diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-09 16:21:46 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-09 16:21:46 +0000 |
| commit | 1e8b9e7e69c694806695121ff6fb511028442309 (patch) | |
| tree | 707419068164678192dd138708b37468a80b66b2 /apps/ocsp.c | |
| parent | d372d365928360a4806017ac80acad3bcc2db81d (diff) | |
add -badsig option to ocsp utility too.
Diffstat (limited to 'apps/ocsp.c')
| -rw-r--r-- | apps/ocsp.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index ce9bfa52d6..16aa23b6f6 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -107,7 +107,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, X509 *ca, X509 *rcert, EVP_PKEY *rkey, STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays); + int nmin, int ndays, int badsig); static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(char *port); @@ -154,6 +154,7 @@ int MAIN(int argc, char **argv) int ret = 1; int accept_count = -1; int badarg = 0; + int badsig = 0; int i; int ignore_err = 0; STACK_OF(OPENSSL_STRING) *reqnames = NULL; @@ -271,6 +272,8 @@ int MAIN(int argc, char **argv) verify_flags |= OCSP_TRUSTOTHER; else if (!strcmp(*args, "-no_intern")) verify_flags |= OCSP_NOINTERN; + else if (!strcmp(*args, "-badsig")) + badsig = 1; else if (!strcmp(*args, "-text")) { req_text = 1; @@ -761,7 +764,7 @@ int MAIN(int argc, char **argv) if (rdb) { - i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays); + i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays, badsig); if (cbio) send_ocsp_response(cbio, resp); } @@ -1053,7 +1056,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, X509 *ca, X509 *rcert, EVP_PKEY *rkey, STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays) + int nmin, int ndays, int badsig) { ASN1_TIME *thisupd = NULL, *nextupd = NULL; OCSP_CERTID *cid, *ca_id = NULL; @@ -1144,6 +1147,9 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); + if (badsig) + bs->signature->data[bs->signature->length -1] ^= 0x1; + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); end: |