summaryrefslogtreecommitdiffstats
path: root/apps/ocsp.c
AgeCommit message (Collapse)Author
2020-04-21Update copyright yearMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2020-04-12Don't compile commands if disabledRich Salz
Rather than wrapping whole files in "ifndef OPENSSL_NO_xxx" we handle the changes in build.info Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11518)
2019-11-29apps/ocsp.c: sock_timeout -> socket_timeoutRichard Levitte
It appears that 'sock_timeout' is defined at least with DJGPP, so we rename our symbol and hope the new name isn't taken. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10515) (cherry picked from commit e9b95e42fbae668cb605287fa462a0d5f58b9caf)
2019-07-16Actually silently ignore GET / OCSP requestsViktor Dukhovni
Reviewed-by: Matt Caswell <matt@openssl.org>
2019-03-28Add some checks of OCSP functionsDmitry Belyavskiy
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8308) (cherry picked from commit 72b89b8e201d17dea0219b4b92df7af7e17f183a)
2019-02-26Update copyright yearMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8347)
2019-02-11apps/ocsp.c Use the same HAVE_FORK / NO_FORK as in speed.cRichard Levitte
This allows the user to override our defaults if needed, and in a consistent manner. Partial fix for #7607 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7624) (cherry picked from commit ca811248d838058c13236a6c3b688e0ac98c02c8)
2019-01-24Cleanup vxworks support to be able to compile for VxWorks 7Klotz, Tobias
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7569) (cherry picked from commit 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308)
2018-12-22Coverity fix in apps/oscpFdaSilvaYY
CID 1440002 (#1 of 1): Use after free (USE_AFTER_FREE) Not a deadly error, because error was just before app exit. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7359) (cherry picked from commit 39fc4c17c49d248e0757bac9aa8863d205c7ad12)
2018-10-02Fix a mem leak in the ocsp appMatt Caswell
Free memory allocated in the parent process that is not needed in the child. We also free it in the parent. Technically this isn't really required since we end up calling exit() soon afterwards - but to prevent false positives we free it anyway. Fixes a Coverity issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7335) (cherry picked from commit c20a76f695922f409c316399f7290530f7728f19)
2018-04-19Fix ocsp app exit codeMatt Caswell
If we run the ocsp command line app and the responder returns a non-successful status code then the app should exit with a failure code. Based on an original patch by Tatsuhiro Tsujikawa. Fixes #2387 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5998)
2018-04-18Add missing index_index() when reloading OCSP responderViktor Dukhovni
Also, future-proof index_index() return codes by requiring success to return a positive value. Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-03-22Don't call strsignal, just print the signal number.Pauli
The strsignal call is not supported by some machines, so avoid its use. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5658)
2018-03-21aix compat fixes for ocsp.cEric Covener
WCOREDUMP and vsyslog are not portable Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5657)
2018-03-20Fix the OCSP responder modeMatt Caswell
Broken by commit 3e3c7c36. Fixes #5681 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5688)
2018-03-19Fix no-posix-io compile failureMatt Caswell
The fix in conf_include_test.c seems to be required because some compilers give an error if you give an empty string for the second argument to strpbrk(). It doesn't really make sense to send an empty string for this argument anyway, so make sure it has at least one character in it. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5666)
2018-03-08Make OCSP "multi" compatible with "no-sock" builds.Viktor Dukhovni
Reviewed-by: Matt Caswell <matt@openssl.org>
2018-03-07Implement multi-process OCSP responder.Viktor Dukhovni
With "-multi" the OCSP responder forks multiple child processes, and respawns them as needed. This can be used as a long-running service, not just a demo program. Therefore the index file is automatically re-read when changed. The responder also now optionally times out client requests. Reviewed-by: Matt Caswell <matt@openssl.org>
2018-03-07Prepare to detect index changes in OCSP responder.Viktor Dukhovni
Retain open file handle and previous stat data for the CA index file, enabling detection and index reload (upcoming commit). Check requirements before entering accept loop. Reviewed-by: Matt Caswell <matt@openssl.org>
2018-02-01ocsp.c doesn't free the whole output chain, maybe causing a memory leakRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5224)
2018-01-31apps: Don't include progs.h in apps.hRichard Levitte
Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines, but rather the main commands and their options, and there's no reason why the library modules should include it. So, remove the inclusion of progs.h from apps.h and add that inclusion in all command source files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5222)
2018-01-24Make editorial changes suggested by Matt Caswell and fixed Travis failures.David Cooper
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
2018-01-24Make editorial changes suggested by Rich Salz and add the -rsigopt option to ↵David Cooper
the man page for the ocsp command. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
2018-01-24Add -rsigopt option to ocsp commandDavid Cooper
Add a -rsigopt option to the ocsp command that allows signature parameters to be provided for the signing of OCSP responses. The parameters that may be provided to -rsigopt are the same as may be provided to -sigopt in the ca, req, and x509 commands. This PR also defines a OCSP_basic_sign_ctx() function, which functions in the same way as OCSP_basic_sign(), except that it accepts a EVP_MD_CTX rather than a key and digest. The OCSP_basic_sign_ctx() function is used to implement the -rsigopt option in the ocsp command. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
2018-01-09Update copyright years on all files merged since Jan 1st 2018Richard Levitte
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5038)
2018-01-07Remove remaining NETWARE ifdef'sRich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5028)
2017-12-07Consistent formatting for sizeof(foo)Rich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4872)
2017-11-11Many spelling fixes/typo's corrected.Josh Soref
Around 138 distinct errors found and fixed; thanks! Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3459)
2017-10-18Remove parentheses of return.KaoruToda
Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
2017-08-22(Re)move some things from e_os.hRich Salz
Remove GETPID_IS_MEANINGLESS and osslargused. Move socket-related things to new file internal/sockets.h; this is now only needed by four(!!!) files. Compiles should be a bit faster. Remove USE_SOCKETS ifdef's Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4209)
2017-08-11Clarify CLI OCSP documentationJohannes Bauer
This fixes issue #3043, which ultimately was reported because documentation was not clear on the meaning of the "-ignore_err" option. Update both command line documentation and add this option to manpage. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4143)
2017-06-12Clean up a bundle of codingstyle stuff in apps directoryPaul Yang
Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
2017-04-12OCSP Updates: error codes and multiple certificatesTodd Short
RT3877: Add X509 OCSP error codes and messages Add additional OCSP error codes for X509 verify usage RT3867: Support Multiple CA certs in ocsp app Add the ability to read multiple CA certs from a single file in the ocsp app. Update some missing X509 errors in documentation. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/941)
2016-10-14Constify command optionsFdaSilvaYY
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1694)
2016-09-19Fix various missing option help messages ...FdaSilvaYY
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1585)
2016-08-17Constify char* input parameters in apps codeFdaSilvaYY
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17Corrupt signature in place.Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-16Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().Dr. Stephen Henson
Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25Typo and comment fixFdaSilvaYY
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1301)
2016-06-16Spelling fixesFdaSilvaYY
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1219)
2016-05-17Copyright consolidation 01/10Rich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-12Correctly check for trailing digest options.Dr. Stephen Henson
Multiple digest options to the ocsp utility are allowed: e.g. to use different digests for different certificate IDs. A digest option without a following certificate is however illegal. RT#4215 Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-04GH932: Add more help messages to some apps options.FdaSilvaYY
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20Fix no-sock on WindowsMatt Caswell
Link errors were occurring on Windows because the header files were not correctly guarding some functions with OPENSSL_NO_SOCK Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-18Make string_to_hex/hex_to_string publicRich Salz
Give the API new names, document it. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-06Fix no-ocspMatt Caswell
Misc fixes for no-ocsp Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-21Fix no-sockMatt Caswell
Misc fixes for no-sock Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22Remove unused parameters from internal functionsRich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-20argv was set but unusedKurt Roeckx
Also gives an error message when you gave it a parameter it didn't expect. Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2009
2016-02-18GH681: More command help cleanupRich Salz
enc: - typo in -base64 option - missing help opt text ocsp, req, rsautl, s_client: - missing help opt text Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 06:04:44 +0000