projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Correctly check for trailing digest options.
[openssl.git] / apps / ocsp.c
diff --git a/apps/ocsp.c b/apps/ocsp.c
index fd38da44e3b697699309146ab75f135482d0ad4e..416e05caef824031da065b505f848952b9c79598 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -228,6 +228,7 @@ int ocsp_main(int argc, char **argv)
 {
     BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL;
     const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
 {
     BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL;
     const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
+    int trailing_md = 0;
     CA_DB *rdb = NULL;
     EVP_PKEY *key = NULL, *rkey = NULL;
     OCSP_BASICRESP *bs = NULL;
     CA_DB *rdb = NULL;
     EVP_PKEY *key = NULL, *rkey = NULL;
     OCSP_BASICRESP *bs = NULL;
@@ -439,6 +440,7 @@ int ocsp_main(int argc, char **argv)
                 goto end;
             if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
                 goto end;
                 goto end;
             if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
                 goto end;
+            trailing_md = 0;
             break;
         case OPT_SERIAL:
             if (cert_id_md == NULL)
             break;
         case OPT_SERIAL:
             if (cert_id_md == NULL)
@@ -447,6 +449,7 @@ int ocsp_main(int argc, char **argv)
                 goto end;
             if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
                 goto end;
                 goto end;
             if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
                 goto end;
+            trailing_md = 0;
             break;
         case OPT_INDEX:
             ridx_filename = opt_arg();
             break;
         case OPT_INDEX:
             ridx_filename = opt_arg();
@@ -490,7 +493,7 @@ int ocsp_main(int argc, char **argv)
                 goto end;
             break;
         case OPT_MD:
                 goto end;
             break;
         case OPT_MD:
-            if (cert_id_md != NULL) {
+            if (trailing_md) {
                 BIO_printf(bio_err,
                            "%s: Digest must be before -cert or -serial\n",
                            prog);
                 BIO_printf(bio_err,
                            "%s: Digest must be before -cert or -serial\n",
                            prog);
@@ -498,9 +501,16 @@ int ocsp_main(int argc, char **argv)
             }
             if (!opt_md(opt_unknown(), &cert_id_md))
                 goto opthelp;
             }
             if (!opt_md(opt_unknown(), &cert_id_md))
                 goto opthelp;
+            trailing_md = 1;
             break;
         }
     }
             break;
         }
     }
+
+    if (trailing_md) {
+        BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n",
+                   prog);
+        goto opthelp;
+    }
     argc = opt_num_rest();
     if (argc != 0)
         goto opthelp;
     argc = opt_num_rest();
     if (argc != 0)
         goto opthelp;
Unnamed repository; edit this file 'description' to name the repository.