goto err;
}
}
+
if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL)
goto err;
(void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info);
/* info will be freed along with CMP ctx */
info->server = opt_server;
info->port = server_port;
- info->use_proxy = opt_proxy != NULL;
+ /* workaround for callback design flaw, see #17088: */
+ info->use_proxy = proxy_host != NULL;
info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT);
info->ssl_ctx = setup_ssl_ctx(ctx, host, engine);
+
if (info->ssl_ctx == NULL)
goto err;
(void)OSSL_CMP_CTX_set_http_cb(ctx, app_http_tls_cb);
SSL *ssl;
BIO *sbio = NULL;
+ /* adapt after fixing callback design flaw, see #17088 */
if ((info->use_proxy
&& !OSSL_HTTP_proxy_connect(bio, info->server, info->port,
NULL, NULL, /* no proxy credentials */
return NULL;
}
- SSL_set_tlsext_host_name(ssl, info->server);
+ /* adapt after fixing callback design flaw, see #17088 */
+ SSL_set_tlsext_host_name(ssl, info->server); /* not critical to do */
SSL_set_connect_state(ssl);
BIO_set_ssl(sbio, ssl, BIO_CLOSE);
info.server = server;
info.port = port;
- info.use_proxy = proxy != NULL;
+ info.use_proxy = /* workaround for callback design flaw, see #17088 */
+ OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl) != NULL;
info.timeout = timeout;
info.ssl_ctx = ssl_ctx;
mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
const char *expected_content_type,
long timeout, const ASN1_ITEM *rsp_it)
{
+ int use_ssl = ssl_ctx != NULL;
APP_HTTP_TLS_INFO info;
BIO *rsp, *req_mem = ASN1_item_i2d_mem_bio(req_it, req);
ASN1_VALUE *res;
if (req_mem == NULL)
return NULL;
+
info.server = host;
info.port = port;
- info.use_proxy = proxy != NULL;
+ info.use_proxy = /* workaround for callback design flaw, see #17088 */
+ OSSL_HTTP_adapt_proxy(proxy, no_proxy, host, use_ssl) != NULL;
info.timeout = timeout;
info.ssl_ctx = ssl_ctx;
- rsp = OSSL_HTTP_transfer(NULL, host, port, path, ssl_ctx != NULL,
+ rsp = OSSL_HTTP_transfer(NULL, host, port, path, use_ssl,
proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
app_http_tls_cb, &info,
0 /* buf_size */, headers, content_type, req_mem,