#ifndef OPENSSL_NO_OCSP
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
+#include <openssl/e_os2.h>
+#include <openssl/bio.h>
#include <openssl/ocsp.h>
-#include <openssl/err.h>
+#include <openssl/txt_db.h>
#include <openssl/ssl.h>
-#include <openssl/bn.h>
+#include "apps.h"
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
if (!load_config(bio_err, NULL))
goto end;
SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
args = argv + 1;
reqnames = sk_new_null();
ids = sk_OCSP_CERTID_new_null();
BIO_printf(bio_err, "SSL is disabled\n");
goto end;
#endif
+ if (ctx == NULL)
+ {
+ BIO_printf(bio_err, "Error creating SSL context.\n");
+ goto end;
+ }
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
char *itmp, *row[DB_NUMBER],**rrow;
for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
bn = ASN1_INTEGER_to_BN(ser,NULL);
+ OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
if (BN_is_zero(bn))
itmp = BUF_strdup("00");
else
goto err;
}
- ctx = OCSP_sendreq_new(cbio, path, req, -1);
+ if (rv <= 0)
+ {
+ FD_ZERO(&confds);
+ openssl_fdset(fd, &confds);
+ tv.tv_usec = 0;
+ tv.tv_sec = req_timeout;
+ rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+ if (rv == 0)
+ {
+ BIO_puts(err, "Timeout on connect\n");
+ return NULL;
+ }
+ }
+
+ ctx = OCSP_sendreq_new(cbio, path, req, -1);
if (!ctx)
return NULL;
if (rv != -1)
break;
FD_ZERO(&confds);
- FD_SET(fd, &confds);
+ openssl_fdset(fd, &confds);
tv.tv_usec = 0;
tv.tv_sec = req_timeout;
- if (BIO_should_read(cbio) || BIO_should_io_special(cbio))
+ if (BIO_should_read(cbio))
rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
else if (BIO_should_write(cbio))
rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
}
}
-
err:
-
- OCSP_REQ_CTX_free(ctx);
+ if (ctx)
+ OCSP_REQ_CTX_free(ctx);
return rsp;
}