> Apart of this patch all seems to be working fine in the OCSP with Cisco.
> Will be making more tests soon.
I got tired of always seeing "CORE::Connection from [0.0.0.0]", so here
is another patch to show the correct address of connections.
Code explanation:
As connection is handled now by libpki, the function there only returns
fd and not a proper socket. So OCSPd code must derive socket from fd
using getpeername function.
Also I am looking for another problem in code where a fragmented HTTP
OCSP request from a Cisco router is getting this in OCSPd:
ocspd[5077]: [request.c:45]::ERR::Network Error while reading Request!
ocspd[5077]: [threads.c:79]::ERR::Can not parse REQ
diff -ur openca-ocspd-2.1.1/src/ocspd/core.c openca-ocspd-2.1.1.patched/src/ocspd/core.c
--- openca-ocspd-2.1.1/src/ocspd/core.c 2011-04-28 23:57:44.000000000 +0200
+++ openca-ocspd-2.1.1.patched/src/ocspd/core.c 2012-04-10 03:54:32.329073470 +0200
@@ -174,6 +174,12 @@
continue;
}
+ if (getpeername(ocspd_conf->connfd, (struct sockaddr*)&cliaddr, &cliaddrlen) == -1) {
+ char err_str[512];
+ PKI_log_err("Network Error [%d::%s] in getpeername", errno,
+ strerror_r(errno, err_str, sizeof(err_str)));
+ }
+
if( ocspd_conf->verbose )
PKI_log(PKI_LOG_INFO, "CORE::Connection from [%s]\n",
inet_ntoa(cliaddr.sin_addr) );
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
