The functions I've used to send my OCSP request ('req') are the
following:
--------------------------------------
#define HOST "http://ocsp-server/ocsp/";
OCSP_parse_url(HOST, &host, &port, &path, &use_ssl);
cbio = BIO_new_connect(host);
BIO_set_conn_port(cbio, port);
resp = OCSP_sendreq_bio(cbio, path, req);
--------------------------------------
Is there an easy way to add the "host:" information into the HTTP
header?
I found a way to extend the HTTP header for the OCSP request. Basicly the
problem is that the HTTP header stuff is hard-coded into the libcrypto.so
library. It can be found in 'crypto/ocsp/ocsp_ht.c' inside the openssl
package.
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
int maxline)
{
static char post_hdr[] = "POST %s HTTP/1.0\r\n"
"Content-Type: application/ocsp-request\r\n"
"Content-Length: %d\r\n\r\n";
...
To extend the HTTP header I've implemented my own 'OCSP_sendreq_new_ext'
function that had an additional parameter called 'hostname'.
OCSP_REQ_CTX *OCSP_sendreq_new_ext(BIO *io, char *hostname, char *path,
OCSP_REQUEST *req, int maxline)
{
static char post_hdr[] = "POST %s HTTP/1.0\r\n"
"Host: %s\r\n"
"Content-Type: application/ocsp-request\r\n"
"Content-Length: %d\r\n\r\n";
...
'OCSP_sendreq_new' is called from 'OCSP_sendreq_bio' that needed to be
extended as well to pass-through the 'hostname' parameter.
Summing up, this is a working solution but a bit ugly, because some
internal openssl define statements need to be copied over to my source
code. I'm not sure if there is a general demand for HTTP header
extentions, but the possibility to add the 'Host:' tag into the HTTP
header of an OCSP request should go into the openssl library and not too
hard-coded as mentioned above.
Does someone has a comment on this? ;-)
Alex
--
(email/jabber/sip): [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
