forked from TrueCloudLab/lego
parent
37153517a9
commit
7789bd2ffc
1 changed files with 8 additions and 3 deletions
|
@ -14,6 +14,7 @@ import (
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"math/big"
|
"math/big"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -67,7 +68,7 @@ func GetOCSPForCert(bundle []byte) ([]byte, int, error) {
|
||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
issuerBytes, err := ioutil.ReadAll(resp.Body)
|
issuerBytes, err := ioutil.ReadAll(limitReader(resp.Body, 1024*1024))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, OCSPUnknown, err
|
return nil, OCSPUnknown, err
|
||||||
}
|
}
|
||||||
|
@ -101,7 +102,7 @@ func GetOCSPForCert(bundle []byte) ([]byte, int, error) {
|
||||||
}
|
}
|
||||||
defer req.Body.Close()
|
defer req.Body.Close()
|
||||||
|
|
||||||
ocspResBytes, err := ioutil.ReadAll(req.Body)
|
ocspResBytes, err := ioutil.ReadAll(limitReader(req.Body, 1024*1024))
|
||||||
ocspRes, err := ocsp.ParseResponse(ocspResBytes, issuerCert)
|
ocspRes, err := ocsp.ParseResponse(ocspResBytes, issuerCert)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, OCSPUnknown, err
|
return nil, OCSPUnknown, err
|
||||||
|
@ -312,3 +313,7 @@ func generateDerCert(privKey *rsa.PrivateKey, expiration time.Time, domain strin
|
||||||
|
|
||||||
return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
|
return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func limitReader(rd io.ReadCloser, numBytes int64) io.ReadCloser {
|
||||||
|
return http.MaxBytesReader(nil, rd, numBytes)
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue