CDRIVER-3739 Add 5 second timeout to OCSP (#658)

- Reuse libmongoc's HTTP function instead of OCSP_sendreq_new
- Support TLS in OCSP endpoint

Author: kevinAlbs

src/libmongoc/CMakeLists.txt

@@ -512,6 +512,7 @@ set (SOURCES ${SOURCES}
    ${PROJECT_SOURCE_DIR}/src/mongoc/mongoc-gridfs-file-list.c
    ${PROJECT_SOURCE_DIR}/src/mongoc/mongoc-handshake.c
    ${PROJECT_SOURCE_DIR}/src/mongoc/mongoc-host-list.c
+   ${PROJECT_SOURCE_DIR}/src/mongoc/mongoc-http.c
    ${PROJECT_SOURCE_DIR}/src/mongoc/mongoc-index.c
    ${PROJECT_SOURCE_DIR}/src/mongoc/mongoc-init.c
    ${PROJECT_SOURCE_DIR}/src/mongoc/mongoc-interrupt.c
@@ -898,6 +899,7 @@ set (test-libmongoc-sources
    ${PROJECT_SOURCE_DIR}/tests/test-mongoc-gridfs.c
    ${PROJECT_SOURCE_DIR}/tests/test-mongoc-handshake.c
    ${PROJECT_SOURCE_DIR}/tests/test-mongoc-hedged-reads.c
+   ${PROJECT_SOURCE_DIR}/tests/test-mongoc-http.c
    ${PROJECT_SOURCE_DIR}/tests/test-mongoc-interrupt.c
    ${PROJECT_SOURCE_DIR}/tests/test-mongoc-linux-distro-scanner.c
    ${PROJECT_SOURCE_DIR}/tests/test-mongoc-list.c

src/libmongoc/src/mongoc/CMakeLists.txt

@@ -116,6 +116,7 @@ set (src_libmongoc_src_mongoc_DIST_noinst_hs
    mongoc-handshake-os-private.h
    mongoc-handshake-private.h
    mongoc-host-list-private.h
+   mongoc-http-private.h
    mongoc-interrupt-private.h
    mongoc-libressl-private.h
    mongoc-linux-distro-scanner-private.h
@@ -210,6 +211,7 @@ set (src_libmongoc_src_mongoc_DIST_cs
    mongoc-gridfs-file-page.c
    mongoc-gridfs-file-list.c
    mongoc-handshake.c
+   mongoc-http.c
    mongoc-index.c
    mongoc-linux-distro-scanner.c
    mongoc-list.c

src/libmongoc/src/mongoc/mongoc-cluster-aws.c

@@ -25,6 +25,7 @@
 #include "mongoc-trace-private.h"
 #include "mongoc-uri-private.h"
 #include "mongoc-util-private.h"
+#include "mongoc-http-private.h"
 
 #undef MONGOC_LOG_DOMAIN
 #define MONGOC_LOG_DOMAIN "aws_auth"
@@ -145,88 +146,35 @@ _send_http_request (const char *ip,
                     char **http_response_headers,
                     bson_error_t *error)
 {
-   mongoc_stream_t *stream = NULL;
-   mongoc_host_list_t host_list;
-   bool ret = false;
-   mongoc_iovec_t iovec;
-   uint8_t buf[512];
-   ssize_t bytes_read;
+   mongoc_http_request_t req;
+   mongoc_http_response_t res;
    const int socket_timeout_ms = 10000;
-   char *http_request = NULL;
-   bson_string_t *http_response = NULL;
-   char *ptr;
-   bool need_slash;
+   bool ret;
 
    *http_response_body = NULL;
    *http_response_headers = NULL;
-
-   if (!_mongoc_host_list_from_hostport_with_err (
-          &host_list, ip, port, error)) {
-      goto fail;
-   }
-
-   stream = mongoc_client_connect_tcp (socket_timeout_ms, &host_list, error);
-   if (!stream) {
-      goto fail;
-   }
-
-   if (strstr (path, "/") == path) {
-      need_slash = false;
-   } else {
-      need_slash = true;
-   }
-
-   /* Always add 'Host: <domain>' header. */
-   http_request = bson_strdup_printf (
-      "%s %s%s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\n%s\r\n",
-      method,
-      need_slash ? "/" : "",
-      path,
-      ip,
-      headers);
-   iovec.iov_base = http_request;
-   iovec.iov_len = strlen (http_request);
-
-   if (!_mongoc_stream_writev_full (
-          stream, &iovec, 1, socket_timeout_ms, error)) {
-      goto fail;
-   }
-
-   /* If timeout == 0, you'll get EAGAIN errors. */
-   http_response = bson_string_new (NULL);
-   memset (buf, 0, sizeof (buf));
-   /* leave at least one byte out of buffer to leave it null terminated. */
-   while ((bytes_read = mongoc_stream_read (
-              stream, buf, (sizeof buf) - 1, 0, socket_timeout_ms)) > 0) {
-      bson_string_append (http_response, (const char *) buf);
-      memset (buf, 0, sizeof (buf));
-   }
-
-   if (bytes_read < 0) {
-      char errmsg_buf[BSON_ERROR_BUFFER_SIZE];
-      char *errmsg;
-
-      errmsg = bson_strerror_r (errno, errmsg_buf, sizeof errmsg_buf);
-      AUTH_ERROR_AND_FAIL ("error occurred reading stream: %s", errmsg);
-   }
-
-   /* Find the body. */
-   ptr = strstr (http_response->str, "\r\n\r\n");
-   if (NULL == ptr) {
-      AUTH_ERROR_AND_FAIL ("error occurred reading response, body not found");
-   }
-
-   *http_response_headers =
-      bson_strndup (http_response->str, ptr - http_response->str);
-   *http_response_body = bson_strdup (ptr + 4);
-
-   ret = true;
-fail:
-   mongoc_stream_destroy (stream);
-   bson_free (http_request);
-   if (http_response) {
-      bson_string_free (http_response, true);
-   }
+   _mongoc_http_request_init (&req);
+   _mongoc_http_response_init (&res);
+
+   req.host = ip;
+   req.port = port;
+   req.method = method;
+   req.path = path;
+   req.extra_headers = headers;
+   ret = _mongoc_http_send (&req,
+                            socket_timeout_ms,
+                            false /* use_tls */,
+                            NULL /* ssl_opts */,
+                            &res,
+                            error);
+
+   if (ret) {
+      *http_response_headers = bson_strndup (res.headers, res.headers_len);
+      *http_response_body = (char *) bson_malloc0 (res.body_len + 1);
+      memcpy (*http_response_body, res.body, res.body_len);
+   }
+
+   _mongoc_http_response_cleanup (&res);
    return ret;
 }
 

src/libmongoc/src/mongoc/mongoc-http-private.h

@@ -0,0 +1,67 @@
+/*
+ * Copyright 2020-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "mongoc.h"
+#include "mongoc-ssl.h"
+
+#include "mongoc-prelude.h"
+
+#ifndef MONGOC_HTTP_PRIVATE_H
+#define MONGOC_HTTP_PRIVATE_H
+
+typedef struct {
+   const char *host;
+   int port;
+   const char *method;
+   const char *path;
+   const char *extra_headers;
+   const char *body;
+   int body_len;
+} mongoc_http_request_t;
+
+typedef struct {
+   int status;
+   char *headers;
+   int headers_len;
+   char *body;
+   int body_len;
+} mongoc_http_response_t;
+
+void
+_mongoc_http_request_init (mongoc_http_request_t *request);
+
+void
+_mongoc_http_response_init (mongoc_http_response_t *response);
+
+void
+_mongoc_http_response_cleanup (mongoc_http_response_t *response);
+
+/*
+ * Send an HTTP request and get a response.
+ * On success, returns true.
+ * On failure, returns false and sets error.
+ * If use_tls is true, then ssl_opts must be set.
+ * Caller must call _mongoc_http_response_cleanup on res.
+ */
+bool
+_mongoc_http_send (mongoc_http_request_t *req,
+                   int timeout_ms,
+                   bool use_tls,
+                   mongoc_ssl_opt_t *ssl_opts,
+                   mongoc_http_response_t *res,
+                   bson_error_t *error);
+
+#endif /* MONGOC_HTTP_PRIVATE */