From: Dr. Stephen Henson Date: Fri, 14 Dec 2012 23:29:58 +0000 (+0000) Subject: oops, revert, committed in error X-Git-Tag: master-post-reformat~1518 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=92821996de4a381635f5d048345c3b0f8fe9a30b oops, revert, committed in error --- diff --git a/apps/ocsp.c b/apps/ocsp.c index f5e37a6358..16aa23b6f6 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -148,7 +148,6 @@ int MAIN(int argc, char **argv) long nsec = MAX_VALIDITY_PERIOD, maxage = -1; char *CAfile = NULL, *CApath = NULL; X509_STORE *store = NULL; - X509_VERIFY_PARAM *vpm = NULL; STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; @@ -357,12 +356,6 @@ int MAIN(int argc, char **argv) } else badarg = 1; } - else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) - { - if (badarg) - goto end; - continue; - } else if (!strcmp (*args, "-validity_period")) { if (args[1]) @@ -644,10 +637,7 @@ int MAIN(int argc, char **argv) if (!req && reqin) { - if (!strcmp(reqin, "-")) - derbio = BIO_new_fp(stdin, BIO_NOCLOSE); - else - derbio = BIO_new_file(reqin, "rb"); + derbio = BIO_new_file(reqin, "rb"); if (!derbio) { BIO_printf(bio_err, "Error Opening OCSP request file\n"); @@ -749,10 +739,7 @@ int MAIN(int argc, char **argv) if (reqout) { - if (!strcmp(respout, "-")) - derbio = BIO_new_fp(stdout, BIO_NOCLOSE); - else - derbio = BIO_new_file(reqout, "wb"); + derbio = BIO_new_file(reqout, "wb"); if(!derbio) { BIO_printf(bio_err, "Error opening file %s\n", reqout); @@ -795,10 +782,7 @@ int MAIN(int argc, char **argv) } else if (respin) { - if (!strcmp(respin, "-")) - derbio = BIO_new_fp(stdin, BIO_NOCLOSE); - else - derbio = BIO_new_file(respin, "rb"); + derbio = BIO_new_file(respin, "rb"); if (!derbio) { BIO_printf(bio_err, "Error Opening OCSP response file\n"); @@ -823,10 +807,7 @@ int MAIN(int argc, char **argv) if (respout) { - if (!strcmp(respout, "-")) - derbio = BIO_new_fp(stdout, BIO_NOCLOSE); - else - derbio = BIO_new_file(respout, "wb"); + derbio = BIO_new_file(respout, "wb"); if(!derbio) { BIO_printf(bio_err, "Error opening file %s\n", respout); @@ -873,8 +854,6 @@ int MAIN(int argc, char **argv) store = setup_verify(bio_err, CAfile, CApath); if (!store) goto end; - if (vpm) - X509_STORE_set1_param(store, vpm); if (verify_certfile) { verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, @@ -925,8 +904,6 @@ end: ERR_print_errors(bio_err); X509_free(signer); X509_STORE_free(store); - if (vpm) - X509_VERIFY_PARAM_free(vpm); EVP_PKEY_free(key); EVP_PKEY_free(rkey); X509_free(issuer); diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf index ddf440bcc8..c45fcfd61e 100644 --- a/demos/certs/ca.cnf +++ b/demos/certs/ca.cnf @@ -35,7 +35,6 @@ commonName = $ENV::CN basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment -subjectAltName=DNS:crl.host.com # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" @@ -43,14 +42,12 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid -authorityInfoAccess = OCSP;URI:http://ocsp.host.com:8080/cgi-bin/prinenv/some/ocsp/path # OCSP responder certificate [ ocsp_cert ] basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment - # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" diff --git a/demos/certs/mkcerts.sh b/demos/certs/mkcerts.sh index d0fdeac72e..18daa6bcfb 100644 --- a/demos/certs/mkcerts.sh +++ b/demos/certs/mkcerts.sh @@ -15,7 +15,7 @@ $OPENSSL x509 -req -in intreq.pem -CA root.pem -days 3600 \ -extfile ca.cnf -extensions v3_ca -CAcreateserial -out intca.pem # Server certificate: create request first -CN="crl.host.com" $OPENSSL req -config ca.cnf -nodes \ +CN="Test Server Cert" $OPENSSL req -config ca.cnf -nodes \ -keyout skey.pem -out req.pem -newkey rsa:1024 # Sign request: end entity extensions $OPENSSL x509 -req -in req.pem -CA intca.pem -CAkey intkey.pem -days 3600 \