diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-03-05 14:40:02 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-03-07 11:03:01 -0500 |
commit | c7d5ea2670c2f2ce855b099a14ca2c218661ad3f (patch) | |
tree | 425e06b49ad9e7494aa2077c4e29a9625647f963 /apps/ocsp.c | |
parent | 61ab6919183fe804f3ed5cf26fcc121a4ecbb6af (diff) |
Prepare to detect index changes in OCSP responder.
Retain open file handle and previous stat data for the CA index
file, enabling detection and index reload (upcoming commit).
Check requirements before entering accept loop.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'apps/ocsp.c')
-rw-r--r-- | apps/ocsp.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index bd16a5b869..0f2690030d 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -514,6 +514,21 @@ int ocsp_main(int argc, char **argv) if (rkey == NULL) goto end; } + + if (ridx_filename && (!rkey || !rsigner || !rca_cert)) { + BIO_printf(bio_err, + "Responder mode requires certificate, key, and CA.\n"); + goto end; + } + + if (ridx_filename) { + rdb = load_index(ridx_filename, NULL); + if (!rdb || !index_index(rdb)) { + ret = 1; + goto end; + } + } + if (acbio != NULL) BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); @@ -577,21 +592,6 @@ redo_accept: BIO_free(derbio); } - if (ridx_filename != NULL - && (rkey == NULL || rsigner == NULL || rca_cert == NULL)) { - BIO_printf(bio_err, - "Need a responder certificate, key and CA for this operation!\n"); - goto end; - } - - if (ridx_filename != NULL && rdb == NULL) { - rdb = load_index(ridx_filename, NULL); - if (rdb == NULL) - goto end; - if (!index_index(rdb)) - goto end; - } - if (rdb != NULL) { make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey, rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, badsig); |