1#ifdef HAVE_OPENSSL_OCSP_H
20#ifdef HAVE_OPENSSL_OCSP_H
23 { FR_CONF_OFFSET_SUBSCTION(
"staple", 0, fr_tls_conf_t, staple, ocsp_config) },
26#ifdef HAVE_OPENSSL_OCSP_H
27 if (
conf->ocsp.cache_server) {
32 ERROR(
"No such virtual server '%s'",
conf->ocsp.cache_server);
39 if (
conf->staple.cache_server) {
44 ERROR(
"No such virtual server '%s'",
conf->staple.cache_server);
52#ifdef HAVE_OPENSSL_OCSP_H
63 if (
conf->ocsp.enable) {
64 conf->ocsp.store = conf_ocsp_revocation_store(
conf);
65 if (
conf->ocsp.store == NULL)
goto error;
68 if (
conf->staple.enable) {
69 conf->staple.store = conf_ocsp_revocation_store(
conf);
70 if (
conf->staple.store == NULL)
goto error;
76#
if !defined(HAVE_OPENSSL_OCSP_H) && defined(NDEBUG)
81#ifdef HAVE_OPENSSL_OCSP_H
82 if (
conf->ocsp.store) X509_STORE_free(
conf->ocsp.store);
83 conf->ocsp.store = NULL;
84 if (
conf->staple.store) X509_STORE_free(
conf->staple.store);
85 conf->staple.store = NULL;
95#ifdef HAVE_OPENSSL_OCSP_H
96 SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_OCSP_STORE, (
void *)tls_conf->ocsp.store);
100#ifdef HAVE_OPENSSL_OCSP_H
107 if (my_ok &&
conf->ocsp.enable){
110 RDEBUG2(
"Starting OCSP Request");
118 issuer_cert = X509_STORE_CTX_get0_current_issuer(x509_ctx);
#define CONF_PARSER_TERMINATOR
cf_parse_t func
Override default parsing behaviour for the specified type with a custom parsing function.
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
#define FR_CONF_OFFSET_SUBSECTION(_name, _flags, _struct, _field, _subcs)
conf_parser_t which populates a sub-struct using a CONF_SECTION
@ CONF_FLAG_REQUIRED
Error out if no matching CONF_PAIR is found, and no dflt value is set.
@ CONF_FLAG_NOT_EMPTY
CONF_PAIR is required to have a non zero length value.
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Defines a CONF_PAIR to C data type mapping.
static int _conf_server_free(fr_tls_conf_t *conf)
int fr_tls_ocsp_check(request_t *request, SSL *ssl, X509_STORE *store, X509 *issuer_cert, X509 *client_cert, fr_tls_ocsp_conf_t *conf, bool staple_response)
int fr_tls_ocsp_state_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs)
int fr_tls_ocsp_staple_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs)
CONF_SECTION * server_cs
The server section.
int virtual_server_cf_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
Wrapper for the config parser to allow pass1 resolution of virtual servers.
virtual_server_t const * virtual_server_find(char const *name)
Return virtual server matching the specified name.
Additional validation rules for virtual server lookup.