OLD | NEW |
1 /* ocsp.c */ | 1 /* ocsp.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project 2000. | 3 * project 2000. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
50 * OF THE POSSIBILITY OF SUCH DAMAGE. | 50 * OF THE POSSIBILITY OF SUCH DAMAGE. |
51 * ==================================================================== | 51 * ==================================================================== |
52 * | 52 * |
53 * This product includes cryptographic software written by Eric Young | 53 * This product includes cryptographic software written by Eric Young |
54 * (eay@cryptsoft.com). This product includes software written by Tim | 54 * (eay@cryptsoft.com). This product includes software written by Tim |
55 * Hudson (tjh@cryptsoft.com). | 55 * Hudson (tjh@cryptsoft.com). |
56 * | 56 * |
57 */ | 57 */ |
58 #ifndef OPENSSL_NO_OCSP | 58 #ifndef OPENSSL_NO_OCSP |
| 59 |
| 60 #ifdef OPENSSL_SYS_VMS |
| 61 #define _XOPEN_SOURCE_EXTENDED /* So fd_set and friends get properly defined |
| 62 on OpenVMS */ |
| 63 #endif |
| 64 |
59 #define USE_SOCKETS | 65 #define USE_SOCKETS |
| 66 |
60 #include <stdio.h> | 67 #include <stdio.h> |
61 #include <stdlib.h> | 68 #include <stdlib.h> |
62 #include <string.h> | 69 #include <string.h> |
| 70 #include <time.h> |
63 #include "apps.h" /* needs to be included before the openssl headers! */ | 71 #include "apps.h" /* needs to be included before the openssl headers! */ |
64 #include <openssl/e_os2.h> | 72 #include <openssl/e_os2.h> |
| 73 #include <openssl/crypto.h> |
| 74 #include <openssl/err.h> |
65 #include <openssl/ssl.h> | 75 #include <openssl/ssl.h> |
66 #include <openssl/err.h> | 76 #include <openssl/evp.h> |
| 77 #include <openssl/bn.h> |
| 78 #include <openssl/x509v3.h> |
67 | 79 |
| 80 #if defined(NETWARE_CLIB) |
| 81 # ifdef NETWARE_BSDSOCK |
| 82 # include <sys/socket.h> |
| 83 # include <sys/bsdskt.h> |
| 84 # else |
| 85 # include <novsock2.h> |
| 86 # endif |
| 87 #elif defined(NETWARE_LIBC) |
| 88 # ifdef NETWARE_BSDSOCK |
| 89 # include <sys/select.h> |
| 90 # else |
| 91 # include <novsock2.h> |
| 92 # endif |
| 93 #endif |
| 94 |
68 /* Maximum leeway in validity period: default 5 minutes */ | 95 /* Maximum leeway in validity period: default 5 minutes */ |
69 #define MAX_VALIDITY_PERIOD (5 * 60) | 96 #define MAX_VALIDITY_PERIOD (5 * 60) |
70 | 97 |
71 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, | 98 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_m
d, X509 *issuer, |
72 STACK_OF(OCSP_CERTID) *ids); | 99 STACK_OF(OCSP_CERTID) *ids); |
73 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, | 100 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert
_id_md, X509 *issuer, |
74 STACK_OF(OCSP_CERTID) *ids); | 101 STACK_OF(OCSP_CERTID) *ids); |
75 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, | 102 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, |
76 » » » » STACK *names, STACK_OF(OCSP_CERTID) *ids, | 103 » » » STACK_OF(OPENSSL_STRING) *names, |
77 » » » » long nsec, long maxage); | 104 » » » STACK_OF(OCSP_CERTID) *ids, long nsec, |
| 105 » » » long maxage); |
78 | 106 |
79 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
, | 107 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
, |
80 X509 *ca, X509 *rcert, EVP_PKEY *rkey, | 108 X509 *ca, X509 *rcert, EVP_PKEY *rkey, |
81 STACK_OF(X509) *rother, unsigned long flags, | 109 STACK_OF(X509) *rother, unsigned long flags, |
82 int nmin, int ndays); | 110 int nmin, int ndays); |
83 | 111 |
84 static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); | 112 static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); |
85 static BIO *init_responder(char *port); | 113 static BIO *init_responder(char *port); |
86 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port
); | 114 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port
); |
87 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); | 115 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); |
88 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, | 116 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, |
| 117 STACK_OF(CONF_VALUE) *headers, |
89 OCSP_REQUEST *req, int req_timeout); | 118 OCSP_REQUEST *req, int req_timeout); |
90 | 119 |
91 #undef PROG | 120 #undef PROG |
92 #define PROG ocsp_main | 121 #define PROG ocsp_main |
93 | 122 |
94 int MAIN(int, char **); | 123 int MAIN(int, char **); |
95 | 124 |
96 int MAIN(int argc, char **argv) | 125 int MAIN(int argc, char **argv) |
97 { | 126 { |
98 ENGINE *e = NULL; | 127 ENGINE *e = NULL; |
99 char **args; | 128 char **args; |
100 char *host = NULL, *port = NULL, *path = "/"; | 129 char *host = NULL, *port = NULL, *path = "/"; |
101 char *reqin = NULL, *respin = NULL; | 130 char *reqin = NULL, *respin = NULL; |
102 char *reqout = NULL, *respout = NULL; | 131 char *reqout = NULL, *respout = NULL; |
103 char *signfile = NULL, *keyfile = NULL; | 132 char *signfile = NULL, *keyfile = NULL; |
104 char *rsignfile = NULL, *rkeyfile = NULL; | 133 char *rsignfile = NULL, *rkeyfile = NULL; |
105 char *outfile = NULL; | 134 char *outfile = NULL; |
106 int add_nonce = 1, noverify = 0, use_ssl = -1; | 135 int add_nonce = 1, noverify = 0, use_ssl = -1; |
| 136 STACK_OF(CONF_VALUE) *headers = NULL; |
107 OCSP_REQUEST *req = NULL; | 137 OCSP_REQUEST *req = NULL; |
108 OCSP_RESPONSE *resp = NULL; | 138 OCSP_RESPONSE *resp = NULL; |
109 OCSP_BASICRESP *bs = NULL; | 139 OCSP_BASICRESP *bs = NULL; |
110 X509 *issuer = NULL, *cert = NULL; | 140 X509 *issuer = NULL, *cert = NULL; |
111 X509 *signer = NULL, *rsigner = NULL; | 141 X509 *signer = NULL, *rsigner = NULL; |
112 EVP_PKEY *key = NULL, *rkey = NULL; | 142 EVP_PKEY *key = NULL, *rkey = NULL; |
113 BIO *acbio = NULL, *cbio = NULL; | 143 BIO *acbio = NULL, *cbio = NULL; |
114 BIO *derbio = NULL; | 144 BIO *derbio = NULL; |
115 BIO *out = NULL; | 145 BIO *out = NULL; |
116 int req_timeout = -1; | 146 int req_timeout = -1; |
117 int req_text = 0, resp_text = 0; | 147 int req_text = 0, resp_text = 0; |
118 long nsec = MAX_VALIDITY_PERIOD, maxage = -1; | 148 long nsec = MAX_VALIDITY_PERIOD, maxage = -1; |
119 char *CAfile = NULL, *CApath = NULL; | 149 char *CAfile = NULL, *CApath = NULL; |
120 X509_STORE *store = NULL; | 150 X509_STORE *store = NULL; |
121 STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; | 151 STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; |
122 char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; | 152 char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; |
123 unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; | 153 unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; |
124 int ret = 1; | 154 int ret = 1; |
125 int accept_count = -1; | 155 int accept_count = -1; |
126 int badarg = 0; | 156 int badarg = 0; |
127 int i; | 157 int i; |
128 int ignore_err = 0; | 158 int ignore_err = 0; |
129 » STACK *reqnames = NULL; | 159 » STACK_OF(OPENSSL_STRING) *reqnames = NULL; |
130 STACK_OF(OCSP_CERTID) *ids = NULL; | 160 STACK_OF(OCSP_CERTID) *ids = NULL; |
131 | 161 |
132 X509 *rca_cert = NULL; | 162 X509 *rca_cert = NULL; |
133 char *ridx_filename = NULL; | 163 char *ridx_filename = NULL; |
134 char *rca_filename = NULL; | 164 char *rca_filename = NULL; |
135 CA_DB *rdb = NULL; | 165 CA_DB *rdb = NULL; |
136 int nmin = 0, ndays = -1; | 166 int nmin = 0, ndays = -1; |
| 167 const EVP_MD *cert_id_md = NULL; |
137 | 168 |
138 if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); | 169 if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); |
139 | 170 |
140 if (!load_config(bio_err, NULL)) | 171 if (!load_config(bio_err, NULL)) |
141 goto end; | 172 goto end; |
142 SSL_load_error_strings(); | 173 SSL_load_error_strings(); |
143 OpenSSL_add_ssl_algorithms(); | 174 OpenSSL_add_ssl_algorithms(); |
144 args = argv + 1; | 175 args = argv + 1; |
145 » reqnames = sk_new_null(); | 176 » reqnames = sk_OPENSSL_STRING_new_null(); |
146 ids = sk_OCSP_CERTID_new_null(); | 177 ids = sk_OCSP_CERTID_new_null(); |
147 while (!badarg && *args && *args[0] == '-') | 178 while (!badarg && *args && *args[0] == '-') |
148 { | 179 { |
149 if (!strcmp(*args, "-out")) | 180 if (!strcmp(*args, "-out")) |
150 { | 181 { |
151 if (args[1]) | 182 if (args[1]) |
152 { | 183 { |
153 args++; | 184 args++; |
154 outfile = *args; | 185 outfile = *args; |
155 } | 186 } |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
195 } | 226 } |
196 else if (!strcmp(*args, "-port")) | 227 else if (!strcmp(*args, "-port")) |
197 { | 228 { |
198 if (args[1]) | 229 if (args[1]) |
199 { | 230 { |
200 args++; | 231 args++; |
201 port = *args; | 232 port = *args; |
202 } | 233 } |
203 else badarg = 1; | 234 else badarg = 1; |
204 } | 235 } |
| 236 else if (!strcmp(*args, "-header")) |
| 237 { |
| 238 if (args[1] && args[2]) |
| 239 { |
| 240 if (!X509V3_add_value(args[1], args[2], &headers
)) |
| 241 goto end; |
| 242 args += 2; |
| 243 } |
| 244 else badarg = 1; |
| 245 } |
205 else if (!strcmp(*args, "-ignore_err")) | 246 else if (!strcmp(*args, "-ignore_err")) |
206 ignore_err = 1; | 247 ignore_err = 1; |
207 else if (!strcmp(*args, "-noverify")) | 248 else if (!strcmp(*args, "-noverify")) |
208 noverify = 1; | 249 noverify = 1; |
209 else if (!strcmp(*args, "-nonce")) | 250 else if (!strcmp(*args, "-nonce")) |
210 add_nonce = 2; | 251 add_nonce = 2; |
211 else if (!strcmp(*args, "-no_nonce")) | 252 else if (!strcmp(*args, "-no_nonce")) |
212 add_nonce = 0; | 253 add_nonce = 0; |
213 else if (!strcmp(*args, "-resp_no_certs")) | 254 else if (!strcmp(*args, "-resp_no_certs")) |
214 rflags |= OCSP_NOCERTS; | 255 rflags |= OCSP_NOCERTS; |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
394 } | 435 } |
395 else if (!strcmp (*args, "-cert")) | 436 else if (!strcmp (*args, "-cert")) |
396 { | 437 { |
397 if (args[1]) | 438 if (args[1]) |
398 { | 439 { |
399 args++; | 440 args++; |
400 X509_free(cert); | 441 X509_free(cert); |
401 cert = load_cert(bio_err, *args, FORMAT_PEM, | 442 cert = load_cert(bio_err, *args, FORMAT_PEM, |
402 NULL, e, "certificate"); | 443 NULL, e, "certificate"); |
403 if(!cert) goto end; | 444 if(!cert) goto end; |
404 » » » » if(!add_ocsp_cert(&req, cert, issuer, ids)) | 445 » » » » if (!cert_id_md) cert_id_md = EVP_sha1(); |
| 446 » » » » if(!add_ocsp_cert(&req, cert, cert_id_md, issuer
, ids)) |
405 goto end; | 447 goto end; |
406 » » » » if(!sk_push(reqnames, *args)) | 448 » » » » if(!sk_OPENSSL_STRING_push(reqnames, *args)) |
407 goto end; | 449 goto end; |
408 } | 450 } |
409 else badarg = 1; | 451 else badarg = 1; |
410 } | 452 } |
411 else if (!strcmp(*args, "-serial")) | 453 else if (!strcmp(*args, "-serial")) |
412 { | 454 { |
413 if (args[1]) | 455 if (args[1]) |
414 { | 456 { |
415 args++; | 457 args++; |
416 » » » » if(!add_ocsp_serial(&req, *args, issuer, ids)) | 458 » » » » if (!cert_id_md) cert_id_md = EVP_sha1(); |
| 459 » » » » if(!add_ocsp_serial(&req, *args, cert_id_md, iss
uer, ids)) |
417 goto end; | 460 goto end; |
418 » » » » if(!sk_push(reqnames, *args)) | 461 » » » » if(!sk_OPENSSL_STRING_push(reqnames, *args)) |
419 goto end; | 462 goto end; |
420 } | 463 } |
421 else badarg = 1; | 464 else badarg = 1; |
422 } | 465 } |
423 else if (!strcmp(*args, "-index")) | 466 else if (!strcmp(*args, "-index")) |
424 { | 467 { |
425 if (args[1]) | 468 if (args[1]) |
426 { | 469 { |
427 args++; | 470 args++; |
428 ridx_filename = *args; | 471 ridx_filename = *args; |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
508 } | 551 } |
509 else if (!strcmp(*args, "-rother")) | 552 else if (!strcmp(*args, "-rother")) |
510 { | 553 { |
511 if (args[1]) | 554 if (args[1]) |
512 { | 555 { |
513 args++; | 556 args++; |
514 rcertfile = *args; | 557 rcertfile = *args; |
515 } | 558 } |
516 else badarg = 1; | 559 else badarg = 1; |
517 } | 560 } |
518 » » else badarg = 1; | 561 » » else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL) |
| 562 » » » { |
| 563 » » » badarg = 1; |
| 564 » » » } |
519 args++; | 565 args++; |
520 } | 566 } |
521 | 567 |
522 /* Have we anything to do? */ | 568 /* Have we anything to do? */ |
523 if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1; | 569 if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1; |
524 | 570 |
525 if (badarg) | 571 if (badarg) |
526 { | 572 { |
527 BIO_printf (bio_err, "OCSP utility\n"); | 573 BIO_printf (bio_err, "OCSP utility\n"); |
528 BIO_printf (bio_err, "Usage ocsp [options]\n"); | 574 BIO_printf (bio_err, "Usage ocsp [options]\n"); |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
564 BIO_printf (bio_err, "-index file certificate status inde
x file\n"); | 610 BIO_printf (bio_err, "-index file certificate status inde
x file\n"); |
565 BIO_printf (bio_err, "-CA file CA certificate\n"); | 611 BIO_printf (bio_err, "-CA file CA certificate\n"); |
566 BIO_printf (bio_err, "-rsigner file responder certificate t
o sign responses with\n"); | 612 BIO_printf (bio_err, "-rsigner file responder certificate t
o sign responses with\n"); |
567 BIO_printf (bio_err, "-rkey file responder key to sign r
esponses with\n"); | 613 BIO_printf (bio_err, "-rkey file responder key to sign r
esponses with\n"); |
568 BIO_printf (bio_err, "-rother file other certificates to i
nclude in response\n"); | 614 BIO_printf (bio_err, "-rother file other certificates to i
nclude in response\n"); |
569 BIO_printf (bio_err, "-resp_no_certs don't include any certi
ficates in response\n"); | 615 BIO_printf (bio_err, "-resp_no_certs don't include any certi
ficates in response\n"); |
570 BIO_printf (bio_err, "-nmin n number of minutes befor
e next update\n"); | 616 BIO_printf (bio_err, "-nmin n number of minutes befor
e next update\n"); |
571 BIO_printf (bio_err, "-ndays n number of days before n
ext update\n"); | 617 BIO_printf (bio_err, "-ndays n number of days before n
ext update\n"); |
572 BIO_printf (bio_err, "-resp_key_id identify reponse by sig
ning certificate key ID\n"); | 618 BIO_printf (bio_err, "-resp_key_id identify reponse by sig
ning certificate key ID\n"); |
573 BIO_printf (bio_err, "-nrequest n number of requests to a
ccept (default unlimited)\n"); | 619 BIO_printf (bio_err, "-nrequest n number of requests to a
ccept (default unlimited)\n"); |
| 620 BIO_printf (bio_err, "-<dgst alg> use specified digest in th
e request"); |
574 goto end; | 621 goto end; |
575 } | 622 } |
576 | 623 |
577 if(outfile) out = BIO_new_file(outfile, "w"); | 624 if(outfile) out = BIO_new_file(outfile, "w"); |
578 else out = BIO_new_fp(stdout, BIO_NOCLOSE); | 625 else out = BIO_new_fp(stdout, BIO_NOCLOSE); |
579 | 626 |
580 if(!out) | 627 if(!out) |
581 { | 628 { |
582 BIO_printf(bio_err, "Error opening output file\n"); | 629 BIO_printf(bio_err, "Error opening output file\n"); |
583 goto end; | 630 goto end; |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
670 if (sign_certfile) | 717 if (sign_certfile) |
671 { | 718 { |
672 sign_other = load_certs(bio_err, sign_certfile, FORMAT_P
EM, | 719 sign_other = load_certs(bio_err, sign_certfile, FORMAT_P
EM, |
673 NULL, e, "signer certificates"); | 720 NULL, e, "signer certificates"); |
674 if (!sign_other) goto end; | 721 if (!sign_other) goto end; |
675 } | 722 } |
676 key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, | 723 key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, |
677 "signer private key"); | 724 "signer private key"); |
678 if (!key) | 725 if (!key) |
679 goto end; | 726 goto end; |
680 » » if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other,
sign_flags)) | 727 |
| 728 » » if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_
flags)) |
681 { | 729 { |
682 BIO_printf(bio_err, "Error signing OCSP request\n"); | 730 BIO_printf(bio_err, "Error signing OCSP request\n"); |
683 goto end; | 731 goto end; |
684 } | 732 } |
685 } | 733 } |
686 | 734 |
687 if (req_text && req) OCSP_REQUEST_print(out, req, 0); | 735 if (req_text && req) OCSP_REQUEST_print(out, req, 0); |
688 | 736 |
689 if (reqout) | 737 if (reqout) |
690 { | 738 { |
(...skipping 23 matching lines...) Expand all Loading... |
714 if (rdb) | 762 if (rdb) |
715 { | 763 { |
716 i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
rother, rflags, nmin, ndays); | 764 i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
rother, rflags, nmin, ndays); |
717 if (cbio) | 765 if (cbio) |
718 send_ocsp_response(cbio, resp); | 766 send_ocsp_response(cbio, resp); |
719 } | 767 } |
720 else if (host) | 768 else if (host) |
721 { | 769 { |
722 #ifndef OPENSSL_NO_SOCK | 770 #ifndef OPENSSL_NO_SOCK |
723 resp = process_responder(bio_err, req, host, path, | 771 resp = process_responder(bio_err, req, host, path, |
724 » » » » » » port, use_ssl, req_timeout); | 772 » » » » » port, use_ssl, headers, req_timeout); |
725 if (!resp) | 773 if (!resp) |
726 goto end; | 774 goto end; |
727 #else | 775 #else |
728 BIO_printf(bio_err, "Error creating connect BIO - sockets not su
pported.\n"); | 776 BIO_printf(bio_err, "Error creating connect BIO - sockets not su
pported.\n"); |
729 goto end; | 777 goto end; |
730 #endif | 778 #endif |
731 } | 779 } |
732 else if (respin) | 780 else if (respin) |
733 { | 781 { |
734 derbio = BIO_new_file(respin, "rb"); | 782 derbio = BIO_new_file(respin, "rb"); |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
859 X509_free(cert); | 907 X509_free(cert); |
860 X509_free(rsigner); | 908 X509_free(rsigner); |
861 X509_free(rca_cert); | 909 X509_free(rca_cert); |
862 free_index(rdb); | 910 free_index(rdb); |
863 BIO_free_all(cbio); | 911 BIO_free_all(cbio); |
864 BIO_free_all(acbio); | 912 BIO_free_all(acbio); |
865 BIO_free(out); | 913 BIO_free(out); |
866 OCSP_REQUEST_free(req); | 914 OCSP_REQUEST_free(req); |
867 OCSP_RESPONSE_free(resp); | 915 OCSP_RESPONSE_free(resp); |
868 OCSP_BASICRESP_free(bs); | 916 OCSP_BASICRESP_free(bs); |
869 » sk_free(reqnames); | 917 » sk_OPENSSL_STRING_free(reqnames); |
870 sk_OCSP_CERTID_free(ids); | 918 sk_OCSP_CERTID_free(ids); |
871 sk_X509_pop_free(sign_other, X509_free); | 919 sk_X509_pop_free(sign_other, X509_free); |
872 sk_X509_pop_free(verify_other, X509_free); | 920 sk_X509_pop_free(verify_other, X509_free); |
| 921 sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); |
873 | 922 |
874 if (use_ssl != -1) | 923 if (use_ssl != -1) |
875 { | 924 { |
876 OPENSSL_free(host); | 925 OPENSSL_free(host); |
877 OPENSSL_free(port); | 926 OPENSSL_free(port); |
878 OPENSSL_free(path); | 927 OPENSSL_free(path); |
879 } | 928 } |
880 | 929 |
881 OPENSSL_EXIT(ret); | 930 OPENSSL_EXIT(ret); |
882 } | 931 } |
883 | 932 |
884 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, | 933 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_m
d,X509 *issuer, |
885 STACK_OF(OCSP_CERTID) *ids) | 934 STACK_OF(OCSP_CERTID) *ids) |
886 { | 935 { |
887 OCSP_CERTID *id; | 936 OCSP_CERTID *id; |
888 if(!issuer) | 937 if(!issuer) |
889 { | 938 { |
890 BIO_printf(bio_err, "No issuer certificate specified\n"); | 939 BIO_printf(bio_err, "No issuer certificate specified\n"); |
891 return 0; | 940 return 0; |
892 } | 941 } |
893 if(!*req) *req = OCSP_REQUEST_new(); | 942 if(!*req) *req = OCSP_REQUEST_new(); |
894 if(!*req) goto err; | 943 if(!*req) goto err; |
895 » id = OCSP_cert_to_id(NULL, cert, issuer); | 944 » id = OCSP_cert_to_id(cert_id_md, cert, issuer); |
896 if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; | 945 if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; |
897 if(!OCSP_request_add0_id(*req, id)) goto err; | 946 if(!OCSP_request_add0_id(*req, id)) goto err; |
898 return 1; | 947 return 1; |
899 | 948 |
900 err: | 949 err: |
901 BIO_printf(bio_err, "Error Creating OCSP request\n"); | 950 BIO_printf(bio_err, "Error Creating OCSP request\n"); |
902 return 0; | 951 return 0; |
903 } | 952 } |
904 | 953 |
905 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, | 954 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_i
d_md, X509 *issuer, |
906 STACK_OF(OCSP_CERTID) *ids) | 955 STACK_OF(OCSP_CERTID) *ids) |
907 { | 956 { |
908 OCSP_CERTID *id; | 957 OCSP_CERTID *id; |
909 X509_NAME *iname; | 958 X509_NAME *iname; |
910 ASN1_BIT_STRING *ikey; | 959 ASN1_BIT_STRING *ikey; |
911 ASN1_INTEGER *sno; | 960 ASN1_INTEGER *sno; |
912 if(!issuer) | 961 if(!issuer) |
913 { | 962 { |
914 BIO_printf(bio_err, "No issuer certificate specified\n"); | 963 BIO_printf(bio_err, "No issuer certificate specified\n"); |
915 return 0; | 964 return 0; |
916 } | 965 } |
917 if(!*req) *req = OCSP_REQUEST_new(); | 966 if(!*req) *req = OCSP_REQUEST_new(); |
918 if(!*req) goto err; | 967 if(!*req) goto err; |
919 iname = X509_get_subject_name(issuer); | 968 iname = X509_get_subject_name(issuer); |
920 ikey = X509_get0_pubkey_bitstr(issuer); | 969 ikey = X509_get0_pubkey_bitstr(issuer); |
921 sno = s2i_ASN1_INTEGER(NULL, serial); | 970 sno = s2i_ASN1_INTEGER(NULL, serial); |
922 if(!sno) | 971 if(!sno) |
923 { | 972 { |
924 BIO_printf(bio_err, "Error converting serial number %s\n", seria
l); | 973 BIO_printf(bio_err, "Error converting serial number %s\n", seria
l); |
925 return 0; | 974 return 0; |
926 } | 975 } |
927 » id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno); | 976 » id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno); |
928 ASN1_INTEGER_free(sno); | 977 ASN1_INTEGER_free(sno); |
929 if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; | 978 if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; |
930 if(!OCSP_request_add0_id(*req, id)) goto err; | 979 if(!OCSP_request_add0_id(*req, id)) goto err; |
931 return 1; | 980 return 1; |
932 | 981 |
933 err: | 982 err: |
934 BIO_printf(bio_err, "Error Creating OCSP request\n"); | 983 BIO_printf(bio_err, "Error Creating OCSP request\n"); |
935 return 0; | 984 return 0; |
936 } | 985 } |
937 | 986 |
938 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, | 987 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, |
939 » » » » » STACK *names, STACK_OF(OCSP_CERTID) *ids
, | 988 » » » STACK_OF(OPENSSL_STRING) *names, |
940 » » » » » long nsec, long maxage) | 989 » » » STACK_OF(OCSP_CERTID) *ids, long nsec, |
| 990 » » » long maxage) |
941 { | 991 { |
942 OCSP_CERTID *id; | 992 OCSP_CERTID *id; |
943 char *name; | 993 char *name; |
944 int i; | 994 int i; |
945 | 995 |
946 int status, reason; | 996 int status, reason; |
947 | 997 |
948 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; | 998 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; |
949 | 999 |
950 » if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids)) | 1000 » if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(
ids)) |
951 return 1; | 1001 return 1; |
952 | 1002 |
953 for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) | 1003 for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) |
954 { | 1004 { |
955 id = sk_OCSP_CERTID_value(ids, i); | 1005 id = sk_OCSP_CERTID_value(ids, i); |
956 » » name = sk_value(names, i); | 1006 » » name = sk_OPENSSL_STRING_value(names, i); |
957 BIO_printf(out, "%s: ", name); | 1007 BIO_printf(out, "%s: ", name); |
958 | 1008 |
959 if(!OCSP_resp_find_status(bs, id, &status, &reason, | 1009 if(!OCSP_resp_find_status(bs, id, &status, &reason, |
960 &rev, &thisupd, &nextupd)) | 1010 &rev, &thisupd, &nextupd)) |
961 { | 1011 { |
962 BIO_puts(out, "ERROR: No Status found.\n"); | 1012 BIO_puts(out, "ERROR: No Status found.\n"); |
963 continue; | 1013 continue; |
964 } | 1014 } |
965 | 1015 |
966 /* Check validity: if invalid write to output BIO so we | 1016 /* Check validity: if invalid write to output BIO so we |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1003 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
, | 1053 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
, |
1004 X509 *ca, X509 *rcert, EVP_PKEY *rkey, | 1054 X509 *ca, X509 *rcert, EVP_PKEY *rkey, |
1005 STACK_OF(X509) *rother, unsigned long flags, | 1055 STACK_OF(X509) *rother, unsigned long flags, |
1006 int nmin, int ndays) | 1056 int nmin, int ndays) |
1007 { | 1057 { |
1008 ASN1_TIME *thisupd = NULL, *nextupd = NULL; | 1058 ASN1_TIME *thisupd = NULL, *nextupd = NULL; |
1009 OCSP_CERTID *cid, *ca_id = NULL; | 1059 OCSP_CERTID *cid, *ca_id = NULL; |
1010 OCSP_BASICRESP *bs = NULL; | 1060 OCSP_BASICRESP *bs = NULL; |
1011 int i, id_count, ret = 1; | 1061 int i, id_count, ret = 1; |
1012 | 1062 |
1013 | |
1014 id_count = OCSP_request_onereq_count(req); | 1063 id_count = OCSP_request_onereq_count(req); |
1015 | 1064 |
1016 if (id_count <= 0) | 1065 if (id_count <= 0) |
1017 { | 1066 { |
1018 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUE
ST, NULL); | 1067 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUE
ST, NULL); |
1019 goto end; | 1068 goto end; |
1020 } | 1069 } |
1021 | 1070 |
1022 ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca); | |
1023 | 1071 |
1024 bs = OCSP_BASICRESP_new(); | 1072 bs = OCSP_BASICRESP_new(); |
1025 thisupd = X509_gmtime_adj(NULL, 0); | 1073 thisupd = X509_gmtime_adj(NULL, 0); |
1026 if (ndays != -1) | 1074 if (ndays != -1) |
1027 nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 ); | 1075 nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 ); |
1028 | 1076 |
1029 /* Examine each certificate id in the request */ | 1077 /* Examine each certificate id in the request */ |
1030 for (i = 0; i < id_count; i++) | 1078 for (i = 0; i < id_count; i++) |
1031 { | 1079 { |
1032 OCSP_ONEREQ *one; | 1080 OCSP_ONEREQ *one; |
1033 ASN1_INTEGER *serial; | 1081 ASN1_INTEGER *serial; |
1034 char **inf; | 1082 char **inf; |
| 1083 ASN1_OBJECT *cert_id_md_oid; |
| 1084 const EVP_MD *cert_id_md; |
1035 one = OCSP_request_onereq_get0(req, i); | 1085 one = OCSP_request_onereq_get0(req, i); |
1036 cid = OCSP_onereq_get0_id(one); | 1086 cid = OCSP_onereq_get0_id(one); |
| 1087 |
| 1088 OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid); |
| 1089 |
| 1090 cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); |
| 1091 if (! cert_id_md) |
| 1092 { |
| 1093 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERN
ALERROR, |
| 1094 NULL); |
| 1095 goto end; |
| 1096 } |
| 1097 if (ca_id) OCSP_CERTID_free(ca_id); |
| 1098 ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca); |
| 1099 |
1037 /* Is this request about our CA? */ | 1100 /* Is this request about our CA? */ |
1038 if (OCSP_id_issuer_cmp(ca_id, cid)) | 1101 if (OCSP_id_issuer_cmp(ca_id, cid)) |
1039 { | 1102 { |
1040 OCSP_basic_add1_status(bs, cid, | 1103 OCSP_basic_add1_status(bs, cid, |
1041 V_OCSP_CERTSTATUS_UNKNOWN, | 1104 V_OCSP_CERTSTATUS_UNKNOWN, |
1042 0, NULL, | 1105 0, NULL, |
1043 thisupd, nextupd); | 1106 thisupd, nextupd); |
1044 continue; | 1107 continue; |
1045 } | 1108 } |
1046 OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); | 1109 OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); |
(...skipping 24 matching lines...) Expand all Loading... |
1071 OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalid
ity_date, invtm, 0, 0); | 1134 OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalid
ity_date, invtm, 0, 0); |
1072 else if (inst) | 1135 else if (inst) |
1073 OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_in
struction_code, inst, 0, 0); | 1136 OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_in
struction_code, inst, 0, 0); |
1074 ASN1_OBJECT_free(inst); | 1137 ASN1_OBJECT_free(inst); |
1075 ASN1_TIME_free(revtm); | 1138 ASN1_TIME_free(revtm); |
1076 ASN1_GENERALIZEDTIME_free(invtm); | 1139 ASN1_GENERALIZEDTIME_free(invtm); |
1077 } | 1140 } |
1078 } | 1141 } |
1079 | 1142 |
1080 OCSP_copy_nonce(bs, req); | 1143 OCSP_copy_nonce(bs, req); |
1081 » » | 1144 » |
1082 » OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags); | 1145 » OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); |
1083 | 1146 |
1084 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); | 1147 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); |
1085 | 1148 |
1086 end: | 1149 end: |
1087 ASN1_TIME_free(thisupd); | 1150 ASN1_TIME_free(thisupd); |
1088 ASN1_TIME_free(nextupd); | 1151 ASN1_TIME_free(nextupd); |
1089 OCSP_CERTID_free(ca_id); | 1152 OCSP_CERTID_free(ca_id); |
1090 OCSP_BASICRESP_free(bs); | 1153 OCSP_BASICRESP_free(bs); |
1091 return ret; | 1154 return ret; |
1092 | 1155 |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1204 "Content-Length: %d\r\n\r\n"; | 1267 "Content-Length: %d\r\n\r\n"; |
1205 if (!cbio) | 1268 if (!cbio) |
1206 return 0; | 1269 return 0; |
1207 BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); | 1270 BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); |
1208 i2d_OCSP_RESPONSE_bio(cbio, resp); | 1271 i2d_OCSP_RESPONSE_bio(cbio, resp); |
1209 (void)BIO_flush(cbio); | 1272 (void)BIO_flush(cbio); |
1210 return 1; | 1273 return 1; |
1211 } | 1274 } |
1212 | 1275 |
1213 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, | 1276 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, |
| 1277 STACK_OF(CONF_VALUE) *headers, |
1214 OCSP_REQUEST *req, int req_timeout) | 1278 OCSP_REQUEST *req, int req_timeout) |
1215 { | 1279 { |
1216 int fd; | 1280 int fd; |
1217 int rv; | 1281 int rv; |
| 1282 int i; |
1218 OCSP_REQ_CTX *ctx = NULL; | 1283 OCSP_REQ_CTX *ctx = NULL; |
1219 OCSP_RESPONSE *rsp = NULL; | 1284 OCSP_RESPONSE *rsp = NULL; |
1220 fd_set confds; | 1285 fd_set confds; |
1221 struct timeval tv; | 1286 struct timeval tv; |
1222 | 1287 |
1223 if (req_timeout != -1) | 1288 if (req_timeout != -1) |
1224 BIO_set_nbio(cbio, 1); | 1289 BIO_set_nbio(cbio, 1); |
1225 | 1290 |
1226 rv = BIO_do_connect(cbio); | 1291 rv = BIO_do_connect(cbio); |
1227 | 1292 |
1228 if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) | 1293 if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) |
1229 { | 1294 { |
1230 BIO_puts(err, "Error connecting BIO\n"); | 1295 BIO_puts(err, "Error connecting BIO\n"); |
1231 return NULL; | 1296 return NULL; |
1232 } | 1297 } |
1233 | 1298 |
1234 if (req_timeout == -1) | |
1235 return OCSP_sendreq_bio(cbio, path, req); | |
1236 | |
1237 if (BIO_get_fd(cbio, &fd) <= 0) | 1299 if (BIO_get_fd(cbio, &fd) <= 0) |
1238 { | 1300 { |
1239 BIO_puts(err, "Can't get connection fd\n"); | 1301 BIO_puts(err, "Can't get connection fd\n"); |
1240 goto err; | 1302 goto err; |
1241 } | 1303 } |
1242 | 1304 |
1243 » if (rv <= 0) | 1305 » if (req_timeout != -1 && rv <= 0) |
1244 { | 1306 { |
1245 FD_ZERO(&confds); | 1307 FD_ZERO(&confds); |
1246 openssl_fdset(fd, &confds); | 1308 openssl_fdset(fd, &confds); |
1247 tv.tv_usec = 0; | 1309 tv.tv_usec = 0; |
1248 tv.tv_sec = req_timeout; | 1310 tv.tv_sec = req_timeout; |
1249 rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); | 1311 rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); |
1250 if (rv == 0) | 1312 if (rv == 0) |
1251 { | 1313 { |
1252 BIO_puts(err, "Timeout on connect\n"); | 1314 BIO_puts(err, "Timeout on connect\n"); |
1253 return NULL; | 1315 return NULL; |
1254 } | 1316 } |
1255 } | 1317 } |
1256 | 1318 |
1257 | 1319 |
1258 » ctx = OCSP_sendreq_new(cbio, path, req, -1); | 1320 » ctx = OCSP_sendreq_new(cbio, path, NULL, -1); |
1259 if (!ctx) | 1321 if (!ctx) |
1260 return NULL; | 1322 return NULL; |
| 1323 |
| 1324 for (i = 0; i < sk_CONF_VALUE_num(headers); i++) |
| 1325 { |
| 1326 CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i); |
| 1327 if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value)) |
| 1328 goto err; |
| 1329 } |
| 1330 |
| 1331 if (!OCSP_REQ_CTX_set1_req(ctx, req)) |
| 1332 goto err; |
1261 | 1333 |
1262 for (;;) | 1334 for (;;) |
1263 { | 1335 { |
1264 rv = OCSP_sendreq_nbio(&rsp, ctx); | 1336 rv = OCSP_sendreq_nbio(&rsp, ctx); |
1265 if (rv != -1) | 1337 if (rv != -1) |
1266 break; | 1338 break; |
| 1339 if (req_timeout == -1) |
| 1340 continue; |
1267 FD_ZERO(&confds); | 1341 FD_ZERO(&confds); |
1268 openssl_fdset(fd, &confds); | 1342 openssl_fdset(fd, &confds); |
1269 tv.tv_usec = 0; | 1343 tv.tv_usec = 0; |
1270 tv.tv_sec = req_timeout; | 1344 tv.tv_sec = req_timeout; |
1271 if (BIO_should_read(cbio)) | 1345 if (BIO_should_read(cbio)) |
1272 rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); | 1346 rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); |
1273 else if (BIO_should_write(cbio)) | 1347 else if (BIO_should_write(cbio)) |
1274 rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); | 1348 rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); |
1275 else | 1349 else |
1276 { | 1350 { |
1277 BIO_puts(err, "Unexpected retry condition\n"); | 1351 BIO_puts(err, "Unexpected retry condition\n"); |
1278 goto err; | 1352 goto err; |
1279 } | 1353 } |
1280 if (rv == 0) | 1354 if (rv == 0) |
1281 { | 1355 { |
1282 BIO_puts(err, "Timeout on request\n"); | 1356 BIO_puts(err, "Timeout on request\n"); |
1283 break; | 1357 break; |
1284 } | 1358 } |
1285 if (rv == -1) | 1359 if (rv == -1) |
1286 { | 1360 { |
1287 BIO_puts(err, "Select error\n"); | 1361 BIO_puts(err, "Select error\n"); |
1288 break; | 1362 break; |
1289 } | 1363 } |
1290 » » » | 1364 |
1291 } | 1365 } |
1292 err: | 1366 err: |
1293 if (ctx) | 1367 if (ctx) |
1294 OCSP_REQ_CTX_free(ctx); | 1368 OCSP_REQ_CTX_free(ctx); |
1295 | 1369 |
1296 return rsp; | 1370 return rsp; |
1297 } | 1371 } |
1298 | 1372 |
1299 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, | 1373 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, |
1300 char *host, char *path, char *port, int use_ssl, | 1374 char *host, char *path, char *port, int use_ssl, |
| 1375 STACK_OF(CONF_VALUE) *headers, |
1301 int req_timeout) | 1376 int req_timeout) |
1302 { | 1377 { |
1303 BIO *cbio = NULL; | 1378 BIO *cbio = NULL; |
1304 SSL_CTX *ctx = NULL; | 1379 SSL_CTX *ctx = NULL; |
1305 OCSP_RESPONSE *resp = NULL; | 1380 OCSP_RESPONSE *resp = NULL; |
1306 cbio = BIO_new_connect(host); | 1381 cbio = BIO_new_connect(host); |
1307 if (!cbio) | 1382 if (!cbio) |
1308 { | 1383 { |
1309 BIO_printf(err, "Error creating connect BIO\n"); | 1384 BIO_printf(err, "Error creating connect BIO\n"); |
1310 goto end; | 1385 goto end; |
(...skipping 14 matching lines...) Expand all Loading... |
1325 #endif | 1400 #endif |
1326 if (ctx == NULL) | 1401 if (ctx == NULL) |
1327 { | 1402 { |
1328 BIO_printf(err, "Error creating SSL context.\n"); | 1403 BIO_printf(err, "Error creating SSL context.\n"); |
1329 goto end; | 1404 goto end; |
1330 } | 1405 } |
1331 SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); | 1406 SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); |
1332 sbio = BIO_new_ssl(ctx, 1); | 1407 sbio = BIO_new_ssl(ctx, 1); |
1333 cbio = BIO_push(sbio, cbio); | 1408 cbio = BIO_push(sbio, cbio); |
1334 } | 1409 } |
1335 » resp = query_responder(err, cbio, path, req, req_timeout); | 1410 » resp = query_responder(err, cbio, path, headers, req, req_timeout); |
1336 if (!resp) | 1411 if (!resp) |
1337 BIO_printf(bio_err, "Error querying OCSP responsder\n"); | 1412 BIO_printf(bio_err, "Error querying OCSP responsder\n"); |
1338 end: | 1413 end: |
| 1414 if (cbio) |
| 1415 BIO_free_all(cbio); |
1339 if (ctx) | 1416 if (ctx) |
1340 SSL_CTX_free(ctx); | 1417 SSL_CTX_free(ctx); |
1341 if (cbio) | |
1342 BIO_free_all(cbio); | |
1343 return resp; | 1418 return resp; |
1344 } | 1419 } |
1345 | 1420 |
1346 #endif | 1421 #endif |
OLD | NEW |