MINOR: ssl: Keep the actual key length in the certificate_ocsp structure The OCSP tree entry key is a serialized version of the OCSP_CERTID of the entry which is stored in a buffer that can be at most 128 bytes. Depending on the length of the serial number, the actual non-zero part of the key can be smaller than 128 bytes and this new structure member allows to know how many of the bytes are filled. It will be useful when dumping the key (in a "show ssl cert <cert>" output for instance).

commit: 5aa1dce5ee401f695433b2b523a172ee551d969a [log] [tgz]
author: Remi Tricot-Le Breton <rlebreton@haproxy.com> Thu Jun 10 13:51:12 2021 +0200
committer: William Lallemand <wlallemand@haproxy.org> Thu Jun 10 16:44:11 2021 +0200
tree: d496ff665d7fddbafdf9974e505e58962b31e8db
parent: 12554d00f6ed16324a0dfbafb5230f8f0136e4ba [diff] [blame]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3b92ec1..5ea49d5 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -853,6 +853,7 @@
 struct certificate_ocsp {
 	struct ebmb_node key;
 	unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
+	unsigned int key_length;
 	struct buffer response;
 	int refcount;
 	long expire;
@@ -1364,7 +1365,7 @@
 		goto out;
 
 	p = ocsp->key_data;
-	i2d_OCSP_CERTID(cid, &p);
+	ocsp->key_length = i2d_OCSP_CERTID(cid, &p);
 
 	iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
 	if (iocsp == ocsp)
commit	5aa1dce5ee401f695433b2b523a172ee551d969a	[log] [tgz]
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>	Thu Jun 10 13:51:12 2021 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Thu Jun 10 16:44:11 2021 +0200
tree	d496ff665d7fddbafdf9974e505e58962b31e8db
parent	12554d00f6ed16324a0dfbafb5230f8f0136e4ba [diff] [blame]