search

mpeylo / cmpossl

An OpenSSL-based implementation of the Certificate Management Protocol (CMP), defined in IETF RFCs 4210, 4211, and 6712. It is being extended according to the emerging RFCs 'CMP Updates' (CMPv3), 'CMP Algorithms', and 'Lightweight CMP Profile'.
https://github.com/mpeylo/cmpossl/wiki
Other
35 stars 13 forks source link

HTTP client does not support redirection (HTTP code 302), e.g., when trailing '/' is missing #112

Closed DDvO closed 3 years ago

DDvO commented 6 years ago

When the path (aka CMP alias) does not include a trailing '/' and the server redirects to the same path with trailing '/', the client cannot handle this and yields:

2147483656:error:27076072:OCSP routines:parse_http_line1:server response error:crypto/ocsp/ocsp_ht.c:260:Code=302,Reason=Found
2147483656:error:3509F089:CMP routines:CMP_PKIMESSAGE_http_perform:failed to receive pkimessage:crypto/cmp/cmp_http.c:495:
2147483656:error:140E0197:SSL routines:SSL_shutdown:shutdown while in init:ssl/ssl_lib.c:1989:
2147483656:error:350B1089:CMP routines:send_receive_check:failed to receive pkimessage:crypto/cmp/cmp_ses.c:230:
2147483656:error:3509306A:CMP routines:CMP_exec_CR_ses:cp not received:crypto/cmp/cmp_ses.c:234:

This is a limitation of the underlying very limited HTTP client (which had been designed for OCSP response retrieval).

DDvO commented 4 years ago

This limitation will be gone after merge of https://github.com/openssl/openssl/pull/10667.