diff options
author | Mathieu Souchaud <[email protected]> | 2018-03-02 17:39:14 +0100 |
---|---|---|
committer | Mathieu Souchaud <[email protected]> | 2018-03-02 17:39:14 +0100 |
commit | 158a47b44775a0acd3638bb4427ca5d78ffc6bdc (patch) | |
tree | 2b69643e6993d75ae7ce9ec07c45202e4131e9b7 /src/lib/x509 | |
parent | d36a745ccfd3efec8a011dd1d76e34bbc3f193fb (diff) |
Fix check_crl_online segfaults, need tests.
Diffstat (limited to 'src/lib/x509')
-rw-r--r-- | src/lib/x509/x509path.cpp | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 2b2489a1a..aa35a5457 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -420,9 +420,10 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> for(size_t i = 0; i != cert_path.size(); ++i) { - for(size_t c = 0; c != certstores.size(); ++i) + const std::shared_ptr<const X509_Certificate>& cert = cert_path.at(i); + for(size_t c = 0; c != certstores.size(); ++c) { - crls[i] = certstores[c]->find_crl_for(*cert_path[i]); + crls[i] = certstores[c]->find_crl_for(*cert); if(crls[i]) break; } @@ -438,7 +439,7 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> */ future_crls.emplace_back(std::future<std::shared_ptr<const X509_CRL>>()); } - else if(cert_path[i]->crl_distribution_point() == "") + else if(cert->crl_distribution_point() == "") { // Avoid creating a thread for this case future_crls.emplace_back(std::async(std::launch::deferred, [&]() -> std::shared_ptr<const X509_CRL> { @@ -448,7 +449,9 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> else { future_crls.emplace_back(std::async(std::launch::async, [&]() -> std::shared_ptr<const X509_CRL> { - auto http = HTTP::GET_sync(cert_path[i]->crl_distribution_point()); + auto http = HTTP::GET_sync(cert->crl_distribution_point(), + /*redirects*/ 1, timeout); + http.throw_unless_ok(); // check the mime type? return std::make_shared<const X509_CRL>(http.body()); @@ -462,16 +465,12 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> { try { - std::future_status status = future_crls[i].wait_for(timeout); - - if(status == std::future_status::ready) - { - crls[i] = future_crls[i].get(); - } + crls[i] = future_crls[i].get(); } - catch(std::exception&) + catch(std::exception& e) { // crls[i] left null + // todo: log exception e.what() ? } } } |