PR: 2908

[openssl.git] / apps / ocsp.c

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 03944c0757887645432b2eae6b1d0095c14ed3f4..01847dfad74ab845b223ab186cce49ef40f01338 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -75,6 +75,7 @@
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
+#include <openssl/x509v3.h>
 
 #if defined(NETWARE_CLIB)
 #  ifdef NETWARE_BSDSOCK
@@ -113,6 +114,7 @@ static BIO *init_responder(char *port);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+                               STACK_OF(CONF_VALUE) *headers,
                                OCSP_REQUEST *req, int req_timeout);
 
 #undef PROG
@@ -131,6 +133,7 @@ int MAIN(int argc, char **argv)
        char *rsignfile = NULL, *rkeyfile = NULL;
        char *outfile = NULL;
        int add_nonce = 1, noverify = 0, use_ssl = -1;
+       STACK_OF(CONF_VALUE) *headers = NULL;
        OCSP_REQUEST *req = NULL;
        OCSP_RESPONSE *resp = NULL;
        OCSP_BASICRESP *bs = NULL;
@@ -230,6 +233,16 @@ int MAIN(int argc, char **argv)
                                }
                        else badarg = 1;
                        }
+               else if (!strcmp(*args, "-header"))
+                       {
+                       if (args[1] && args[2])
+                               {
+                               if (!X509V3_add_value(args[1], args[2], &headers))
+                                       goto end;
+                               args += 2;
+                               }
+                       else badarg = 1;
+                       }
                else if (!strcmp(*args, "-ignore_err"))
                        ignore_err = 1;
                else if (!strcmp(*args, "-noverify"))
@@ -756,7 +769,7 @@ int MAIN(int argc, char **argv)
                {
 #ifndef OPENSSL_NO_SOCK
                resp = process_responder(bio_err, req, host, path,
-                                               port, use_ssl, req_timeout);
+                                       port, use_ssl, headers, req_timeout);
                if (!resp)
                        goto end;
 #else
@@ -905,6 +918,7 @@ end:
        sk_OCSP_CERTID_free(ids);
        sk_X509_pop_free(sign_other, X509_free);
        sk_X509_pop_free(verify_other, X509_free);
+       sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
 
        if (use_ssl != -1)
                {
@@ -1260,10 +1274,12 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
        }
 
 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+                               STACK_OF(CONF_VALUE) *headers,
                                OCSP_REQUEST *req, int req_timeout)
        {
        int fd;
        int rv;
+       int i;
        OCSP_REQ_CTX *ctx = NULL;
        OCSP_RESPONSE *rsp = NULL;
        fd_set confds;
@@ -1280,16 +1296,13 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
                return NULL;
                }
 
-       if (req_timeout == -1)
-               return OCSP_sendreq_bio(cbio, path, req);
-
        if (BIO_get_fd(cbio, &fd) <= 0)
                {
                BIO_puts(err, "Can't get connection fd\n");
                goto err;
                }
 
-       if (rv <= 0)
+       if (req_timeout != -1 && rv <= 0)
                {
                FD_ZERO(&confds);
                openssl_fdset(fd, &confds);
@@ -1304,15 +1317,27 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
                }
 
 
-       ctx = OCSP_sendreq_new(cbio, path, req, -1);
+       ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
        if (!ctx)
                return NULL;
+
+       for (i = 0; i < sk_CONF_VALUE_num(headers); i++)
+               {
+               CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+               if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
+                       goto err;
+               }
+
+       if (!OCSP_REQ_CTX_set1_req(ctx, req))
+               goto err;
        
        for (;;)
                {
                rv = OCSP_sendreq_nbio(&rsp, ctx);
                if (rv != -1)
                        break;
+               if (req_timeout == -1)
+                       continue;
                FD_ZERO(&confds);
                openssl_fdset(fd, &confds);
                tv.tv_usec = 0;
@@ -1336,7 +1361,7 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
                        BIO_puts(err, "Select error\n");
                        break;
                        }
-                       
+
                }
        err:
        if (ctx)
@@ -1347,6 +1372,7 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
 
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
                        char *host, char *path, char *port, int use_ssl,
+                       STACK_OF(CONF_VALUE) *headers,
                        int req_timeout)
        {
        BIO *cbio = NULL;
@@ -1381,14 +1407,14 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
                sbio = BIO_new_ssl(ctx, 1);
                cbio = BIO_push(sbio, cbio);
                }
-       resp = query_responder(err, cbio, path, req, req_timeout);
+       resp = query_responder(err, cbio, path, headers, req, req_timeout);
        if (!resp)
                BIO_printf(bio_err, "Error querying OCSP responsder\n");
        end:
-       if (ctx)
-               SSL_CTX_free(ctx);
        if (cbio)
                BIO_free_all(cbio);
+       if (ctx)
+               SSL_CTX_free(ctx);
        return resp;
        }