Hi Bruce, thanks for the help..
I checked the code, and it seems that if the problem is still there it
is not in the current updated version. Indeed the current code in
ocsp_request.c is:
/* Check for headers */
if( (!cont_len) &&
((pnt = strstr_nocase(buf, "Content-Length: " )) != NULL) ) {
if((pnt_end = strstr(pnt, "\r\n")) != NULL )
sscanf((char *) (pnt+16), "%d", &cont_len );
if(ocspd_conf->debug) {
syslog(LOG_ERR, "DEBUG::Got Content Len [%d]",
cont_len);
}
}
Question: why did you included the .spec file in your email ? In other
words, what does the new .spec file addresses ?
Question: the patch you sent does not really patch the checking
for the Headers besides the 'POST', is that what you were referring to
really ?
Question: can you send an OCSP request generated by Java ?
In your email you mention the use of strcasestr() and strncasecmp(),
before adopting them, I want to be sure it does not add any reliability/porting
issue. I tried it on opensolaris/solaris/ubuntu/FC7/FC6 and it works.
I hope older distros and OSes will not have issues with it as well.
I can not currently test it on BSD, do you know if those calls are
supported ?
I attach a simple code, if it compiles, the calls should be there
(to compile just run `cc -o test test.c`). Anybody can test this on
BSD/MacOS X/others ?
Later,
Max
Bruce Keats wrote:
I have tracked the problem down and I have attached the changes. I
have only tested these changes on Fedora Core 7, but they should work
for other Linux distros.
The problem is that the code is treating the HTTP headers as case
sensitive by using the strstr() and strncmp() for the field-names.
JAVA is sending out the HTTP request with the string "Content-length:
" whereas the code in http_request.c is using strstr("Content-Length:
"). Therefore the code will never find the content length and fails
to parse the HTTP request.
My change is to use strcasestr() and strncasecmp(). I have attached
the diff and the new spec file.
Bruce
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)11 564 7081
http://security.polito.it Fax: +39 178 270 2077
Mobile: +39 (0)347 7222 365
Politecnico di Torino (EuroPKI) CA Info:
Authority Access Point http://ca.polito.it
Authority's Certificate: http://ca.polito.it/ca_cert/en_index.html
Certificate Revocation List: http://ca.polito.it/crl03/crl.crl
--o------------------------------------------------------------------------
#include <string.h>
#include <strings.h>
#include <stdio.h>
int main() {
if((strncasecmp( "ap", "Ap", 2) == 0 )) {
printf("OK\n");
} else {
printf("ERROR!\n");
}
return(0);
}
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
