#include <stdio.h>
#include <string.h>
+#include "apps.h"
#include <openssl/pem.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
-#include "apps.h"
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
int nmin = 0, ndays = -1;
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
SSL_load_error_strings();
args = argv + 1;
reqnames = sk_new_null();
BIO_printf (bio_err, "-port num port to run responder on\n");
BIO_printf (bio_err, "-index file certificate status index file\n");
BIO_printf (bio_err, "-CA file CA certificate\n");
- BIO_printf (bio_err, "-rsigner file responder certificate to sign requests with\n");
- BIO_printf (bio_err, "-rkey file responder key to sign requests with\n");
+ BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
+ BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
BIO_printf (bio_err, "-rother file other certificates to include in response\n");
BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
NULL, e, "CA certificate");
if (rcertfile)
{
- rother = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+ rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
NULL, e, "responder other certificates");
- if (!sign_other) goto end;
+ if (!rother) goto end;
}
- rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL,
+ rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
"responder private key");
if (!rkey)
goto end;
NULL, e, "signer certificates");
if (!sign_other) goto end;
}
- key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL,
+ key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
"signer private key");
if (!key)
goto end;
if (req_text && req) OCSP_REQUEST_print(out, req, 0);
+ if (reqout)
+ {
+ derbio = BIO_new_file(reqout, "wb");
+ if(!derbio)
+ {
+ BIO_printf(bio_err, "Error opening file %s\n", reqout);
+ goto end;
+ }
+ i2d_OCSP_REQUEST_bio(derbio, req);
+ BIO_free(derbio);
+ }
+
if (ridx_filename && (!rkey || !rsigner || !rca_cert))
{
BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
if (!store)
store = setup_verify(bio_err, CAfile, CApath);
+ if (!store)
+ goto end;
if (verify_certfile)
{
verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
SSL_CTX_free(ctx);
}
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
char *itmp, *row[DB_NUMBER],**rrow;
for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
bn = ASN1_INTEGER_to_BN(ser,NULL);
- itmp = BN_bn2hex(bn);
+ if (BN_is_zero(bn))
+ itmp = BUF_strdup("00");
+ else
+ itmp = BN_bn2hex(bn);
row[DB_serial] = itmp;
BN_free(bn);
rrow=TXT_DB_get_by_index(db,DB_serial,row);
for(;;)
{
- len = BIO_gets(cbio, inbuf, 1024);
+ len = BIO_gets(cbio, inbuf, sizeof inbuf);
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */