MINOR: ssl: Add OCSP request helper function

This function creates the url and body that will be used to build a proper OCSP request for a given certid (following section A.1 of RFC6960).
2026-02-14 01:49:19 +02:00 · 2022-12-20 11:11:05 +01:00
parent 47a4f1239d
commit e09d2ae598
3 changed files with 77 additions and 0 deletions
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -88,6 +88,8 @@ unsigned int ssl_sock_get_verify_result(struct connection *conn);
 #if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
 int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err);
 int ssl_ocsp_get_uri_from_cert(X509 *cert, struct buffer *out, char **err);
+int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *req_url,
+                                    struct buffer *req_body, char **err);
 #endif
 #if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
 int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
--- a/include/haproxy/tools.h
+++ b/include/haproxy/tools.h
@@ -406,6 +406,7 @@ int addr_is_local(const struct netns_entry *ns,
 * The input string must also be zero-terminated.
 */
 extern const char hextab[];
+extern long query_encode_map[];
 char *encode_string(char *start, char *stop,
 		    const char escape, const long *map,
 		    const char *string);