New -ignore_err option in ocsp application to stop the server

exiting on the first error in a request.

diff --git a/CHANGES b/CHANGES
index 52bbe03ba448df8fdee9cbac7a44782d298e618c..067516cc5bec6dd3fe20b5404a3ef0b8dbf0eebc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.7b and 0.9.7c  [xx XXX 2003]
 
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
+
   *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
      extra data after the compression methods not only for TLS 1.0
      but also for SSL 3.0 (as required by the specification).

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 17e84366d974c29a55286abfe07e24fd7e09a748..e5f186fd5ea8e1193bb0cae22af2088fe2648aab 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -136,6 +136,7 @@ int MAIN(int argc, char **argv)
        int accept_count = -1;
        int badarg = 0;
        int i;
+       int ignore_err = 0;
        STACK *reqnames = NULL;
        STACK_OF(OCSP_CERTID) *ids = NULL;
 
@@ -195,6 +196,8 @@ int MAIN(int argc, char **argv)
                                }
                        else badarg = 1;
                        }
+               else if (!strcmp(*args, "-ignore_err"))
+                       ignore_err = 1;
                else if (!strcmp(*args, "-noverify"))
                        noverify = 1;
                else if (!strcmp(*args, "-nonce"))
@@ -809,6 +812,8 @@ int MAIN(int argc, char **argv)
                {
                BIO_printf(out, "Responder Error: %s (%ld)\n",
                                OCSP_response_status_str(i), i);
+               if (ignore_err)
+                       goto redo_accept;
                ret = 0;
                goto end;
                }