projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Move CT viewer extension code to crypto/x509v3
[openssl.git]
/
apps
/
ocsp.c
diff --git
a/apps/ocsp.c
b/apps/ocsp.c
index 16aa23b6f6cc078adc413bb53e9656a3f33115cb..ccf2f0f9497ae56e193240da4b5b0d3fc90d2d63 100644
(file)
--- a/
apps/ocsp.c
+++ b/
apps/ocsp.c
@@
-105,17
+105,17
@@
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
long maxage);
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
long maxage);
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ X509 *ca, X509 *rcert, EVP_PKEY *rkey,
const EVP_MD *md,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
+static BIO *init_responder(c
onst c
har *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, c
onst c
har *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- STACK_OF(CONF_VALUE) *headers,
- OCSP_REQUEST *req, int req_timeout);
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, c
onst c
har *path,
+
const
STACK_OF(CONF_VALUE) *headers,
+
OCSP_REQUEST *req, int req_timeout);
#undef PROG
#define PROG ocsp_main
#undef PROG
#define PROG ocsp_main
@@
-148,6
+148,7
@@
int MAIN(int argc, char **argv)
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
char *CAfile = NULL, *CApath = NULL;
X509_STORE *store = NULL;
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
char *CAfile = NULL, *CApath = NULL;
X509_STORE *store = NULL;
+ X509_VERIFY_PARAM *vpm = NULL;
STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
@@
-165,7
+166,7
@@
int MAIN(int argc, char **argv)
char *rca_filename = NULL;
CA_DB *rdb = NULL;
int nmin = 0, ndays = -1;
char *rca_filename = NULL;
CA_DB *rdb = NULL;
int nmin = 0, ndays = -1;
- const EVP_MD *cert_id_md = NULL;
+ const EVP_MD *cert_id_md = NULL
, *rsign_md = NULL
;
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@
-356,6
+357,12
@@
int MAIN(int argc, char **argv)
}
else badarg = 1;
}
}
else badarg = 1;
}
+ else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+ {
+ if (badarg)
+ goto end;
+ continue;
+ }
else if (!strcmp (*args, "-validity_period"))
{
if (args[1])
else if (!strcmp (*args, "-validity_period"))
{
if (args[1])
@@
-561,6
+568,17
@@
int MAIN(int argc, char **argv)
}
else badarg = 1;
}
}
else badarg = 1;
}
+ else if (!strcmp(*args, "-rmd"))
+ {
+ if (args[1])
+ {
+ args++;
+ rsign_md = EVP_get_digestbyname(*args);
+ if (!rsign_md)
+ badarg = 1;
+ }
+ else badarg = 1;
+ }
else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
{
badarg = 1;
else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
{
badarg = 1;
@@
-620,7
+638,7
@@
int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-ndays n number of days before next update\n");
BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
BIO_printf (bio_err, "-ndays n number of days before next update\n");
BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
- BIO_printf (bio_err, "-<dgst alg> use specified digest in the request");
+ BIO_printf (bio_err, "-<dgst alg> use specified digest in the request
\n
");
goto end;
}
goto end;
}
@@
-637,7
+655,10
@@
int MAIN(int argc, char **argv)
if (!req && reqin)
{
if (!req && reqin)
{
- derbio = BIO_new_file(reqin, "rb");
+ if (!strcmp(reqin, "-"))
+ derbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ derbio = BIO_new_file(reqin, "rb");
if (!derbio)
{
BIO_printf(bio_err, "Error Opening OCSP request file\n");
if (!derbio)
{
BIO_printf(bio_err, "Error Opening OCSP request file\n");
@@
-739,7
+760,10
@@
int MAIN(int argc, char **argv)
if (reqout)
{
if (reqout)
{
- derbio = BIO_new_file(reqout, "wb");
+ if (!strcmp(reqout, "-"))
+ derbio = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else
+ derbio = BIO_new_file(reqout, "wb");
if(!derbio)
{
BIO_printf(bio_err, "Error opening file %s\n", reqout);
if(!derbio)
{
BIO_printf(bio_err, "Error opening file %s\n", reqout);
@@
-764,7
+788,7
@@
int MAIN(int argc, char **argv)
if (rdb)
{
if (rdb)
{
- i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays, badsig);
+ i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
rsign_md,
rother, rflags, nmin, ndays, badsig);
if (cbio)
send_ocsp_response(cbio, resp);
}
if (cbio)
send_ocsp_response(cbio, resp);
}
@@
-782,7
+806,10
@@
int MAIN(int argc, char **argv)
}
else if (respin)
{
}
else if (respin)
{
- derbio = BIO_new_file(respin, "rb");
+ if (!strcmp(respin, "-"))
+ derbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ derbio = BIO_new_file(respin, "rb");
if (!derbio)
{
BIO_printf(bio_err, "Error Opening OCSP response file\n");
if (!derbio)
{
BIO_printf(bio_err, "Error Opening OCSP response file\n");
@@
-807,7
+834,10
@@
int MAIN(int argc, char **argv)
if (respout)
{
if (respout)
{
- derbio = BIO_new_file(respout, "wb");
+ if (!strcmp(respout, "-"))
+ derbio = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else
+ derbio = BIO_new_file(respout, "wb");
if(!derbio)
{
BIO_printf(bio_err, "Error opening file %s\n", respout);
if(!derbio)
{
BIO_printf(bio_err, "Error opening file %s\n", respout);
@@
-847,6
+877,12
@@
int MAIN(int argc, char **argv)
resp = NULL;
goto redo_accept;
}
resp = NULL;
goto redo_accept;
}
+ ret = 0;
+ goto end;
+ }
+ else if (ridx_filename)
+ {
+ ret = 0;
goto end;
}
goto end;
}
@@
-854,6
+890,8
@@
int MAIN(int argc, char **argv)
store = setup_verify(bio_err, CAfile, CApath);
if (!store)
goto end;
store = setup_verify(bio_err, CAfile, CApath);
if (!store)
goto end;
+ if (vpm)
+ X509_STORE_set1_param(store, vpm);
if (verify_certfile)
{
verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
if (verify_certfile)
{
verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
@@
-904,6
+942,8
@@
end:
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
X509_free(issuer);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
X509_free(issuer);
@@
-1054,7
+1094,8
@@
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+ X509 *ca, X509 *rcert,
+ EVP_PKEY *rkey, const EVP_MD *rmd,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig)
{
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays, int badsig)
{
@@
-1145,7
+1186,7
@@
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
OCSP_copy_nonce(bs, req);
OCSP_copy_nonce(bs, req);
- OCSP_basic_sign(bs, rcert, rkey,
NULL
, rother, flags);
+ OCSP_basic_sign(bs, rcert, rkey,
rmd
, rother, flags);
if (badsig)
bs->signature->data[bs->signature->length -1] ^= 0x1;
if (badsig)
bs->signature->data[bs->signature->length -1] ^= 0x1;
@@
-1182,7
+1223,7
@@
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
/* Quick and dirty OCSP server: read in and parse input request */
/* Quick and dirty OCSP server: read in and parse input request */
-static BIO *init_responder(char *port)
+static BIO *init_responder(c
onst c
har *port)
{
BIO *acbio = NULL, *bufbio = NULL;
bufbio = BIO_new(BIO_f_buffer());
{
BIO *acbio = NULL, *bufbio = NULL;
bufbio = BIO_new(BIO_f_buffer());
@@
-1213,7
+1254,8
@@
static BIO *init_responder(char *port)
return NULL;
}
return NULL;
}
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+ const char *port)
{
int have_post = 0, len;
OCSP_REQUEST *req = NULL;
{
int have_post = 0, len;
OCSP_REQUEST *req = NULL;
@@
-1279,9
+1321,9
@@
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
return 1;
}
return 1;
}
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- STACK_OF(CONF_VALUE) *headers,
- OCSP_REQUEST *req, int req_timeout)
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, c
onst c
har *path,
+
const
STACK_OF(CONF_VALUE) *headers,
+
OCSP_REQUEST *req, int req_timeout)
{
int fd;
int rv;
{
int fd;
int rv;
@@
-1377,9
+1419,10
@@
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
}
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
}
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
- char *host, char *path, char *port, int use_ssl,
- STACK_OF(CONF_VALUE) *headers,
- int req_timeout)
+ const char *host, const char *path,
+ const char *port, int use_ssl,
+ const STACK_OF(CONF_VALUE) *headers,
+ int req_timeout)
{
BIO *cbio = NULL;
SSL_CTX *ctx = NULL;
{
BIO *cbio = NULL;
SSL_CTX *ctx = NULL;