diff options
| author | Jack Lloyd <[email protected]> | 2018-03-02 12:53:23 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2018-03-02 12:53:23 -0500 |
| commit | bc2da1d950982d39c4d68200d94d6ff10981f620 (patch) | |
| tree | efd42854032e16e12912cac20c8df6fe88da3194 /src | |
| parent | c319fc1e211d648b69f31a24557206e0852694bf (diff) | |
| parent | 158a47b44775a0acd3638bb4427ca5d78ffc6bdc (diff) | |
Merge GH #1471 Fix crash in check_crl_online
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/x509/x509path.cpp | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 2b2489a1a..aa35a5457 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -420,9 +420,10 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> for(size_t i = 0; i != cert_path.size(); ++i) { - for(size_t c = 0; c != certstores.size(); ++i) + const std::shared_ptr<const X509_Certificate>& cert = cert_path.at(i); + for(size_t c = 0; c != certstores.size(); ++c) { - crls[i] = certstores[c]->find_crl_for(*cert_path[i]); + crls[i] = certstores[c]->find_crl_for(*cert); if(crls[i]) break; } @@ -438,7 +439,7 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> */ future_crls.emplace_back(std::future<std::shared_ptr<const X509_CRL>>()); } - else if(cert_path[i]->crl_distribution_point() == "") + else if(cert->crl_distribution_point() == "") { // Avoid creating a thread for this case future_crls.emplace_back(std::async(std::launch::deferred, [&]() -> std::shared_ptr<const X509_CRL> { @@ -448,7 +449,9 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> else { future_crls.emplace_back(std::async(std::launch::async, [&]() -> std::shared_ptr<const X509_CRL> { - auto http = HTTP::GET_sync(cert_path[i]->crl_distribution_point()); + auto http = HTTP::GET_sync(cert->crl_distribution_point(), + /*redirects*/ 1, timeout); + http.throw_unless_ok(); // check the mime type? return std::make_shared<const X509_CRL>(http.body()); @@ -462,16 +465,12 @@ PKIX::check_crl_online(const std::vector<std::shared_ptr<const X509_Certificate> { try { - std::future_status status = future_crls[i].wait_for(timeout); - - if(status == std::future_status::ready) - { - crls[i] = future_crls[i].get(); - } + crls[i] = future_crls[i].get(); } - catch(std::exception&) + catch(std::exception& e) { // crls[i] left null + // todo: log exception e.what() ? } } } |