From cbb819a5ac7805201e1b9ac037517ae2423960c4 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Thu, 20 Apr 2017 19:46:52 +0000
Subject: [PATCH] add: configuration of OCSP path

Change-Id: Ibb81366d3e93485559ac68103d15b165c74822fd
---
 src/config.cpp      | 9 +++++++++
 src/crypto/X509.cpp | 4 +++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/config.cpp b/src/config.cpp
index a58cc82..ccd2f24 100644
--- a/src/config.cpp
+++ b/src/config.cpp
@@ -15,6 +15,7 @@ std::string sqlHost, sqlUser, sqlPass, sqlDB;
 std::string serialPath;
 std::string crlPrefix;
 std::string crtPrefix;
+std::string ocspPath;
 
 std::shared_ptr<std::unordered_map<std::string, std::string>> parseConf( std::string path ) {
     auto map = std::make_shared<std::unordered_map<std::string, std::string>>();
@@ -147,6 +148,14 @@ int parseConfig( std::string path ) {
     crlPrefix = masterConf->at( "crlPrefix" );
     crtPrefix = masterConf->at( "crtPrefix" );
 
+    auto ocspPathEntry = masterConf->find( "ocsp.path" );
+
+    if( ocspPathEntry == masterConf->end() ) {
+        ocspPath = "";
+    } else {
+        ocspPath = ocspPathEntry->second;
+    }
+
     if( keyDir == "" ) {
         logger::error( "Missing config property key.directory" );
         return -1;
diff --git a/src/crypto/X509.cpp b/src/crypto/X509.cpp
index d99ab68..ee5621c 100644
--- a/src/crypto/X509.cpp
+++ b/src/crypto/X509.cpp
@@ -176,6 +176,8 @@ merr:
     throw std::runtime_error( "memerr" );
 }
 
+extern std::string ocspPath;
+
 void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::shared_ptr<SAN>>& sans, Profile& prof, std::string crlURL, std::string crtURL ) {
     add_ext( caCert, target, NID_basic_constraints, "critical,CA:FALSE" );
     add_ext( caCert, target, NID_subject_key_identifier, "hash" );
@@ -183,7 +185,7 @@ void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::sha
     std::string ku = std::string( "critical," ) + prof.ku;
     add_ext( caCert, target, NID_key_usage, ku.c_str() );
     add_ext( caCert, target, NID_ext_key_usage, prof.eku.c_str() );
-    add_ext( caCert, target, NID_info_access, ( "OCSP;URI:http://ocsp.cacert.org,caIssuers;URI:" + crtURL ).c_str() );
+    add_ext( caCert, target, NID_info_access, ( ( ocspPath.empty() ? "" : "OCSP;URI:" + ocspPath + "," ) + "caIssuers;URI:" + crtURL ).c_str() );
     add_ext( caCert, target, NID_crl_distribution_points, ( "URI:" + crlURL ).c_str() );
 
     if( sans.empty() ) {
-- 
2.39.2