gnutls_ocsp_status_request_enable_client: removed support for problematic parameters

Removed support for responder_id and extensions parameters. These had very difficult semantics to use and the underlying implementation had encoding errors, meaning there was no interoperation with other clients. Given that issue it means there are no applications depending on these parameters; ignore these parameters completely and no longer send either responder_id or extensions. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-24 14:01:56 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-24 14:01:59 +0200
commit: e288041ec754dde85c369ae92dac40d7351fa7aa (patch)
tree: 71d7a3efb777cc508a430bac96a8b604bbaa53f9
parent: e1d6c59a7b0392fb3b8b75035614084a53e2c8c9 (diff)
download: gnutls-e288041ec754dde85c369ae92dac40d7351fa7aa.tar.gz
1 files changed, 12 insertions, 65 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index 54592706e5..b5683be80b 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -38,9 +38,6 @@
 #ifdef ENABLE_OCSP
 
 typedef struct {
-	gnutls_datum_t *responder_id;
-	size_t responder_id_size;
-	gnutls_datum_t request_extensions;
 	gnutls_datum_t response;
 
 	unsigned int expect_cstatus;
@@ -72,48 +69,17 @@ static int
 client_send(gnutls_session_t session,
 	    gnutls_buffer_st * extdata, status_request_ext_st * priv)
 {
-	int ret_len = 1 + 2;
+	const uint8_t data[5] = "\x01\x00\x00\x00\x00";
+	const int len = 5;
 	int ret;
-	size_t i;
 
-	ret = _gnutls_buffer_append_prefix(extdata, 8, 1);
-	if (ret < 0)
-		return gnutls_assert_val(ret);
+	/* We do not support setting either ResponderID or Extensions */
 
-	ret =
-	    _gnutls_buffer_append_prefix(extdata, 16,
-					 priv->responder_id_size);
+	ret = _gnutls_buffer_append_data(extdata, data, len);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	for (i = 0; i < priv->responder_id_size; i++) {
-		if (priv->responder_id[i].size <= 0)
-			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
-		ret = _gnutls_buffer_append_data_prefix(extdata, 16,
-							priv->
-							responder_id[i].
-							data,
-							priv->
-							responder_id[i].
-							size);
-		if (ret < 0)
-			return gnutls_assert_val(ret);
-
-		ret_len += 2 + priv->responder_id[i].size;
-	}
-
-	ret = _gnutls_buffer_append_data_prefix(extdata, 16,
-						priv->request_extensions.
-						data,
-						priv->request_extensions.
-						size);
-	if (ret < 0)
-		return gnutls_assert_val(ret);
-
-	ret_len += 2 + priv->request_extensions.size;
-
-	return ret_len;
+	return len;
 }
 
 static int
@@ -288,21 +254,18 @@ _gnutls_status_request_recv_params(gnutls_session_t session,
 /**
  * gnutls_ocsp_status_request_enable_client:
  * @session: is a #gnutls_session_t type.
- * @responder_id: array with #gnutls_datum_t with DER data of responder id
- * @responder_id_size: number of members in @responder_id array
- * @extensions: a #gnutls_datum_t with DER encoded OCSP extensions
+ * @responder_id: ignored, must be %NULL
+ * @responder_id_size: ignored, must be zero
+ * @extensions: ignored, must be %NULL
  *
  * This function is to be used by clients to request OCSP response
  * from the server, using the "status_request" TLS extension.  Only
  * OCSP status type is supported.
  *
- * The @responder_id array, its containing elements as well as
- * the data of @extensions, must be allocated using gnutls_malloc(). They
- * will be deinitialized on session cleanup.
- *
- * Due to the difficult semantics of the @responder_id and @extensions
- * parameters, it is recommended to only call this function with these
- * parameters set to %NULL.
+ * Previous versions of GnuTLS supported setting @responder_id and
+ * @extensions fields, but due to the difficult semantics of the
+ * parameter usage, and other issues, this support was removed
+ * since 3.6.0 and these parameters must be set to %NULL.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
  *   otherwise a negative error code is returned.
@@ -325,13 +288,6 @@ gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
 	if (priv == NULL)
 		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
-	priv->responder_id = responder_id;
-	priv->responder_id_size = responder_id_size;
-	if (extensions) {
-		priv->request_extensions.data = extensions->data;
-		priv->request_extensions.size = extensions->size;
-	}
-
 	_gnutls_ext_set_session_data(session,
 				     GNUTLS_EXTENSION_STATUS_REQUEST,
 				     epriv);
@@ -520,19 +476,10 @@ gnutls_certificate_set_ocsp_status_request_file
 static void _gnutls_status_request_deinit_data(extension_priv_data_t epriv)
 {
 	status_request_ext_st *priv = epriv;
-	unsigned i;
 
 	if (priv == NULL)
 		return;
 
-	if (priv->responder_id != NULL) {
-		for (i = 0; i < priv->responder_id_size; i++)
-			gnutls_free(priv->responder_id[i].data);
-
-		gnutls_free(priv->responder_id);
-	}
-
-	gnutls_free(priv->request_extensions.data);
 	gnutls_free(priv->response.data);
 	gnutls_free(priv);
 }
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-24 14:01:56 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-24 14:01:59 +0200
commit	e288041ec754dde85c369ae92dac40d7351fa7aa (patch)
tree	71d7a3efb777cc508a430bac96a8b604bbaa53f9
parent	e1d6c59a7b0392fb3b8b75035614084a53e2c8c9 (diff)
download	gnutls-e288041ec754dde85c369ae92dac40d7351fa7aa.tar.gz