*Rich Salz and Richard Levitte*
+ * Deprecated `OCSP_parse_url()`, which is replaced with `OSSL_HTTP_parse_url`.
+
+ *David von Oheimb*
+
* Validation of SM2 keys has been separated from the validation of regular EC
keys, allowing to improve the SM2 validation process to reject loaded private
keys that are not conforming to the SM2 ISO standard.
CMP_err("missing -server option");
goto err;
}
- if (!OSSL_HTTP_parse_url(opt_server, &server, &port, &portnum, &path, &ssl)) {
+ if (!OSSL_HTTP_parse_url(opt_server, &ssl, NULL /* user */, &server, &port,
+ &portnum, &path, NULL /* q */, NULL /* frag */)) {
CMP_err1("cannot parse -server URL: %s", opt_server);
goto err;
}
return NULL;
}
- if (!OSSL_HTTP_parse_url(url, &server, &port, NULL, NULL, &use_ssl))
+ if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL /* userinfo */, &server, &port,
+ NULL /* port_num, */, NULL, NULL, NULL))
return NULL;
if (use_ssl && ssl_ctx == NULL) {
ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER,
OPENSSL_free(tport);
OPENSSL_free(tpath);
thost = tport = tpath = NULL;
- if (!OSSL_HTTP_parse_url(opt_arg(),
- &host, &port, NULL, &path, &use_ssl)) {
- BIO_printf(bio_err, "%s Error parsing URL\n", prog);
+ if (!OSSL_HTTP_parse_url(opt_arg(), &use_ssl, NULL /* userinfo */,
+ &host, &port, NULL /* port_num */,
+ &path, NULL /* qry */, NULL /* frag */)) {
+ BIO_printf(bio_err, "%s Error parsing -url argument\n", prog);
goto end;
}
thost = host;
x = SSL_get_certificate(s);
aia = X509_get1_ocsp(x);
if (aia != NULL) {
- if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
- &host, &port, NULL, &path, &use_ssl)) {
+ if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), &use_ssl,
+ NULL, &host, &port, NULL, &path, NULL, NULL)) {
BIO_puts(bio_err, "cert_status: can't parse AIA URL\n");
goto err;
}
case OPT_STATUS_URL:
#ifndef OPENSSL_NO_OCSP
s_tlsextstatus = 1;
- if (!OSSL_HTTP_parse_url(opt_arg(),
+ if (!OSSL_HTTP_parse_url(opt_arg(), &tlscstatp.use_ssl, NULL,
&tlscstatp.host, &tlscstatp.port, NULL,
- &tlscstatp.path, &tlscstatp.use_ssl)) {
- BIO_printf(bio_err, "Error parsing URL\n");
+ &tlscstatp.path, NULL, NULL)) {
+ BIO_printf(bio_err, "Error parsing -status_url argument\n");
goto end;
}
#endif
OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio,
int method_POST, int maxline,
unsigned long max_resp_len,
- int timeout,
- const char *expected_content_type,
+ int timeout, const char *expected_ct,
int expect_asn1)
{
OSSL_HTTP_REQ_CTX *rctx;
return NULL;
}
rctx->method_POST = method_POST;
- rctx->expected_ct = expected_content_type;
+ rctx->expected_ct = expected_ct;
rctx->expect_asn1 = expect_asn1;
rctx->resp_len = 0;
OSSL_HTTP_REQ_CTX_set_max_response_length(rctx, max_resp_len);
const char *content_type, BIO *req_mem,
int maxline, unsigned long max_resp_len,
int timeout,
- const char *expected_content_type,
- int expect_asn1)
+ const char *expected_ct, int expect_asn1)
{
OSSL_HTTP_REQ_CTX *rctx;
if ((rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, req_mem != NULL, maxline,
max_resp_len, timeout,
- expected_content_type, expect_asn1))
+ expected_ct, expect_asn1))
== NULL)
return NULL;
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
const STACK_OF(CONF_VALUE) *headers,
int maxline, unsigned long max_resp_len, int timeout,
- const char *expected_content_type, int expect_asn1)
+ const char *expected_ct, int expect_asn1)
{
time_t start_time = timeout > 0 ? time(NULL) : 0;
char *current_url, *redirection_url;
return NULL;
for (;;) {
- if (!OSSL_HTTP_parse_url(current_url, &host, &port, NULL /* port_num */,
- &path, &use_ssl))
+ if (!OSSL_HTTP_parse_url(current_url, &use_ssl, NULL /* user */, &host,
+ &port, NULL /* port_num */, &path, NULL, NULL))
break;
new_rpath:
bio_update_fn, arg, headers, NULL, NULL,
maxline, max_resp_len,
update_timeout(timeout, start_time),
- expected_content_type, expect_asn1,
+ expected_ct, expect_asn1,
&redirection_url);
OPENSSL_free(path);
if (resp == NULL && redirection_url != NULL) {
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
const STACK_OF(CONF_VALUE) *headers,
int maxline, unsigned long max_resp_len,
- int timeout, const char *expected_content_type,
- const ASN1_ITEM *it)
+ int timeout, const char *expected_ct,
+ const ASN1_ITEM *rsp_it)
{
BIO *mem;
ASN1_VALUE *resp = NULL;
- if (url == NULL || it == NULL) {
+ if (url == NULL || rsp_it == NULL) {
ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if ((mem = OSSL_HTTP_get(url, proxy, no_proxy, bio, rbio, bio_update_fn,
arg, headers, maxline, max_resp_len, timeout,
- expected_content_type, 1 /* expect_asn1 */))
+ expected_ct, 1 /* expect_asn1 */))
!= NULL)
- resp = BIO_mem_d2i(mem, it);
+ resp = BIO_mem_d2i(mem, rsp_it);
BIO_free(mem);
return resp;
}
#include "http_local.h"
-/*
- * Parse a URL and split it up into host, port and path components and
- * whether it indicates SSL/TLS. Return 1 on success, 0 on error.
- */
+static void init_pstring(char **pstr)
+{
+ if (pstr != NULL) {
+ *pstr = NULL;
+ }
+}
+
+static int copy_substring(char **dest, const char *start, const char *end)
+{
+ return dest == NULL
+ || (*dest = OPENSSL_strndup(start, end - start)) != NULL;
+}
-int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport,
- int *pport_num, char **ppath, int *pssl)
+static void free_pstring(char **pstr)
{
- char *p, *buf;
- char *host, *host_end;
- const char *path, *port = OSSL_HTTP_PORT;
- long portnum = 80;
-
- if (phost != NULL)
- *phost = NULL;
- if (pport != NULL)
- *pport = NULL;
- if (ppath != NULL)
- *ppath = NULL;
+ if (pstr != NULL) {
+ OPENSSL_free(*pstr);
+ *pstr = NULL;
+ }
+}
+
+int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
+ char **pport, int *pport_num,
+ char **ppath, char **pquery, char **pfrag)
+{
+ const char *p, *tmp;
+ const char *user, *user_end;
+ const char *host, *host_end;
+ const char *port = OSSL_HTTP_PORT, *port_end;
+ unsigned int portnum;
+ const char *path, *path_end;
+ const char *query, *query_end;
+ const char *frag, *frag_end;
+
if (pssl != NULL)
*pssl = 0;
+ init_pstring(puser);
+ init_pstring(phost);
+ init_pstring(pport);
+ init_pstring(ppath);
+ init_pstring(pfrag);
+ init_pstring(pquery);
if (url == NULL) {
ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- /* dup the buffer since we are going to mess with it */
- if ((buf = OPENSSL_strdup(url)) == NULL)
- goto err;
-
/* check for optional prefix "http[s]://" */
- p = strstr(buf, "://");
+ p = strstr(url, "://");
if (p == NULL) {
- p = buf;
- } else {
- *p = '\0'; /* p points to end of scheme name */
- if (strcmp(buf, OSSL_HTTPS_NAME) == 0) {
+ p = url;
+ } else { /* p points to end of scheme name */
+ if (strncmp(url, OSSL_HTTPS_NAME, strlen(OSSL_HTTPS_NAME)) == 0) {
if (pssl != NULL)
*pssl = 1;
port = OSSL_HTTPS_PORT;
- portnum = 443;
- } else if (strcmp(buf, OSSL_HTTP_NAME) != 0) {
+ } else if (strncmp(url, OSSL_HTTP_NAME, strlen(OSSL_HTTP_NAME)) != 0) {
ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_PREFIX);
goto err;
}
- p += 3;
+ p += strlen("://");
}
- host = p;
+
+ /* parse optional "userinfo@" */
+ user = user_end = host = p;
+ host = strchr(p, '@');
+ if (host != NULL)
+ user_end = host++;
+ else
+ host = p;
/* parse host name/address as far as needed here */
if (host[0] == '[') {
host_end = strchr(host, ']');
if (host_end == NULL)
goto parse_err;
- *host_end++ = '\0';
+ p = host_end + 1;
} else {
- host_end = strchr(host, ':'); /* look for start of optional port */
+ /* look for start of optional port, path, query, or fragment */
+ host_end = strchr(host, ':');
+ if (host_end == NULL)
+ host_end = strchr(host, '/');
if (host_end == NULL)
- host_end = strchr(host, '/'); /* look for start of optional path */
+ host_end = strchr(host, '?');
if (host_end == NULL)
- /* the remaining string is just the hostname */
+ host_end = strchr(host, '#');
+ if (host_end == NULL) /* the remaining string is just the hostname */
host_end = host + strlen(host);
+ p = host_end;
}
/* parse optional port specification starting with ':' */
- p = host_end;
- if (*p == ':') {
+ if (*p == ':')
port = ++p;
- if (pport_num == NULL) {
- p = strchr(port, '/');
- if (p == NULL)
- p = host_end + 1 + strlen(port);
- } else { /* make sure a numerical port value is given */
- portnum = strtol(port, &p, 10);
- if (p == port || (*p != '\0' && *p != '/'))
- goto parse_err;
- if (portnum <= 0 || portnum >= 65536) {
- ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER);
- goto err;
- }
- }
+ /* remaining port spec handling is also done for the default values */
+ /* make sure a decimal port number is given */
+ if (!sscanf(port, "%u", &portnum) || portnum < 1 || portnum > 65535) {
+ ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER);
+ goto err;
}
- *host_end = '\0';
- *p = '\0'; /* terminate port string */
-
- /* check for optional path at end of url starting with '/' */
- path = url + (p - buf);
- /* cannot use p + 1 because *p is '\0' and path must start with '/' */
- if (*path == '\0') {
- path = "/";
- } else if (*path != '/') {
+ for (port_end = port; '0' <= *port_end && *port_end <= '9'; port_end++)
+ ;
+ if (port == p) /* port was given explicitly */
+ p += port_end - port;
+
+ /* check for optional path starting with '/' or '?'. Else must start '#' */
+ path = p;
+ if (*path != '\0' && *path != '/' && *path != '?' && *path != '#') {
ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_PATH);
goto parse_err;
}
+ path_end = query = query_end = frag = frag_end = path + strlen(path);
+
+ /* parse optional "?query" */
+ tmp = strchr(p, '?');
+ if (tmp != NULL) {
+ p = tmp;
+ if (pquery != NULL) {
+ path_end = p;
+ query = p + 1;
+ }
+ }
- if (phost != NULL && (*phost = OPENSSL_strdup(host)) == NULL)
- goto err;
- if (pport != NULL && (*pport = OPENSSL_strdup(port)) == NULL)
+ /* parse optional "#fragment" */
+ tmp = strchr(p, '#');
+ if (tmp != NULL) {
+ if (query == path_end) /* we did not record a query component */
+ path_end = tmp;
+ query_end = tmp;
+ frag = tmp + 1;
+ }
+
+ if (!copy_substring(phost, host, host_end)
+ || !copy_substring(pport, port, port_end)
+ || !copy_substring(puser, user, user_end)
+ || !copy_substring(pquery, query, query_end)
+ || !copy_substring(pfrag, frag, frag_end))
goto err;
if (pport_num != NULL)
*pport_num = (int)portnum;
- if (ppath != NULL && (*ppath = OPENSSL_strdup(path)) == NULL)
- goto err;
+ if (*path == '/') {
+ if (!copy_substring(ppath, path, path_end))
+ goto err;
+ } else if (ppath != NULL) { /* must prepend '/' */
+ size_t buflen = 1 + path_end - path + 1;
- OPENSSL_free(buf);
+ if ((*ppath = OPENSSL_malloc(buflen)) == NULL)
+ goto err;
+ snprintf(*ppath, buflen, "/%s", path);
+ }
return 1;
parse_err:
ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_URL);
err:
- if (ppath != NULL) {
- OPENSSL_free(*ppath);
- *ppath = NULL;
- }
- if (pport != NULL) {
- OPENSSL_free(*pport);
- *pport = NULL;
- }
- if (phost != NULL) {
- OPENSSL_free(*phost);
- *phost = NULL;
- }
- OPENSSL_free(buf);
+ free_pstring(phost);
+ free_pstring(pport);
+ free_pstring(ppath);
+ free_pstring(pquery);
+ free_pstring(pfrag);
return 0;
}
Message transfer options:
-[B<-server> I<[http[s]://]address[:port][/path]>]
+[B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
[B<-path> I<remote_path>]
-[B<-proxy> I<[http[s]://]address[:port][/path]>]
+[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
[B<-no_proxy> I<addresses>]
[B<-msg_timeout> I<seconds>]
[B<-total_timeout> I<seconds>]
=over 4
-=item B<-server> I<[http[s]://]address[:port][/path]>
+=item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The IP address or DNS hostname and optionally port (defaulting to 80 or 443)
of the CMP server to connect to using HTTP(S) transport.
-The optional I<http://> or I<https://> prefix is ignored.
+The scheme I<https> may be given only if the B<tls_used> option is used.
+The optional userinfo and fragment components are ignored.
+Any given query component is handled as part of the path component.
If a path is included it provides the default value for the B<-path> option.
=item B<-path> I<remote_path>
HTTP path at the CMP server (aka CMP alias) to use for POST requests.
Defaults to any path given with B<-server>, else C<"/">.
-=item B<-proxy> I<[http[s]://]address[:port][/path]>
+=item B<-proxy> I<[http[s]://][userinfo@]host[:port] [/path][?query][#fragment]>
The HTTP(S) proxy server to use for reaching the CMP server unless B<no_proxy>
applies, see below.
-The optional I<http://> or I<https://> prefix and any trailing path are ignored.
+The optional I<http://> or I<https://> prefix is ignored (note that TLS may be
+selected by B<tls_used>), as well as any path, userinfo, and query, and fragment
+components.
Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
=item B<-url> I<responder_url>
Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
+The optional userinfo and fragment components are ignored.
+Any given query component is handled as part of the path component.
=item B<-host> I<hostname>:I<port>, B<-path> I<pathname>
Sets a fallback responder URL to use if no responder URL is present in the
server certificate. Without this option an error is returned if the server
certificate does not contain a responder address.
+The optional userinfo and fragment URL components are ignored.
+Any given query component is handled as part of the path component.
=item B<-status_file> I<infile>
--- /dev/null
+=pod
+
+=head1 NAME
+
+OSSL_HTTP_parse_url,
+OCSP_parse_url
+- http utility functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/http.h>
+
+ int OSSL_HTTP_parse_url(const char *url,
+ int *pssl, char **puser, char **phost,
+ char **pport, int *pport_num,
+ char **ppath, char **pquery, char **pfrag);
+
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+ int *pssl);
+
+=head1 DESCRIPTION
+
+OSSL_HTTP_parse_url() parses its input string I<url> as a URL of the form
+C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]> and splits it up
+into userinfo, host, port, path, query, and fragment components
+and a flag indicating whether it begins with C<https>.
+The host component may be a DNS name or an IP address
+where IPv6 addresses should be enclosed in square brackets C<[> and C<]>.
+The port component is optional and defaults to "443" for HTTPS, else "80".
+If given, it must be in decimal form. If the I<pport_num> argument is not NULL
+the integer value of the port number is assigned to I<*pport_num> on success.
+The path component is also optional and defaults to C</>.
+If I<pssl> is not NULL, I<*pssl> is assigned 1 in case parsing was successful
+and the schema part is present and is C<https>, else 0.
+Each non-NULL result pointer argument I<puser>, I<phost>, I<pport>, I<ppath>,
+I<pquery>, and I<pfrag>, is assigned the respective url component.
+On success, they are guaranteed to contain non-NULL string pointers, else NULL.
+It is the reponsibility of the caller to free them using L<OPENSSL_free(3)>.
+If I<pquery> is NULL, any given query component is handled as part of the path.
+A string returned via I<*ppath> is guaranteed to begin with a C</> character.
+For absent userinfo, query, and fragment components an empty string is given.
+
+Calling the deprecated fucntion OCSP_parse_url(url, host, port, path, ssl) is
+equivalent to OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL).
+
+=head1 RETURN VALUES
+
+OSSL_HTTP_parse_url() and OCSP_parse_url()
+return 1 on success, 0 on error.
+
+=head1 SEE ALSO
+
+L<OSSL_HTTP_transfer(3)>
+
+=head1 HISTORY
+
+OOSSL_HTTP_parse_url() was added in OpenSSL 3.0.
+OCSP_parse_url() was deprecated in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
OSSL_HTTP_post_asn1,
OSSL_HTTP_transfer,
OSSL_HTTP_bio_cb_t,
-OSSL_HTTP_proxy_connect,
-OSSL_HTTP_parse_url
+OSSL_HTTP_proxy_connect
- http client functions
=head1 SYNOPSIS
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
const STACK_OF(CONF_VALUE) *headers,
int maxline, unsigned long max_resp_len, int timeout,
- const char *expected_content_type, int expect_asn1);
+ const char *expected_ct, int expect_asn1);
ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
const char *proxy, const char *no_proxy,
BIO *bio, BIO *rbio,
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
const STACK_OF(CONF_VALUE) *headers,
int maxline, unsigned long max_resp_len,
- int timeout, const char *expected_content_type,
- const ASN1_ITEM *it);
+ int timeout, const char *expected_ct,
+ const ASN1_ITEM *rsp_it);
ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
const char *path, int use_ssl,
const char *proxy, const char *no_proxy,
int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
const char *proxyuser, const char *proxypass,
int timeout, BIO *bio_err, const char *prog);
- int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport,
- int *pport_num, char **ppath, int *pssl);
=head1 DESCRIPTION
OSSL_HTTP_get() uses HTTP GET to obtain data (of any type) from the given I<url>
and returns it as a memory BIO.
+If the schema component of the I<url> is C<https> a TLS connection is requested
+and the I<bio_update_fn> parameter, described below, must be provided.
+Any userinfo and fragment components in the I<url> are ignored.
+Any query component is handled as part of the path component.
-OSSL_HTTP_get_asn1() uses HTTP GET to obtain an ASN.1-encoded value
-(e.g., an X.509 certificate) with the expected structure specified by I<it>
-(e.g., I<ASN1_ITEM_rptr(X509)>) from the given I<url>
+OSSL_HTTP_get_asn1() is like OSSL_HTTP_get() but in addition
+parses the received contents (e.g., an X.509 certificate)
+as an ASN.1 DER encoded value with the expected structure specified by I<rsp_it>
and returns it on success as a pointer to I<ASN1_VALUE>.
-OSSL_HTTP_post_asn1() uses the HTTP POST method to send a request I<req>
-with the ASN.1 structure defined in I<req_it> and the given I<content_type> to
-the given I<server> and optional I<port> and I<path>.
+OSSL_HTTP_post_asn1() is like OSSL_HTTP_get_asn1() but uses the HTTP POST method
+to send a request I<req> with the ASN.1 structure defined in I<req_it> and the
+
given I<content_type> to the given I<server> and optional I<port> and I<path>.
If I<use_ssl> is nonzero a TLS connection is requested and the I<bio_update_fn>
parameter, described below, must be provided.
-The optional list I<headers> may contain additional custom HTTP header lines.
-The expected structure of the response is specified by I<rsp_it>.
-On success it returns the response as a pointer to B<ASN1_VALUE>.
OSSL_HTTP_transfer() exchanges any form of HTTP request and response.
It implements the core of the functions described above.
the length indications received are checked for consistency
and for not exceeding the maximum response length.
-If the parameter I<expected_content_type> (or I<expected_ct>, respectively)
+If the parameter I<expected_ct>
is not NULL then the HTTP client checks that the given content type string
is included in the HTTP header of the response and returns an error if not.
L<openssl-s_client(1)> it uses the I<bio_err> and I<prog> parameters (unless
NULL) to print additional diagnostic information in a user-oriented way.
-OSSL_HTTP_parse_url() parses its input string I<url> as a URL
-of the form C<[http[s]://]address[:port][/path]> and splits it up into host,
-port, and path components and a flag indicating whether it begins with 'https'.
-The host component may be a DNS name or an IP address
-where IPv6 addresses should be enclosed in square brackets C<[> and C<]>.
-The port component is optional and defaults to "443" for HTTPS, else "80".
-If the I<pport_num> argument is NULL the port specification
-can be in mnemonic form such as "http" like with L<BIO_set_conn_port(3)>, else
-it must be in numerical form and its integer value is assigned to I<*pport_num>.
-The path component is also optional and defaults to "/".
-On success the function assigns via each non-NULL result pointer argument
-I<phost>, I<pport>, I<pport_num>, I<ppath>, and I<pssl>
-the respective url component.
-On error, I<*phost>, I<*pport>, and I<*ppath> are assigned to NULL,
-else they are guaranteed to contain non-NULL string pointers.
-It is the reponsibility of the caller to free them using L<OPENSSL_free(3)>.
-A string returned via I<*ppath> is guaranteed to begin with a C</> character.
-
=head1 NOTES
The names of the environment variables used by this implementation:
This must be freed by the caller. On failure, NULL is returned.
Failure conditions include connection/transfer timeout, parse errors, etc.
-OSSL_HTTP_proxy_connect() and OSSL_HTTP_parse_url()
-return 1 on success, 0 on error.
+OSSL_HTTP_proxy_connect() returns 1 on success, 0 on error.
=head1 SEE ALSO
+L<OSSL_HTTP_parse_url(3)>
L<BIO_set_conn_port(3)>
=head1 HISTORY
OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(),
-OSSL_HTTP_proxy_connect(), and OSSL_HTTP_parse_url() were added in OpenSSL 3.0.
+OSSL_HTTP_transfer(), and OSSL_HTTP_proxy_connect()
+were added in OpenSSL 3.0.
=head1 COPYRIGHT
OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio,
int method_GET, int maxline,
unsigned long max_resp_len,
- int timeout,
- const char *expected_content_type,
+ int timeout, const char *expected_ct,
int expect_asn1);
void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx,
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
const STACK_OF(CONF_VALUE) *headers,
int maxline, unsigned long max_resp_len, int timeout,
- const char *expected_content_type, int expect_asn1);
+ const char *expected_ct, int expect_asn1);
ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
const char *proxy, const char *no_proxy,
BIO *bio, BIO *rbio,
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
const STACK_OF(CONF_VALUE) *headers,
int maxline, unsigned long max_resp_len,
- int timeout, const char *expected_content_type,
- const ASN1_ITEM *it);
+ int timeout, const char *expected_ct,
+ const ASN1_ITEM *rsp_it);
ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
const char *path, int use_ssl,
const char *proxy, const char *no_proxy,
const char *proxyuser, const char *proxypass,
int timeout, BIO *bio_err, const char *prog);
-int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport,
- int *pport_num, char **ppath, int *pssl);
+int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
+ char **pport, int *pport_num,
+ char **ppath, char **pquery, char **pfrag);
# ifdef __cplusplus
}
X509_STORE *store, unsigned long flags);
# define OCSP_parse_url(url, host, port, path, ssl) \
- OSSL_HTTP_parse_url(url, host, port, NULL, path, ssl) /* backward compat */
+ OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL)
int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
return res;
}
-static int test_http_url_ok(const char *url, const char *exp_host, int exp_ssl)
+static int test_http_url_ok(const char *url, int exp_ssl, const char *exp_host,
+ const char *exp_port, const char *exp_path)
{
- char *host, *port, *path;
- int num, ssl;
+ char *user, *host, *port, *path, *query, *frag;
+ int exp_num, num, ssl;
int res;
- res = TEST_true(OSSL_HTTP_parse_url(url, &host, &port, &num, &path, &ssl))
+ TEST_int_eq(sscanf(exp_port, "%d", &exp_num), 1);
+ res = TEST_true(OSSL_HTTP_parse_url(url, &ssl, &user, &host, &port, &num,
+ &path, &query, &frag))
&& TEST_str_eq(host, exp_host)
- && TEST_str_eq(port, "65535")
- && TEST_int_eq(num, 65535)
- && TEST_str_eq(path, "/pkix")
+ && TEST_str_eq(port, exp_port)
+ && TEST_int_eq(num, exp_num)
+ && TEST_str_eq(path, exp_path)
&& TEST_int_eq(ssl, exp_ssl);
+ if (res && *user != '\0')
+ res = TEST_str_eq(user, "user:pass");
+ if (res && *frag != '\0')
+ res = TEST_str_eq(frag, "fr");
+ if (res && *query != '\0')
+ res = TEST_str_eq(query, "q");
+ OPENSSL_free(user);
OPENSSL_free(host);
OPENSSL_free(port);
OPENSSL_free(path);
+ OPENSSL_free(query);
+ OPENSSL_free(frag);
+ return res;
+}
+
+static int test_http_url_path_query_ok(const char *url, const char *exp_path_qu)
+{
+ char *host, *path;
+ int res;
+
+ res = TEST_true(OSSL_HTTP_parse_url(url, NULL, NULL, &host, NULL, NULL,
+ &path, NULL, NULL))
+ && TEST_str_eq(host, "host")
+ && TEST_str_eq(path, exp_path_qu);
+ OPENSSL_free(host);
+ OPENSSL_free(path);
return res;
}
static int test_http_url_dns(void)
{
- return test_http_url_ok("server:65535/pkix", "server", 0);
+ return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path");
+}
+
+static int test_http_url_path_query(void)
+{
+ return test_http_url_path_query_ok("http://usr@host:1/p?q=x#frag", "/p?q=x")
+ && test_http_url_path_query_ok("http://host?query#frag", "/?query")
+ && test_http_url_path_query_ok("http://host:9999#frag", "/");
+}
+
+static int test_http_url_userinfo_query_fragment(void)
+{
+ return test_http_url_ok("user:pass@host/p?q#fr", 0, "host", "80", "/p");
}
static int test_http_url_ipv4(void)
{
- return test_http_url_ok("https://1.2.3.4:65535/pkix", "1.2.3.4", 1);
+ return test_http_url_ok("https://1.2.3.4/p/q", 1, "1.2.3.4", "443", "/p/q");
}
static int test_http_url_ipv6(void)
{
- return test_http_url_ok("http://[FF01::101]:65535/pkix", "FF01::101", 0);
+ return test_http_url_ok("http://[FF01::101]:6", 0, "FF01::101", "6", "/");
}
static int test_http_url_invalid(const char *url)
int num = 1, ssl = 1;
int res;
- res = TEST_false(OSSL_HTTP_parse_url(url, &host, &port, &num, &path, &ssl))
+ res = TEST_false(OSSL_HTTP_parse_url(url, &ssl, NULL, &host, &port, &num,
+ &path, NULL, NULL))
&& TEST_ptr_null(host)
&& TEST_ptr_null(port)
&& TEST_ptr_null(path);
return 1;
ADD_TEST(test_http_url_dns);
+ ADD_TEST(test_http_url_path_query);
+ ADD_TEST(test_http_url_userinfo_query_fragment);
ADD_TEST(test_http_url_ipv4);
ADD_TEST(test_http_url_ipv6);
ADD_TEST(test_http_url_invalid_prefix);
OCSP_crlID_new(3)
OCSP_crl_reason_str(3)
OCSP_onereq_get0_id(3)
-OCSP_parse_url(3)
OCSP_request_is_signed(3)
OCSP_request_set1_name(3)
OCSP_request_verify(3)
projects / openssl.git / commitdiff