Skip to content

Commit

Permalink
Expose raw response in OCSP utility functions
Browse files Browse the repository at this point in the history 
Fixes #182.

©! I hereby licence these changes under the licence with SHA256 hash
©! fd80a26fbb3f644af1fa994134446702932968519797227e07a1368dea80f0bc.
  • Loading branch information
@hlandau
hlandau committed Aug 5, 2016
1 parent cfb995c commit 85bd96e
Showing 1 changed file with 22 additions and 11 deletions.
33 changes: 22 additions & 11 deletions acmeapi/ocsp.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,50 +11,61 @@ import (
"net/http"
)

// This is equivalent to calling CheckOCSPRaw, but the raw response is not
// returned. Preserved for compatibility; use CheckOCSPRaw instead.
func (c *Client) CheckOCSP(crt, issuer *x509.Certificate, ctx context.Context) (*ocsp.Response, error) {
res, _, err := c.CheckOCSPRaw(crt, issuer, ctx)
return res, err
}

// Checks OCSP for a certificate. The immediate issuer must be specified. If
// the certificate does not support OCSP, (nil, nil) is returned. Uses HTTP
// GET rather than POST. The response is verified. The caller must check the
// response status.
func (c *Client) CheckOCSP(crt, issuer *x509.Certificate, ctx context.Context) (*ocsp.Response, error) {
// response status. The raw OCSP response is also returned, even if parsing
// failed and err is non-nil.
func (c *Client) CheckOCSPRaw(crt, issuer *x509.Certificate, ctx context.Context) (parsedResponse *ocsp.Response, rawResponse []byte, err error) {
if len(crt.OCSPServer) == 0 {
return nil, nil
return
}

b, err := ocsp.CreateRequest(crt, issuer, nil)
if err != nil {
return nil, err
return
}

b64 := base64.StdEncoding.EncodeToString(b)
path := crt.OCSPServer[0] + "/" + b64

req, err := http.NewRequest("GET", path, nil)
if err != nil {
return nil, err
return
}

req.Header.Set("Accept", "application/ocsp-response")

res, err := c.doReqActual(req, ctx)
if err != nil {
return nil, err
return
}

defer res.Body.Close()

if res.StatusCode != 200 {
return nil, fmt.Errorf("OCSP response has status %#v", res.Status)
err = fmt.Errorf("OCSP response has status %#v", res.Status)
return
}

if res.Header.Get("Content-Type") != "application/ocsp-response" {
return nil, fmt.Errorf("response to OCSP request had unexpected content type")
err = fmt.Errorf("response to OCSP request had unexpected content type")
return
}

// Read response, limiting response to 1MiB.
resb, err := ioutil.ReadAll(denet.LimitReader(res.Body, 1*1024*1024))
rawResponse, err = ioutil.ReadAll(denet.LimitReader(res.Body, 1*1024*1024))
if err != nil {
return nil, err
return
}

return ocsp.ParseResponse(resb, issuer)
parsedResponse, err = ocsp.ParseResponse(rawResponse, issuer)
return
}

0 comments on commit 85bd96e

Please sign in to comment.