On Sat, Jan 11 2020, Stuart Henderson <s...@spacehopper.org> wrote: > On 2020/01/11 12:48, Kor son of Rynar wrote: >> Hi Stuart, >> >> thank you for your fast reply. >> >> On Fri, Jan 10, 2020 at 7:22 PM Stuart Henderson <s...@spacehopper.org> >> wrote: >> >> > On 2020/01/10 19:13, Kor son of Rynar wrote: >> > > On Fri, Jan 10, 2020 at 6:48 PM Kor son of Rynar < >> > daharmaster...@gmail.com> >> > > wrote: >> > > >> > > > >Fix: >> > > > Unknown. Could be related to the lack of "Connection: close" >> > > > and/or "Content-Type" headers in the HTTP request? >> > > > >> > > >> > > Adding the missing headers seems to solve the problem: >> > > >> > > --- http.c.orig Fri Jun 28 13:32:49 2019 >> > > +++ http.c Fri Jan 10 22:04:09 2020 >> > > @@ -349,7 +349,10 @@ >> > > c = asprintf(&req, >> > > "POST %s HTTP/1.0\r\n" >> > >> > ...this uses HTTP/1.0 >> > >> > > "Host: %s\r\n" >> > > + "Accept: */*\r\n" >> > > + "Content-Type: application/ocsp-request\r\n" >> > > "Content-Length: %zu\r\n" >> > > + "Connection: close\r\n" >> > >> > ...but Connection: close is an HTTP/1.1 header, so this isn't entirely >> > legit. >> > Does it work without that (i.e. just add Accept/Content-Type)? >> > >> >> It does work without the Connection: close and even without the Accept: */* >> header. It stops working when you remove the Content-Type: header. The >> diff is simpler, then: >> >> --- http.c.orig Fri Jun 28 13:32:49 2019 >> +++ http.c Sat Jan 11 15:29:22 2020 >> @@ -349,6 +349,7 @@ >> c = asprintf(&req, >> "POST %s HTTP/1.0\r\n" >> "Host: %s\r\n" >> + "Content-Type: application/ocsp-request\r\n" >> "Content-Length: %zu\r\n" >> "\r\n", >> http->path, http->host, psz); > > Great, this change is definitely safe (in fact this header is required > by the OCSP RFCs - both the current RFC 6960 and the original 2560). > > I'll reinclude the diff so it applies with patch (spaces/tabs issue) > and CC a couple of people who may be able to review - any developer OKs > to commit?
ok jca@ > Index: http.c > =================================================================== > RCS file: /cvs/src/usr.sbin/ocspcheck/http.c,v > retrieving revision 1.12 > diff -u -p -r1.12 http.c > --- http.c 28 Jun 2019 13:32:49 -0000 1.12 > +++ http.c 11 Jan 2020 16:36:10 -0000 > @@ -349,6 +349,7 @@ http_open(const struct http *http, const > c = asprintf(&req, > "POST %s HTTP/1.0\r\n" > "Host: %s\r\n" > + "Content-Type: application/ocsp-request\r\n" > "Content-Length: %zu\r\n" > "\r\n", > http->path, http->host, psz); > -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE