Load OCSP responder key before waiting for an incoming

connection so it can prompt for pass phrase on startup
instead of after the first connection.

Add -port switch to usage message.

diff --git a/apps/ocsp.c b/apps/ocsp.c
index cc20bfe529b41b7972bd2efa4f8b133d6b1d7aa3..66460391fbfd0badd2bdb66f061e1c6c6b25d43c 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -547,6 +547,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
                BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
                BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
+               BIO_printf (bio_err, "-port num          port to run responder on\n");
                BIO_printf (bio_err, "-index file        certificate status index file\n");
                BIO_printf (bio_err, "-CA file           CA certificate\n");
                BIO_printf (bio_err, "-rsigner file      responder certificate to sign requests with\n");
@@ -595,6 +596,32 @@ int MAIN(int argc, char **argv)
                        goto end;
                }
 
+       if (rsignfile && !rdb)
+               {
+               if (!rkeyfile) rkeyfile = rsignfile;
+               rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
+                       NULL, e, "responder certificate");
+               if (!rsigner)
+                       {
+                       BIO_printf(bio_err, "Error loading responder certificate\n");
+                       goto end;
+                       }
+               rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
+                       NULL, e, "CA certificate");
+               if (rcertfile)
+                       {
+                       rother = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+                               NULL, e, "responder other certificates");
+                       if (!sign_other) goto end;
+                       }
+               rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL,
+                       "responder private key");
+               if (!rkey)
+                       goto end;
+               }
+       if(acbio)
+               BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
        redo_accept:
 
        if (acbio)
@@ -646,30 +673,6 @@ int MAIN(int argc, char **argv)
 
        if (req_text && req) OCSP_REQUEST_print(out, req, 0);
 
-       if (rsignfile && !rdb)
-               {
-               if (!rkeyfile) rkeyfile = rsignfile;
-               rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
-                       NULL, e, "responder certificate");
-               if (!rsigner)
-                       {
-                       BIO_printf(bio_err, "Error loading responder certificate\n");
-                       goto end;
-                       }
-               rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
-                       NULL, e, "CA certificate");
-               if (rcertfile)
-                       {
-                       rother = load_certs(bio_err, sign_certfile, FORMAT_PEM,
-                               NULL, e, "responder other certificates");
-                       if (!sign_other) goto end;
-                       }
-               rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL,
-                       "responder private key");
-               if (!rkey)
-                       goto end;
-               }
-
        if (ridx_filename && (!rkey || !rsigner || !rca_cert))
                {
                BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
@@ -1128,7 +1131,6 @@ static BIO *init_responder(char *port)
                        ERR_print_errors(bio_err);
                        goto err;
                }
-       BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
 
        return acbio;