walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

fetch-ocsp-response: Support LibreSSL, and include port in ocsp_host

This commit is contained in:
Tatsuhiro Tsujikawa 2015-06-17 18:24:57 +09:00
parent 69119f47c4
commit 07f763be49
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
script/fetch-ocsp-response
View File

@ -142,13 +142,13 @@ def send_and_receive_ocsp(respder_fn, cmd, cert_fn, issuer_fn, ocsp_uri,
# obtain response (without verification)
sys.stderr.write('sending OCSP request to {}\n'.format(ocsp_uri))
args = [
cmd, 'ocsp', '-issuer', issuer_fn, '-cert', cert_fn, '-url', ocsp_uri
cmd, 'ocsp', '-issuer', issuer_fn, '-cert', cert_fn, '-url', ocsp_uri,
'-noverify', '-respout', respder_fn
]
if openssl_version.lower().startswith('openssl 1.'):
ver = openssl_version.lower()
if ver.startswith('openssl 1.') or ver.startswith('libressl '):
args.extend(['-header', 'Host', ocsp_host])
args.extend(['-noverify', '-respout', respder_fn])
resp = run_openssl(args, allow_tempfail=True)
return resp.decode('utf-8')
@ -188,7 +188,7 @@ def fetch_ocsp_response(cmd, cert_fn, tempdir, issuer_fn=None):
'fetch-ocsp-response (using {})\n'.format(openssl_version))
ocsp_uri = extract_ocsp_uri(cmd, cert_fn)
ocsp_host = urlparse(ocsp_uri).hostname
ocsp_host = urlparse(ocsp_uri).netloc
if not issuer_fn:
issuer_fn = os.path.join(tempdir, 'issuer.crt')