#include <stdio.h>
#include <string.h>
+#include "apps.h"
#include <openssl/pem.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
-#include "apps.h"
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
int nmin = 0, ndays = -1;
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
SSL_load_error_strings();
args = argv + 1;
reqnames = sk_new_null();
BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
BIO_printf (bio_err, "-no_chain don't chain verify response\n");
BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
+ BIO_printf (bio_err, "-port num port to run responder on\n");
BIO_printf (bio_err, "-index file certificate status index file\n");
BIO_printf (bio_err, "-CA file CA certificate\n");
- BIO_printf (bio_err, "-rsigner file responder certificate to sign requests with\n");
- BIO_printf (bio_err, "-rkey file responder key to sign requests with\n");
+ BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
+ BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
BIO_printf (bio_err, "-rother file other certificates to include in response\n");
BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
goto end;
}
+ if (rsignfile && !rdb)
+ {
+ if (!rkeyfile) rkeyfile = rsignfile;
+ rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
+ NULL, e, "responder certificate");
+ if (!rsigner)
+ {
+ BIO_printf(bio_err, "Error loading responder certificate\n");
+ goto end;
+ }
+ rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
+ NULL, e, "CA certificate");
+ if (rcertfile)
+ {
+ rother = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+ NULL, e, "responder other certificates");
+ if (!sign_other) goto end;
+ }
+ rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL,
+ "responder private key");
+ if (!rkey)
+ goto end;
+ }
+ if(acbio)
+ BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
redo_accept:
if (acbio)
if (req_text && req) OCSP_REQUEST_print(out, req, 0);
- if (rsignfile && !rdb)
+ if (reqout)
{
- if (!rkeyfile) rkeyfile = rsignfile;
- rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
- NULL, e, "responder certificate");
- if (!rsigner)
+ derbio = BIO_new_file(reqout, "wb");
+ if(!derbio)
{
- BIO_printf(bio_err, "Error loading responder certificate\n");
+ BIO_printf(bio_err, "Error opening file %s\n", reqout);
goto end;
}
- rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
- NULL, e, "CA certificate");
- if (rcertfile)
- {
- rother = load_certs(bio_err, sign_certfile, FORMAT_PEM,
- NULL, e, "responder other certificates");
- if (!sign_other) goto end;
- }
- rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL,
- "responder private key");
- if (!rkey)
- goto end;
+ i2d_OCSP_REQUEST_bio(derbio, req);
+ BIO_free(derbio);
}
if (ridx_filename && (!rkey || !rsigner || !rca_cert))
if (!store)
store = setup_verify(bio_err, CAfile, CApath);
+ if (!store)
+ goto end;
if (verify_certfile)
{
verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
ERR_print_errors(bio_err);
goto err;
}
- BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
return acbio;
projects / openssl.git / blobdiff