aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
diff options
context:
space:
mode:
authorMathieu Souchaud <[email protected]>2018-03-02 17:39:14 +0100
committerMathieu Souchaud <[email protected]>2018-03-02 17:39:14 +0100
commit158a47b44775a0acd3638bb4427ca5d78ffc6bdc (patch)
tree2b69643e6993d75ae7ce9ec07c45202e4131e9b7 /src/lib/x509
parentd36a745ccfd3efec8a011dd1d76e34bbc3f193fb (diff)
Fix check_crl_online segfaults, need tests.
Diffstat (limited to 'src/lib/x509')
-rw-r--r--src/lib/x509/x509path.cpp21
1 files changed, 10 insertions, 11 deletions
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
index 2b2489a1a..aa35a5457 100644
--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
@@ -420,9 +420,10 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate>
for(size_t i = 0; i != cert_path.size(); ++i)
{
- for(size_t c = 0; c != certstores.size(); ++i)
+ const std::shared_ptr<const X509_Certificate>& cert = cert_path.at(i);
+ for(size_t c = 0; c != certstores.size(); ++c)
{
- crls[i] = certstores[c]->find_crl_for(*cert_path[i]);
+ crls[i] = certstores[c]->find_crl_for(*cert);
if(crls[i])
break;
}
@@ -438,7 +439,7 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate>
*/
future_crls.emplace_back(std::future<std::shared_ptr<const X509_CRL>>());
}
- else if(cert_path[i]->crl_distribution_point() == "")
+ else if(cert->crl_distribution_point() == "")
{
// Avoid creating a thread for this case
future_crls.emplace_back(std::async(std::launch::deferred, [&]() -> std::shared_ptr<const X509_CRL> {
@@ -448,7 +449,9 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate>
else
{
future_crls.emplace_back(std::async(std::launch::async, [&]() -> std::shared_ptr<const X509_CRL> {
- auto http = HTTP::GET_sync(cert_path[i]->crl_distribution_point());
+ auto http = HTTP::GET_sync(cert->crl_distribution_point(),
+ /*redirects*/ 1, timeout);
+
http.throw_unless_ok();
// check the mime type?
return std::make_shared<const X509_CRL>(http.body());
@@ -462,16 +465,12 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate>
{
try
{
- std::future_status status = future_crls[i].wait_for(timeout);
-
- if(status == std::future_status::ready)
- {
- crls[i] = future_crls[i].get();
- }
+ crls[i] = future_crls[i].get();
}
- catch(std::exception&)
+ catch(std::exception& e)
{
// crls[i] left null
+ // todo: log exception e.what() ?
}
}
}