projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Handle krb5 libraries separately and make sure only libssl.so depends
[openssl.git]
/
apps
/
ocsp.c
diff --git
a/apps/ocsp.c
b/apps/ocsp.c
index 50af2a56f1fd479ffc66775aa8d1df826e95dff4..f05ec0e65540dffa0c32cc4f83189ee7e0e32a40 100644
(file)
--- a/
apps/ocsp.c
+++ b/
apps/ocsp.c
@@
-55,14
+55,15
@@
* Hudson (tjh@cryptsoft.com).
*
*/
* Hudson (tjh@cryptsoft.com).
*
*/
+#ifndef OPENSSL_NO_OCSP
#include <stdio.h>
#include <string.h>
#include <stdio.h>
#include <string.h>
+#include "apps.h"
#include <openssl/pem.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
-#include "apps.h"
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
@@
-613,11
+614,11
@@
int MAIN(int argc, char **argv)
NULL, e, "CA certificate");
if (rcertfile)
{
NULL, e, "CA certificate");
if (rcertfile)
{
- rother = load_certs(bio_err,
sign_
certfile, FORMAT_PEM,
+ rother = load_certs(bio_err,
r
certfile, FORMAT_PEM,
NULL, e, "responder other certificates");
NULL, e, "responder other certificates");
- if (!
sign_
other) goto end;
+ if (!
r
other) goto end;
}
}
- rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL,
+ rkey = load_key(bio_err, rkeyfile, FORMAT_PEM,
0,
NULL, NULL,
"responder private key");
if (!rkey)
goto end;
"responder private key");
if (!rkey)
goto end;
@@
-663,7
+664,7
@@
int MAIN(int argc, char **argv)
NULL, e, "signer certificates");
if (!sign_other) goto end;
}
NULL, e, "signer certificates");
if (!sign_other) goto end;
}
- key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL,
+ key = load_key(bio_err, keyfile, FORMAT_PEM,
0,
NULL, NULL,
"signer private key");
if (!key)
goto end;
"signer private key");
if (!key)
goto end;
@@
-722,7
+723,12
@@
int MAIN(int argc, char **argv)
}
else if (host)
{
}
else if (host)
{
+#ifndef OPENSSL_NO_SOCK
cbio = BIO_new_connect(host);
cbio = BIO_new_connect(host);
+#else
+ BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
+ goto end;
+#endif
if (!cbio)
{
BIO_printf(bio_err, "Error creating connect BIO\n");
if (!cbio)
{
BIO_printf(bio_err, "Error creating connect BIO\n");
@@
-732,7
+738,16
@@
int MAIN(int argc, char **argv)
if (use_ssl == 1)
{
BIO *sbio;
if (use_ssl == 1)
{
BIO *sbio;
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
ctx = SSL_CTX_new(SSLv23_client_method());
ctx = SSL_CTX_new(SSLv23_client_method());
+#elif !defined(OPENSSL_NO_SSL3)
+ ctx = SSL_CTX_new(SSLv3_client_method());
+#elif !defined(OPENSSL_NO_SSL2)
+ ctx = SSL_CTX_new(SSLv2_client_method());
+#else
+ BIO_printf(bio_err, "SSL is disabled\n");
+ goto end;
+#endif
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
@@
-899,7
+914,7
@@
end:
SSL_CTX_free(ctx);
}
SSL_CTX_free(ctx);
}
- EXIT(ret);
+
OPENSSL_
EXIT(ret);
}
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
}
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
@@
-1120,7
+1135,10
@@
static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
char *itmp, *row[DB_NUMBER],**rrow;
for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
bn = ASN1_INTEGER_to_BN(ser,NULL);
char *itmp, *row[DB_NUMBER],**rrow;
for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
bn = ASN1_INTEGER_to_BN(ser,NULL);
- itmp = BN_bn2hex(bn);
+ if (BN_is_zero(bn))
+ itmp = BUF_strdup("00");
+ else
+ itmp = BN_bn2hex(bn);
row[DB_serial] = itmp;
BN_free(bn);
rrow=TXT_DB_get_by_index(db,DB_serial,row);
row[DB_serial] = itmp;
BN_free(bn);
rrow=TXT_DB_get_by_index(db,DB_serial,row);
@@
-1136,7
+1154,11
@@
static BIO *init_responder(char *port)
bufbio = BIO_new(BIO_f_buffer());
if (!bufbio)
goto err;
bufbio = BIO_new(BIO_f_buffer());
if (!bufbio)
goto err;
+#ifndef OPENSSL_NO_SOCK
acbio = BIO_new_accept(port);
acbio = BIO_new_accept(port);
+#else
+ BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
+#endif
if (!acbio)
goto err;
BIO_set_accept_bios(acbio, bufbio);
if (!acbio)
goto err;
BIO_set_accept_bios(acbio, bufbio);
@@
-1176,7
+1198,7
@@
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port
for(;;)
{
for(;;)
{
- len = BIO_gets(cbio, inbuf,
1024
);
+ len = BIO_gets(cbio, inbuf,
sizeof inbuf
);
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */
@@
-1223,3
+1245,4
@@
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
return 1;
}
return 1;
}
+#endif