Handle redirect on AIA issuer fetch

IB-7006 Signed-off-by: Raul Metsma <raul@metsma.ee>
open-eid · Sep 28, 2021 · 05a938c · 05a938c
1 parent f033658
commit 05a938c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/src/crypto/X509Cert.cpp b/src/crypto/X509Cert.cpp
@@ -235,7 +235,7 @@ X509Cert::X509Cert(const vector<unsigned char> &bytes, Format format)
 X509Cert::X509Cert(const unsigned char *bytes, size_t size, Format format)
 {
     if(!bytes || size == 0)
-        THROW("No bytes given to parse X509.");
+        return;
     if(format == Der)
     {
         const unsigned char *p = bytes;

diff --git a/src/crypto/X509CertStore.cpp b/src/crypto/X509CertStore.cpp
@@ -165,7 +165,9 @@ X509Cert X509CertStore::issuerFromAIA(const X509Cert &cert) const
     }
     if(url.empty())
         return X509Cert();
-    Connect::Result result = Connect(url, "GET", 0, {}).exec();
+    Connect::Result result = Connect(url, "GET").exec();
+    if(result.isRedirect())
+        result = Connect(result.headers["Location"], "GET").exec();
     return X509Cert((const unsigned char*)result.content.c_str(), result.content.size());
 }
 
@@ -278,7 +280,7 @@ bool X509CertStore::verify(const X509Cert &cert, bool noqscd) const
             return all_of(policySet.cbegin(), policySet.cend(), containsPolicy);
         };
         auto matchKeyUsageSet = [&keyUsage](const map<X509Cert::KeyUsage,bool> &keyUsageSet){
-            return all_of(keyUsageSet.cbegin(), keyUsageSet.cend(), [&keyUsage](const pair<X509Cert::KeyUsage,bool> &keyUsageBit){
+            return all_of(keyUsageSet.cbegin(), keyUsageSet.cend(), [&keyUsage](pair<X509Cert::KeyUsage, bool> keyUsageBit) {
                 return (find(keyUsage.cbegin(), keyUsage.cend(), keyUsageBit.first) != keyUsage.cend()) == keyUsageBit.second;
             });
         };