New -ignore_err option in ocsp application to stop the server

exiting on the first error in a request.

diff --git a/CHANGES b/CHANGES
index 421d41fd72d9cb983e5ec3bb0b31d5572bfc16ce..dd23a4ee2b122dcc34795dd92cff373e2ccf7f71 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -549,6 +549,10 @@
 
  Changes between 0.9.7b and 0.9.7c  [xx XXX 2003]
 
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
+
   *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
      extra data after the compression methods not only for TLS 1.0
      but also for SSL 3.0 (as required by the specification).

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 0cf4aad3f80be51431be6bb617f08010390ec574..9c8e20d35ab967708172dbd3e4555c84ebd16aef 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -123,6 +123,7 @@ int MAIN(int argc, char **argv)
        int accept_count = -1;
        int badarg = 0;
        int i;
+       int ignore_err = 0;
        STACK *reqnames = NULL;
        STACK_OF(OCSP_CERTID) *ids = NULL;
 
@@ -182,6 +183,8 @@ int MAIN(int argc, char **argv)
                                }
                        else badarg = 1;
                        }
+               else if (!strcmp(*args, "-ignore_err"))
+                       ignore_err = 1;
                else if (!strcmp(*args, "-noverify"))
                        noverify = 1;
                else if (!strcmp(*args, "-nonce"))
@@ -783,6 +786,8 @@ int MAIN(int argc, char **argv)
                {
                BIO_printf(out, "Responder Error: %s (%d)\n",
                                OCSP_response_status_str(i), i);
+               if (ignore_err)
+                       goto redo_accept;
                ret = 0;
                goto end;
                }