long maxage);
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ X509 *ca, X509 *rcert, EVP_PKEY *rkey, const EVP_MD *md,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
+static BIO *init_responder(const char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, const char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- STACK_OF(CONF_VALUE) *headers,
- OCSP_REQUEST *req, int req_timeout);
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path,
+ const STACK_OF(CONF_VALUE) *headers,
+ OCSP_REQUEST *req, int req_timeout);
#undef PROG
#define PROG ocsp_main
char *rca_filename = NULL;
CA_DB *rdb = NULL;
int nmin = 0, ndays = -1;
- const EVP_MD *cert_id_md = NULL;
+ const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
}
else badarg = 1;
}
+ else if (!strcmp(*args, "-rmd"))
+ {
+ if (args[1])
+ {
+ args++;
+ rsign_md = EVP_get_digestbyname(*args);
+ if (!rsign_md)
+ badarg = 1;
+ }
+ else badarg = 1;
+ }
else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
{
badarg = 1;
BIO_printf (bio_err, "-ndays n number of days before next update\n");
BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
- BIO_printf (bio_err, "-<dgst alg> use specified digest in the request");
+ BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n");
goto end;
}
if (rdb)
{
- i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays, badsig);
+ i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,rsign_md, rother, rflags, nmin, ndays, badsig);
if (cbio)
send_ocsp_response(cbio, resp);
}
resp = NULL;
goto redo_accept;
}
+ ret = 0;
+ goto end;
+ }
+ else if (ridx_filename)
+ {
+ ret = 0;
goto end;
}
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ X509 *ca, X509 *rcert,
+ EVP_PKEY *rkey, const EVP_MD *rmd,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig)
{
OCSP_copy_nonce(bs, req);
- OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
+ OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags);
if (badsig)
bs->signature->data[bs->signature->length -1] ^= 0x1;
/* Quick and dirty OCSP server: read in and parse input request */
-static BIO *init_responder(char *port)
+static BIO *init_responder(const char *port)
{
BIO *acbio = NULL, *bufbio = NULL;
bufbio = BIO_new(BIO_f_buffer());
return NULL;
}
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+ const char *port)
{
int have_post = 0, len;
OCSP_REQUEST *req = NULL;
return 1;
}
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- STACK_OF(CONF_VALUE) *headers,
- OCSP_REQUEST *req, int req_timeout)
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path,
+ const STACK_OF(CONF_VALUE) *headers,
+ OCSP_REQUEST *req, int req_timeout)
{
int fd;
int rv;
}
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
- char *host, char *path, char *port, int use_ssl,
- STACK_OF(CONF_VALUE) *headers,
- int req_timeout)
+ const char *host, const char *path,
+ const char *port, int use_ssl,
+ const STACK_OF(CONF_VALUE) *headers,
+ int req_timeout)
{
BIO *cbio = NULL;
SSL_CTX *ctx = NULL;