From 5aa1dce5ee401f695433b2b523a172ee551d969a Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Thu, 10 Jun 2021 13:51:12 +0200 Subject: [PATCH] MINOR: ssl: Keep the actual key length in the certificate_ocsp structure The OCSP tree entry key is a serialized version of the OCSP_CERTID of the entry which is stored in a buffer that can be at most 128 bytes. Depending on the length of the serial number, the actual non-zero part of the key can be smaller than 128 bytes and this new structure member allows to know how many of the bytes are filled. It will be useful when dumping the key (in a "show ssl cert " output for instance). --- src/ssl_sock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 3b92ec1..5ea49d5 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -853,6 +853,7 @@ nosec: struct certificate_ocsp { struct ebmb_node key; unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH]; + unsigned int key_length; struct buffer response; int refcount; long expire; @@ -1364,7 +1365,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc goto out; p = ocsp->key_data; - i2d_OCSP_CERTID(cid, &p); + ocsp->key_length = i2d_OCSP_CERTID(cid, &p); iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH); if (iocsp == ocsp) -- 1.7.10.4