projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix free errors in ocsp utility.
[openssl.git]
/
apps
/
ocsp.c
diff --git
a/apps/ocsp.c
b/apps/ocsp.c
index 65e20e36d4495ed4e7aa3c338f574128775ef611..64c31826f3a97414e19ed13b102fd402dd01f9c3 100644
(file)
--- a/
apps/ocsp.c
+++ b/
apps/ocsp.c
@@
-105,17
+105,17
@@
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
long maxage);
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
long maxage);
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ X509 *ca, X509 *rcert, EVP_PKEY *rkey,
const EVP_MD *md,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
+static BIO *init_responder(c
onst c
har *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, c
onst c
har *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- STACK_OF(CONF_VALUE) *headers,
- OCSP_REQUEST *req, int req_timeout);
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, c
onst c
har *path,
+
const
STACK_OF(CONF_VALUE) *headers,
+
OCSP_REQUEST *req, int req_timeout);
#undef PROG
#define PROG ocsp_main
#undef PROG
#define PROG ocsp_main
@@
-127,6
+127,7
@@
int MAIN(int argc, char **argv)
ENGINE *e = NULL;
char **args;
char *host = NULL, *port = NULL, *path = "/";
ENGINE *e = NULL;
char **args;
char *host = NULL, *port = NULL, *path = "/";
+ char *thost = NULL, *tport = NULL, *tpath = NULL;
char *reqin = NULL, *respin = NULL;
char *reqout = NULL, *respout = NULL;
char *signfile = NULL, *keyfile = NULL;
char *reqin = NULL, *respin = NULL;
char *reqout = NULL, *respout = NULL;
char *signfile = NULL, *keyfile = NULL;
@@
-166,7
+167,7
@@
int MAIN(int argc, char **argv)
char *rca_filename = NULL;
CA_DB *rdb = NULL;
int nmin = 0, ndays = -1;
char *rca_filename = NULL;
CA_DB *rdb = NULL;
int nmin = 0, ndays = -1;
- const EVP_MD *cert_id_md = NULL;
+ const EVP_MD *cert_id_md = NULL
, *rsign_md = NULL
;
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@
-206,6
+207,12
@@
int MAIN(int argc, char **argv)
}
else if (!strcmp(*args, "-url"))
{
}
else if (!strcmp(*args, "-url"))
{
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
if (args[1])
{
args++;
if (args[1])
{
args++;
@@
-214,6
+221,9
@@
int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Error parsing URL\n");
badarg = 1;
}
BIO_printf(bio_err, "Error parsing URL\n");
badarg = 1;
}
+ thost = host;
+ tport = port;
+ tpath = path;
}
else badarg = 1;
}
}
else badarg = 1;
}
@@
-568,6
+578,17
@@
int MAIN(int argc, char **argv)
}
else badarg = 1;
}
}
else badarg = 1;
}
+ else if (!strcmp(*args, "-rmd"))
+ {
+ if (args[1])
+ {
+ args++;
+ rsign_md = EVP_get_digestbyname(*args);
+ if (!rsign_md)
+ badarg = 1;
+ }
+ else badarg = 1;
+ }
else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
{
badarg = 1;
else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
{
badarg = 1;
@@
-627,7
+648,7
@@
int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-ndays n number of days before next update\n");
BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
BIO_printf (bio_err, "-ndays n number of days before next update\n");
BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
- BIO_printf (bio_err, "-<dgst alg> use specified digest in the request");
+ BIO_printf (bio_err, "-<dgst alg> use specified digest in the request
\n
");
goto end;
}
goto end;
}
@@
-777,7
+798,7
@@
int MAIN(int argc, char **argv)
if (rdb)
{
if (rdb)
{
- i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays, badsig);
+ i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
rsign_md,
rother, rflags, nmin, ndays, badsig);
if (cbio)
send_ocsp_response(cbio, resp);
}
if (cbio)
send_ocsp_response(cbio, resp);
}
@@
-952,12
+973,12
@@
end:
sk_X509_pop_free(verify_other, X509_free);
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
sk_X509_pop_free(verify_other, X509_free);
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
- if (
use_ssl != -1
)
- {
- OPENSSL_free(host);
- OPENSSL_free(port);
- OPENSSL_free(path);
- }
+ if (
thost
)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(
t
port);
+ if (tpath)
+ OPENSSL_free(tpath);
OPENSSL_EXIT(ret);
}
OPENSSL_EXIT(ret);
}
@@
-1083,7
+1104,8
@@
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ X509 *ca, X509 *rcert,
+ EVP_PKEY *rkey, const EVP_MD *rmd,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig)
{
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig)
{
@@
-1174,7
+1196,7
@@
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
OCSP_copy_nonce(bs, req);
OCSP_copy_nonce(bs, req);
- OCSP_basic_sign(bs, rcert, rkey,
NULL
, rother, flags);
+ OCSP_basic_sign(bs, rcert, rkey,
rmd
, rother, flags);
if (badsig)
bs->signature->data[bs->signature->length -1] ^= 0x1;
if (badsig)
bs->signature->data[bs->signature->length -1] ^= 0x1;
@@
-1211,7
+1233,7
@@
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
/* Quick and dirty OCSP server: read in and parse input request */
/* Quick and dirty OCSP server: read in and parse input request */
-static BIO *init_responder(char *port)
+static BIO *init_responder(c
onst c
har *port)
{
BIO *acbio = NULL, *bufbio = NULL;
bufbio = BIO_new(BIO_f_buffer());
{
BIO *acbio = NULL, *bufbio = NULL;
bufbio = BIO_new(BIO_f_buffer());
@@
-1242,7
+1264,8
@@
static BIO *init_responder(char *port)
return NULL;
}
return NULL;
}
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+ const char *port)
{
int have_post = 0, len;
OCSP_REQUEST *req = NULL;
{
int have_post = 0, len;
OCSP_REQUEST *req = NULL;
@@
-1308,9
+1331,9
@@
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
return 1;
}
return 1;
}
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- STACK_OF(CONF_VALUE) *headers,
- OCSP_REQUEST *req, int req_timeout)
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, c
onst c
har *path,
+
const
STACK_OF(CONF_VALUE) *headers,
+
OCSP_REQUEST *req, int req_timeout)
{
int fd;
int rv;
{
int fd;
int rv;
@@
-1406,9
+1429,10
@@
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
}
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
}
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
- char *host, char *path, char *port, int use_ssl,
- STACK_OF(CONF_VALUE) *headers,
- int req_timeout)
+ const char *host, const char *path,
+ const char *port, int use_ssl,
+ const STACK_OF(CONF_VALUE) *headers,
+ int req_timeout)
{
BIO *cbio = NULL;
SSL_CTX *ctx = NULL;
{
BIO *cbio = NULL;
SSL_CTX *ctx = NULL;