cmp_options[] = {
"Use internal mock server at API level, bypassing socket-based HTTP"},
OPT_SECTION("Mock server"),
#ifdef OPENSSL_NO_SOCK
#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
{OPT_MORE_STR, 0, 0,
"NOTE: -port and -max_msgs not supported due to no-sock build"},
"NOTE: -port and -max_msgs not supported due to no-sock/no-http build"},
#else
{"port", OPT_PORT, 's',
"Act as HTTP-based mock server listening on given port"},
@ -571,7 +571,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{&opt_oldcert}, {(char **)&opt_revreason},
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
{&opt_server}, {&opt_proxy}, {&opt_no_proxy},
#endif
{&opt_recipient}, {&opt_path}, {(char **)&opt_keep_alive},
@ -593,7 +593,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{&opt_engine},
#endif
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
{(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key},
{&opt_tls_keypass},
{&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host},
@ -604,7 +604,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{&opt_reqout}, {&opt_rspin}, {&opt_rspout},
{(char **)&opt_use_mock_srv},
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
{&opt_port}, {(char **)&opt_max_msgs},
#endif
{&opt_srv_ref}, {&opt_srv_secret},
@ -807,7 +807,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
CMP_warn("too few -rspin filename arguments; resorting to using mock server");
res = OSSL_CMP_CTX_server_perform(ctx, actual_req);
} else {
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server == NULL) {
CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments");
goto err;
@ -816,7 +816,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
CMP_warn("too few -rspin filename arguments; resorting to contacting server");
res = OSSL_CMP_MSG_http_perform(ctx, actual_req);
#else
CMP_err("-server not supported on no-sock build; missing -use_mock_srv option or too few -rspin filename arguments");
CMP_err("-server not supported on no-sock/no-http build; missing -use_mock_srv option or too few -rspin filename arguments");
#endif
}
rspin_in_use = 0;
@ -1232,7 +1232,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
return 1;
}
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
/*
* set up ssl_ctx for the OSSL_CMP_CTX based on options from config file/CLI.
* Returns pointer on success, NULL on error
@ -1854,7 +1854,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
{
int ret = 0;
char *host = NULL, *port = NULL, *path = NULL, *used_path = opt_path;
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
int portnum, use_ssl;
static char server_port[32] = { '\0' };
const char *proxy_host = NULL;
@ -1863,7 +1863,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
char proxy_buf[200] = "";
if (!opt_use_mock_srv && opt_rspin == NULL) { /* note: -port is not given */
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server == NULL) {
CMP_err("missing -server or -use_mock_srv or -rspin option");
goto err;
@ -1873,7 +1873,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
goto err;
#endif
}
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server == NULL) {
if (opt_proxy != NULL)
CMP_warn("ignoring -proxy option since -server is not given");
@ -1967,7 +1967,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|| opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv)
(void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp);
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_tls_used) {
APP_HTTP_TLS_INFO *info;
@ -2404,7 +2404,7 @@ static int get_opts(int argc, char **argv)
if (!set_verbosity(opt_int_arg()))
goto opthelp;
break;
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
case OPT_SERVER:
opt_server = opt_str();
break;
@ -2434,7 +2434,7 @@ static int get_opts(int argc, char **argv)
case OPT_TOTAL_TIMEOUT:
opt_total_timeout = opt_int_arg();
break;
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
case OPT_TLS_USED:
opt_tls_used = 1;
break;
@ -2650,7 +2650,7 @@ static int get_opts(int argc, char **argv)
opt_use_mock_srv = 1;
break;
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
case OPT_PORT:
opt_port = opt_str();
break;
@ -2739,7 +2739,7 @@ static int get_opts(int argc, char **argv)
return 1;
}
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx)
{
BIO *acbio;
@ -2827,7 +2827,7 @@ static void print_status(void)
OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN);
const char *from = "", *server = "";
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server != NULL) {
from = " from ";
server = opt_server;
@ -3006,7 +3006,7 @@ int cmp_main(int argc, char **argv)
goto err;
}
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_tls_cert == NULL && opt_tls_key == NULL && opt_tls_keypass == NULL
&& opt_tls_extra == NULL && opt_tls_trusted == NULL
&& opt_tls_host == NULL) {
@ -3040,7 +3040,7 @@ int cmp_main(int argc, char **argv)
#endif
if (opt_use_mock_srv
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|| opt_port != NULL
#endif
) {
@ -3057,7 +3057,7 @@ int cmp_main(int argc, char **argv)
OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
}
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_tls_used && (opt_use_mock_srv || opt_server == NULL)) {
CMP_warn("ignoring -tls_used option since -use_mock_srv is given or -server is not given");
opt_tls_used = 0;
@ -3145,7 +3145,7 @@ int cmp_main(int argc, char **argv)
cleanse(opt_keypass);
cleanse(opt_newkeypass);
cleanse(opt_otherpass);
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
cleanse(opt_tls_keypass);
#endif
cleanse(opt_secret);
@ -3156,7 +3156,7 @@ int cmp_main(int argc, char **argv)
OSSL_CMP_CTX_print_errors(cmp_ctx);
if (cmp_ctx != NULL) {
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx);
(void)OSSL_CMP_CTX_set_http_cb_arg(cmp_ctx, NULL);
@ -3165,7 +3165,7 @@ int cmp_main(int argc, char **argv)
X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx));
/* cannot free info already here, as it may be used indirectly by: */
OSSL_CMP_CTX_free(cmp_ctx);
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (info != NULL) {
OPENSSL_free((char *)info->server);
OPENSSL_free((char *)info->port);

2
apps/lib/apps.c
View File

@ -2499,7 +2499,7 @@ void store_setup_crl_download(X509_STORE *st)
X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
}
#ifndef OPENSSL_NO_SOCK
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
static const char *tls_error_hint(void)
{
unsigned long err = ERR_peek_error();

9
apps/s_client.c
View File

@ -1654,6 +1654,7 @@ int s_client_main(int argc, char **argv)
}
if (proxystr != NULL) {
#ifndef OPENSSL_NO_HTTP
int res;
char *tmp_host = host, *tmp_port = port;
@ -1688,8 +1689,14 @@ int s_client_main(int argc, char **argv)
"%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
#else
BIO_printf(bio_err,
"%s: -proxy not supported in no-http build\n", prog);
goto end;
#endif
}
if (bindstr != NULL) {
int res;
res = BIO_parse_hostserv(bindstr, &bindhost, &bindport,
@ -2341,12 +2348,14 @@ int s_client_main(int argc, char **argv)
sbuf_len = 0;
sbuf_off = 0;
#ifndef OPENSSL_NO_HTTP
if (proxystr != NULL) {
/* Here we must use the connect string target host & port */
if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
0 /* no timeout */, bio_err, prog))
goto shut;
}
#endif
switch ((PROTOCOL_CHOICE) starttls_proto) {
case PROTO_OFF:

11
crypto/cmp/build.info
View File

@ -1,4 +1,11 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]= cmp_asn.c cmp_ctx.c cmp_err.c cmp_util.c \
$OPENSSLSRC=\
cmp_asn.c cmp_ctx.c cmp_err.c cmp_util.c \
cmp_status.c cmp_hdr.c cmp_protect.c cmp_msg.c cmp_vfy.c \
cmp_server.c cmp_client.c cmp_genm.c cmp_http.c
cmp_server.c cmp_client.c cmp_genm.c
IF[{- !$disabled{'http'} -}]
$OPENSSLSRC=$OPENSSLSRC cmp_http.c
ENDIF
SOURCE[../../libcrypto]=$OPENSSLSRC

2
crypto/cmp/cmp_client.c
View File

@ -134,8 +134,10 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
int time_left;
OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb;
#ifndef OPENSSL_NO_HTTP
if (transfer_cb == NULL)
transfer_cb = OSSL_CMP_MSG_http_perform;
#endif
*rep = NULL;
if (ctx->total_timeout != 0 /* not waiting indefinitely */) {

6
crypto/cmp/cmp_ctx.c
View File

@ -163,11 +163,13 @@ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
return 0;
}
#ifndef OPENSSL_NO_HTTP
if (ctx->http_ctx != NULL) {
(void)OSSL_HTTP_close(ctx->http_ctx, 1);
ossl_cmp_debug(ctx, "disconnected from CMP server");
ctx->http_ctx = NULL;
}
#endif
ctx->status = OSSL_CMP_PKISTATUS_unspecified;
ctx->failInfoCode = -1;
@ -191,10 +193,12 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
if (ctx == NULL)
return;
#ifndef OPENSSL_NO_HTTP
if (ctx->http_ctx != NULL) {
(void)OSSL_HTTP_close(ctx->http_ctx, 1);
ossl_cmp_debug(ctx, "disconnected from CMP server");
}
#endif
OPENSSL_free(ctx->propq);
OPENSSL_free(ctx->serverPath);
OPENSSL_free(ctx->server);
@ -813,6 +817,7 @@ DEFINE_OSSL_CMP_CTX_set1(server, char)
/* Set the server exclusion list of the HTTP proxy server */
DEFINE_OSSL_CMP_CTX_set1(no_proxy, char)
#ifndef OPENSSL_NO_HTTP
/* Set the http connect/disconnect callback function to be used for HTTP(S) */
DEFINE_OSSL_set(OSSL_CMP_CTX, http_cb, OSSL_HTTP_bio_cb_t)
@ -824,6 +829,7 @@ DEFINE_OSSL_set(OSSL_CMP_CTX, http_cb_arg, void *)
* Returns callback argument set previously (NULL if not set or on error)
*/
DEFINE_OSSL_get(OSSL_CMP_CTX, http_cb_arg, void *, NULL)
#endif
/* Set callback function for sending CMP request and receiving response */
DEFINE_OSSL_set(OSSL_CMP_CTX, transfer_cb, OSSL_CMP_transfer_cb_t)

2
crypto/cmp/cmp_local.h
View File

@ -51,8 +51,10 @@ struct ossl_cmp_ctx_st {
int total_timeout; /* max number of seconds an enrollment may take, incl. */
/* attempts polling for a response if a 'waiting' PKIStatus is received */
time_t end_time; /* session start time + totaltimeout */
# ifndef OPENSSL_NO_HTTP
OSSL_HTTP_bio_cb_t http_cb;
void *http_cb_arg; /* allows to store optional argument to cb */
# endif
/* server authentication */
/*

2
crypto/err/err_all.c
View File

@ -85,7 +85,9 @@ int ossl_err_load_crypto_strings(void)
# ifndef OPENSSL_NO_ENGINE
|| ossl_err_load_ENGINE_strings() == 0
# endif
# ifndef OPENSSL_NO_HTTP
|| ossl_err_load_HTTP_strings() == 0
# endif
# ifndef OPENSSL_NO_OCSP
|| ossl_err_load_OCSP_strings() == 0
# endif

4
crypto/x509/x_all.c
View File

@ -98,6 +98,7 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
int timeout, const ASN1_ITEM *it)
{
#ifndef OPENSSL_NO_HTTP
BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
bio, rbio, NULL /* cb */, NULL /* arg */,
1024 /* buf_size */, NULL /* headers */,
@ -107,6 +108,9 @@ static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
BIO_free(mem);
return res;
#else
return 0;
#endif
}
X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)

4
include/openssl/cmp.h.in
View File

@ -308,9 +308,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
# ifndef OPENSSL_NO_HTTP
int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
# endif
typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req);
int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@ -408,8 +410,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
X509_STORE *trusted_store, X509 *cert);
/* from cmp_http.c */
# ifndef OPENSSL_NO_HTTP
OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req);
# endif
/* from cmp_server.c */
typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;

4
include/openssl/http.h
View File

@ -33,6 +33,8 @@ extern "C" {
# define OPENSSL_HTTP_PROXY "HTTP_PROXY"
# define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
# ifndef OPENSSL_NO_HTTP
#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
const char *server, int use_ssl);
# endif /* !defined(OPENSSL_NO_HTTP) */
# ifdef __cplusplus
}
# endif

18
test/build.info
View File

@ -57,7 +57,7 @@ IF[{- !$disabled{tests} -}]
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
recordlentest drbgtest rand_status_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
http_test servername_test ocspapitest fatalerrtest tls13ccstest \
servername_test ocspapitest fatalerrtest tls13ccstest \
sysdefaulttest errtest ssl_ctx_test build_wincrypt_test \
context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
@ -515,12 +515,14 @@ IF[{- !$disabled{tests} -}]
DEPEND[ocspapitest]=../libcrypto libtestutil.a
IF[{- !$disabled{sock} -}]
PROGRAMS{noinst}=http_test
ENDIF
IF[{- !$disabled{http} -}]
PROGRAMS{noinst}=http_test
SOURCE[http_test]=http_test.c
INCLUDE[http_test]=../include ../apps/include
DEPEND[http_test]=../libcrypto libtestutil.a
SOURCE[http_test]=http_test.c
INCLUDE[http_test]=../include ../apps/include
DEPEND[http_test]=../libcrypto libtestutil.a
ENDIF
ENDIF
SOURCE[dtlstest]=dtlstest.c helpers/ssltestlib.c
INCLUDE[dtlstest]=../include ../apps/include
@ -590,10 +592,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[ciphername_test]=../include ../apps/include
DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
SOURCE[http_test]=http_test.c
INCLUDE[http_test]=../include ../apps/include
DEPEND[http_test]=../libcrypto libtestutil.a
SOURCE[servername_test]=servername_test.c helpers/ssltestlib.c
INCLUDE[servername_test]=../include ../apps/include
DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a

8
test/cmp_ctx_test.c
View File

@ -318,10 +318,12 @@ static int test_cmp_ctx_log_cb(void)
return result;
}
#ifndef OPENSSL_NO_HTTP
static BIO *test_http_cb(BIO *bio, void *arg, int use_ssl, int detail)
{
return NULL;
}
#endif
static OSSL_CMP_MSG *test_transfer_cb(OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req)
@ -560,7 +562,9 @@ static X509_STORE *X509_STORE_new_1(void)
STACK_OF(TYPE)*, NULL, IS_0, \
sk_##TYPE##_new_null(), sk_##TYPE##_free)
#ifndef OPENSSL_NO_HTTP
typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t;
#endif
#define DEFINE_SET_CB_TEST(FIELD) \
static OSSL_CMP_##FIELD##_t OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \
{ \
@ -746,8 +750,10 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, server, char)
DEFINE_SET_INT_TEST(serverPort)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, proxy, char)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, no_proxy, char)
#ifndef OPENSSL_NO_HTTP
DEFINE_SET_CB_TEST(http_cb)
DEFINE_SET_GET_P_VOID_TEST(http_cb_arg)
#endif
DEFINE_SET_CB_TEST(transfer_cb)
DEFINE_SET_GET_P_VOID_TEST(transfer_cb_arg)
@ -837,8 +843,10 @@ int setup_tests(void)
ADD_TEST(test_CTX_set_get_serverPort);
ADD_TEST(test_CTX_set1_get0_proxy);
ADD_TEST(test_CTX_set1_get0_no_proxy);
#ifndef OPENSSL_NO_HTTP
ADD_TEST(test_CTX_set_get_http_cb);
ADD_TEST(test_CTX_set_get_http_cb_arg);
#endif
ADD_TEST(test_CTX_set_get_transfer_cb);
ADD_TEST(test_CTX_set_get_transfer_cb_arg);
/* server authentication: */

5
test/recipes/79-test_http.t
View File

@ -12,11 +12,16 @@ use OpenSSL::Test::Utils;
setup("test_http");
plan skip_all => "HTTP protocol is not supported by this OpenSSL build"
if disabled('http');
plan skip_all => "not supported by no-sock build" if disabled('sock');
plan tests => 2;
SKIP: {
skip "sockets disabled", 1 if disabled("sock");
skip "OCSP disabled", 1 if disabled("ocsp");
skip "HTTP disabled", 1 if disabled("http");
my $cmd = [qw{openssl ocsp -index any -port 0}];
my @output = run(app($cmd), capture => 1);
$output[0] =~ s/\r\n/\n/g;

2
test/recipes/80-test_cmp_http.t
View File

@ -30,6 +30,8 @@ plan skip_all => "These tests are not supported in a no-ec build"
if disabled("ec");
plan skip_all => "These tests are not supported in a no-sock build"
if disabled("sock");
plan skip_all => "These tests are not supported in a no-http build"
if disabled("http");
plan skip_all => "Tests involving local HTTP server not available on Windows or VMS"
if $^O =~ /^(VMS|MSWin32|msys)$/;

54
util/libcrypto.num
View File

@ -133,7 +133,7 @@ d2i_OCSP_BASICRESP 134 3_0_0 EXIST::FUNCTION:OCSP
X509v3_add_ext 135 3_0_0 EXIST::FUNCTION:
X509v3_addr_subset 136 3_0_0 EXIST::FUNCTION:RFC3779
CRYPTO_strndup 137 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_free 138 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_free 138 3_0_0 EXIST::FUNCTION:HTTP
X509_STORE_new 140 3_0_0 EXIST::FUNCTION:
ASN1_TYPE_free 141 3_0_0 EXIST::FUNCTION:
PKCS12_BAGS_new 142 3_0_0 EXIST::FUNCTION:
@ -266,7 +266,7 @@ WHIRLPOOL_Init 271 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
EVP_OpenInit 272 3_0_0 EXIST::FUNCTION:
OCSP_response_get1_basic 273 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_gcm128_tag 274 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_parse_url 275 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_parse_url 275 3_0_0 EXIST::FUNCTION:HTTP
UI_get0_test_string 276 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_free 277 3_0_0 EXIST::FUNCTION:
DSA_print_fp 278 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
@ -614,7 +614,7 @@ UI_get0_result_string 629 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_add_policy 630 3_0_0 EXIST::FUNCTION:TS
X509_REQ_dup 631 3_0_0 EXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
OSSL_HTTP_REQ_CTX_exchange 634 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_exchange 634 3_0_0 EXIST::FUNCTION:HTTP
d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:
@ -1114,7 +1114,7 @@ PEM_write_bio_PKCS7 1141 3_0_0 EXIST::FUNCTION:
MDC2_Final 1142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
SMIME_crlf_copy 1143 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_count 1144 3_0_0 EXIST::FUNCTION:OCSP
OSSL_HTTP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION:HTTP
X509_load_cert_crl_file 1146 3_0_0 EXIST::FUNCTION:
EVP_PKEY_new_mac_key 1147 3_0_0 EXIST::FUNCTION:
DIST_POINT_new 1148 3_0_0 EXIST::FUNCTION:
@ -1378,7 +1378,7 @@ BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION:
SHA512 1412 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION:
EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION:HTTP
EVP_MD_CTX_reset 1416 3_0_0 EXIST::FUNCTION:
X509_NAME_new 1417 3_0_0 EXIST::FUNCTION:
ASN1_item_pack 1418 3_0_0 EXIST::FUNCTION:
@ -1576,7 +1576,7 @@ BIO_ADDRINFO_address 1613 3_0_0 EXIST::FUNCTION:SOCK
ASN1_STRING_print_ex 1614 3_0_0 EXIST::FUNCTION:
i2d_CMS_ReceiptRequest 1615 3_0_0 EXIST::FUNCTION:CMS
d2i_TS_REQ_fp 1616 3_0_0 EXIST::FUNCTION:STDIO,TS
OSSL_HTTP_REQ_CTX_set1_req 1617 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_set1_req 1617 3_0_0 EXIST::FUNCTION:HTTP
EVP_PKEY_get_default_digest_nid 1618 3_0_0 EXIST::FUNCTION:
ASIdOrRange_new 1619 3_0_0 EXIST::FUNCTION:RFC3779
ASN1_SCTX_new 1620 3_0_0 EXIST::FUNCTION:
@ -1592,7 +1592,7 @@ CRYPTO_ocb128_cleanup 1629 3_0_0 EXIST::FUNCTION:OCB
EVP_des_ede_cbc 1630 3_0_0 EXIST::FUNCTION:DES
i2d_ASN1_TIME 1631 3_0_0 EXIST::FUNCTION:
ENGINE_register_all_pkey_asn1_meths 1632 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
OSSL_HTTP_REQ_CTX_set_max_response_length 1633 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_set_max_response_length 1633 3_0_0 EXIST::FUNCTION:HTTP
d2i_ISSUING_DIST_POINT 1634 3_0_0 EXIST::FUNCTION:
CMS_RecipientInfo_set0_key 1635 3_0_0 EXIST::FUNCTION:CMS
NCONF_new 1636 3_0_0 EXIST::FUNCTION:
@ -1849,7 +1849,7 @@ OCSP_ONEREQ_add_ext 1892 3_0_0 EXIST::FUNCTION:OCSP
CMS_uncompress 1893 3_0_0 EXIST::FUNCTION:CMS
CRYPTO_mem_debug_pop 1895 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
EVP_aes_192_cfb128 1896 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION:HTTP
EVP_CIPHER_CTX_copy 1898 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_allocated 1899 3_0_0 EXIST::FUNCTION:
UI_UTIL_read_pw_string 1900 3_0_0 EXIST::FUNCTION:
@ -2415,7 +2415,7 @@ Camellia_decrypt 2466 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPR
X509_signature_print 2467 3_0_0 EXIST::FUNCTION:
EVP_camellia_128_ecb 2468 3_0_0 EXIST::FUNCTION:CAMELLIA
MD2_Final 2469 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2
OSSL_HTTP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:HTTP
NETSCAPE_SPKAC_it 2471 3_0_0 EXIST::FUNCTION:
ASIdOrRange_free 2472 3_0_0 EXIST::FUNCTION:RFC3779
EC_POINT_get_Jprojective_coordinates_GFp 2473 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
@ -3612,7 +3612,7 @@ EVP_CIPHER_CTX_is_encrypting 3694 3_0_0 EXIST::FUNCTION:
EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_nbio_d2i 3698 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_nbio_d2i 3698 3_0_0 EXIST::FUNCTION:HTTP
PKCS8_encrypt 3699 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_fp 3700 3_0_0 EXIST::FUNCTION:STDIO
i2d_X509_REQ 3701 3_0_0 EXIST::FUNCTION:
@ -3759,7 +3759,7 @@ i2d_PrivateKey_bio 3843 3_0_0 EXIST::FUNCTION:
RSA_padding_add_PKCS1_type_1 3844 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
i2d_re_X509_tbs 3845 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_get_iv_length 3846 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION:HTTP
i2d_PKCS8PrivateKeyInfo_bio 3848 3_0_0 EXIST::FUNCTION:
d2i_OCSP_CERTID 3849 3_0_0 EXIST::FUNCTION:OCSP
EVP_CIPHER_meth_set_init 3850 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@ -4725,9 +4725,9 @@ OSSL_CMP_CTX_set1_server 4852 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set_serverPort 4853 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_proxy 4854 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_no_proxy 4855 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set_http_cb 4856 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set_http_cb_arg 4857 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_get_http_cb_arg 4858 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set_http_cb 4856 3_0_0 EXIST::FUNCTION:CMP,HTTP
OSSL_CMP_CTX_set_http_cb_arg 4857 3_0_0 EXIST::FUNCTION:CMP,HTTP
OSSL_CMP_CTX_get_http_cb_arg 4858 3_0_0 EXIST::FUNCTION:CMP,HTTP
OSSL_CMP_CTX_set_transfer_cb 4859 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set_transfer_cb_arg 4860 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_get_transfer_cb_arg 4861 3_0_0 EXIST::FUNCTION:CMP
@ -4882,18 +4882,18 @@ ASN1_item_verify_ex 5009 3_0_0 EXIST::FUNCTION:
BIO_socket_wait 5010 3_0_0 EXIST::FUNCTION:SOCK
BIO_wait 5011 3_0_0 EXIST::FUNCTION:
BIO_do_connect_retry 5012 3_0_0 EXIST::FUNCTION:
OSSL_parse_url 5013 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_adapt_proxy 5014 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_get_resp_len 5015 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_set_expected 5016 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_is_alive 5017 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_open 5018 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_proxy_connect 5019 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_set1_request 5020 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_exchange 5021 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_get 5022 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_transfer 5023 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_close 5024 3_0_0 EXIST::FUNCTION:
OSSL_parse_url 5013 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_adapt_proxy 5014 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_REQ_CTX_get_resp_len 5015 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_REQ_CTX_set_expected 5016 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_is_alive 5017 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_open 5018 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_proxy_connect 5019 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_set1_request 5020 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_exchange 5021 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_get 5022 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_transfer 5023 3_0_0 EXIST::FUNCTION:HTTP
OSSL_HTTP_close 5024 3_0_0 EXIST::FUNCTION:HTTP
ASN1_item_i2d_mem_bio 5025 3_0_0 EXIST::FUNCTION:
ERR_add_error_txt 5026 3_0_0 EXIST::FUNCTION:
ERR_add_error_mem_bio 5027 3_0_0 EXIST::FUNCTION:
@ -4953,7 +4953,7 @@ OSSL_CMP_try_certreq 5080 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_certConf_cb 5081 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_RR_ses 5082 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_GENM_ses 5083 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_http_perform 5084 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_http_perform 5084 3_0_0 EXIST::FUNCTION:CMP,HTTP
OSSL_CMP_MSG_read 5085 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_write 5086 3_0_0 EXIST::FUNCTION:CMP
EVP_PKEY_Q_keygen 5087 3_0_0 EXIST::FUNCTION: