projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
d372d36
)
add -badsig option to ocsp utility too.
author
Dr. Stephen Henson
<steve@openssl.org>
Sun, 9 Dec 2012 16:21:46 +0000
(16:21 +0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Sun, 9 Dec 2012 16:21:46 +0000
(16:21 +0000)
apps/ocsp.c
patch
|
blob
|
history
diff --git
a/apps/ocsp.c
b/apps/ocsp.c
index ce9bfa52d61e4573220c2cd6d8cf995d89bb6bf3..16aa23b6f6cc078adc413bb53e9656a3f33115cb 100644
(file)
--- a/
apps/ocsp.c
+++ b/
apps/ocsp.c
@@
-107,7
+107,7
@@
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays);
+ int nmin, int ndays
, int badsig
);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(char *port);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(char *port);
@@
-154,6
+154,7
@@
int MAIN(int argc, char **argv)
int ret = 1;
int accept_count = -1;
int badarg = 0;
int ret = 1;
int accept_count = -1;
int badarg = 0;
+ int badsig = 0;
int i;
int ignore_err = 0;
STACK_OF(OPENSSL_STRING) *reqnames = NULL;
int i;
int ignore_err = 0;
STACK_OF(OPENSSL_STRING) *reqnames = NULL;
@@
-271,6
+272,8
@@
int MAIN(int argc, char **argv)
verify_flags |= OCSP_TRUSTOTHER;
else if (!strcmp(*args, "-no_intern"))
verify_flags |= OCSP_NOINTERN;
verify_flags |= OCSP_TRUSTOTHER;
else if (!strcmp(*args, "-no_intern"))
verify_flags |= OCSP_NOINTERN;
+ else if (!strcmp(*args, "-badsig"))
+ badsig = 1;
else if (!strcmp(*args, "-text"))
{
req_text = 1;
else if (!strcmp(*args, "-text"))
{
req_text = 1;
@@
-761,7
+764,7
@@
int MAIN(int argc, char **argv)
if (rdb)
{
if (rdb)
{
- i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
+ i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays
, badsig
);
if (cbio)
send_ocsp_response(cbio, resp);
}
if (cbio)
send_ocsp_response(cbio, resp);
}
@@
-1053,7
+1056,7
@@
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays)
+ int nmin, int ndays
, int badsig
)
{
ASN1_TIME *thisupd = NULL, *nextupd = NULL;
OCSP_CERTID *cid, *ca_id = NULL;
{
ASN1_TIME *thisupd = NULL, *nextupd = NULL;
OCSP_CERTID *cid, *ca_id = NULL;
@@
-1144,6
+1147,9
@@
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
+ if (badsig)
+ bs->signature->data[bs->signature->length -1] ^= 0x1;
+
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
end:
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
end: