#include <openssl/bn.h>
#include <openssl/x509v3.h>
-DEFINE_STACK_OF(OCSP_CERTID)
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF_STRING()
+#if defined(__TANDEM)
+# if defined(OPENSSL_TANDEM_FLOSS)
+# include <floss.h(floss_fork)>
+# endif
+#endif
#if defined(OPENSSL_SYS_VXWORKS)
/* not supported */
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
const EVP_MD *cert_id_md, X509 *issuer,
STACK_OF(OCSP_CERTID) *ids);
-static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
STACK_OF(OPENSSL_STRING) *names,
STACK_OF(OCSP_CERTID) *ids, long nsec,
long maxage);
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
- char *header, *value;
+ char *header, *value, *respdigname = NULL;
char *host = NULL, *port = NULL, *path = "/", *outfile = NULL;
char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
path = opt_arg();
break;
case OPT_ISSUER:
- issuer = load_cert(opt_arg(), FORMAT_UNDEF,
- "issuer certificate");
+ issuer = load_cert(opt_arg(), "issuer certificate");
if (issuer == NULL)
goto end;
if (issuers == NULL) {
break;
case OPT_CERT:
X509_free(cert);
- cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
+ cert = load_cert(opt_arg(), "certificate");
if (cert == NULL)
goto end;
if (cert_id_md == NULL)
rcertfile = opt_arg();
break;
case OPT_RMD: /* Response MessageDigest */
- if (!opt_md(opt_arg(), &rsign_md))
- goto end;
+ respdigname = opt_arg();
break;
case OPT_RSIGOPT:
if (rsign_sigopts == NULL)
break;
}
}
+
+ /* No extra arguments. */
+ argc = opt_num_rest();
+ if (argc != 0)
+ goto opthelp;
+
if (trailing_md) {
BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n",
prog);
goto opthelp;
}
- argc = opt_num_rest();
- if (argc != 0)
- goto opthelp;
+
+ if (respdigname != NULL) {
+ if (!opt_md(respdigname, &rsign_md))
+ goto end;
+ }
/* Have we anything to do? */
if (req == NULL && reqin == NULL
if (rsignfile != NULL) {
if (rkeyfile == NULL)
rkeyfile = rsignfile;
- rsigner = load_cert(rsignfile, FORMAT_UNDEF,
- "responder certificate");
+ rsigner = load_cert(rsignfile, "responder certificate");
if (rsigner == NULL) {
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
if (signfile != NULL) {
if (keyfile == NULL)
keyfile = signfile;
- signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate");
+ signer = load_cert(signfile, "signer certificate");
if (signer == NULL) {
BIO_printf(bio_err, "Error loading signer certificate\n");
goto end;
}
}
- print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage);
+ if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
+ ret = 1;
end:
ERR_print_errors(bio_err);
return 0;
}
-static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
STACK_OF(OPENSSL_STRING) *names,
STACK_OF(OCSP_CERTID) *ids, long nsec,
long maxage)
const char *name;
int i, status, reason;
ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+ int ret = 1;
- if (bs == NULL || req == NULL || !sk_OPENSSL_STRING_num(names)
- || !sk_OCSP_CERTID_num(ids))
- return;
+ if (req == NULL || !sk_OPENSSL_STRING_num(names))
+ return 1;
+
+ if (bs == NULL || !sk_OCSP_CERTID_num(ids))
+ return 0;
for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
id = sk_OCSP_CERTID_value(ids, i);
if (!OCSP_resp_find_status(bs, id, &status, &reason,
&rev, &thisupd, &nextupd)) {
BIO_puts(out, "ERROR: No Status found.\n");
+ ret = 0;
continue;
}
ASN1_GENERALIZEDTIME_print(out, rev);
BIO_puts(out, "\n");
}
+ return ret;
}
static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req,