From 615259297331177f7141eb9165c087f91e8337c6 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Fri, 18 May 2018 15:35:10 -0400
Subject: [PATCH] HTTP URLs with multiple components in path

In some cases the OCSP URI contains multiple components in the path (e.g., http://www.example.com/OCSP/myOCSPresponder).

This PR changes check_revocation_ocsp() to remove all components in the path, rather than just the final component, when extracting the host name from the URI for the host header.
---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 725cc1a..9cba2f1 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -1504,7 +1504,7 @@ check_revocation_ocsp() {
      "$PHONE_OUT" || return 0
      tmpfile=$TEMPDIR/${NODE}-${NODEIP}.${uri##*\/} || exit $ERR_FCREATE
      host_header=${uri##http://}
-     host_header=${host_header%/*}
+     host_header=${host_header%%/*}
      $OPENSSL ocsp -no_nonce -header Host ${host_header} -url "$uri" \
           -issuer $TEMPDIR/hostcert_issuer.pem -verify_other $TEMPDIR/intermediatecerts.pem \
           -CAfile $TEMPDIR/intermediatecerts.pem -cert $HOSTCERT -text &> "$tmpfile"