diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-01-28 22:10:47 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-03-01 10:30:43 +0100 |
commit | 7932982b88f5095f60397fe727d27ddf7234f4d6 (patch) | |
tree | 791fa288ead387d06147ae627169996e093c115d /apps | |
parent | e60e974414a7e637ff2f946dc2aa24c381a32cc2 (diff) |
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components
Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag]
by optionally providing any userinfo, query, and frag components.
All usages of this function, which are client-only,
silently ignore userinfo and frag components,
while the query component is taken as part of the path.
Update and extend the unit tests and all affected documentation.
Document and deprecat OCSP_parse_url().
Fixes an issue that came up when discussing FR #14001.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14009)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/cmp.c | 3 | ||||
-rw-r--r-- | apps/lib/apps.c | 3 | ||||
-rw-r--r-- | apps/ocsp.c | 7 | ||||
-rw-r--r-- | apps/s_server.c | 10 |
4 files changed, 13 insertions, 10 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 5778fd95a7..d04af4177b 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1855,7 +1855,8 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) CMP_err("missing -server option"); goto err; } - if (!OSSL_HTTP_parse_url(opt_server, &server, &port, &portnum, &path, &ssl)) { + if (!OSSL_HTTP_parse_url(opt_server, &ssl, NULL /* user */, &server, &port, + &portnum, &path, NULL /* q */, NULL /* frag */)) { CMP_err1("cannot parse -server URL: %s", opt_server); goto err; } diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 634bebde42..2a5ec6bb65 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2271,7 +2271,8 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, return NULL; } - if (!OSSL_HTTP_parse_url(url, &server, &port, NULL, NULL, &use_ssl)) + if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL /* userinfo */, &server, &port, + NULL /* port_num, */, NULL, NULL, NULL)) return NULL; if (use_ssl && ssl_ctx == NULL) { ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER, diff --git a/apps/ocsp.c b/apps/ocsp.c index 97f9403ff1..e61774a8a3 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -275,9 +275,10 @@ int ocsp_main(int argc, char **argv) OPENSSL_free(tport); OPENSSL_free(tpath); thost = tport = tpath = NULL; - if (!OSSL_HTTP_parse_url(opt_arg(), - &host, &port, NULL, &path, &use_ssl)) { - BIO_printf(bio_err, "%s Error parsing URL\n", prog); + if (!OSSL_HTTP_parse_url(opt_arg(), &use_ssl, NULL /* userinfo */, + &host, &port, NULL /* port_num */, + &path, NULL /* qry */, NULL /* frag */)) { + BIO_printf(bio_err, "%s Error parsing -url argument\n", prog); goto end; } thost = host; diff --git a/apps/s_server.c b/apps/s_server.c index 9bd9338a31..bbbe3cf877 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -472,8 +472,8 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, x = SSL_get_certificate(s); aia = X509_get1_ocsp(x); if (aia != NULL) { - if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), - &host, &port, NULL, &path, &use_ssl)) { + if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), &use_ssl, + NULL, &host, &port, NULL, &path, NULL, NULL)) { BIO_puts(bio_err, "cert_status: can't parse AIA URL\n"); goto err; } @@ -1337,10 +1337,10 @@ int s_server_main(int argc, char *argv[]) case OPT_STATUS_URL: #ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; - if (!OSSL_HTTP_parse_url(opt_arg(), + if (!OSSL_HTTP_parse_url(opt_arg(), &tlscstatp.use_ssl, NULL, &tlscstatp.host, &tlscstatp.port, NULL, - &tlscstatp.path, &tlscstatp.use_ssl)) { - BIO_printf(bio_err, "Error parsing URL\n"); + &tlscstatp.path, NULL, NULL)) { + BIO_printf(bio_err, "Error parsing -status_url argument\n"); goto end; } #endif |