version 1.16, 2020/09/09 12:53:42 |
version 1.17, 2020/09/09 13:04:23 |
|
|
#define MAX_VALIDITY_PERIOD (5 * 60) |
#define MAX_VALIDITY_PERIOD (5 * 60) |
|
|
static int |
static int |
add_ocsp_cert(OCSP_REQUEST ** req, X509 * cert, const EVP_MD * cert_id_md, X509 * issuer, |
add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, |
STACK_OF(OCSP_CERTID) * ids); |
STACK_OF(OCSP_CERTID) *ids); |
static int add_ocsp_serial(OCSP_REQUEST ** req, char *serial, const EVP_MD * cert_id_md, X509 * issuer, |
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD *cert_id_md, X509 *issuer, |
STACK_OF(OCSP_CERTID) * ids); |
STACK_OF(OCSP_CERTID) *ids); |
static int print_ocsp_summary(BIO * out, OCSP_BASICRESP * bs, OCSP_REQUEST * req, |
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, |
STACK_OF(OPENSSL_STRING) * names, |
STACK_OF(OPENSSL_STRING) *names, |
STACK_OF(OCSP_CERTID) * ids, long nsec, |
STACK_OF(OCSP_CERTID) *ids, long nsec, |
long maxage); |
long maxage); |
|
|
static int make_ocsp_response(OCSP_RESPONSE ** resp, OCSP_REQUEST * req, CA_DB * db, |
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, |
X509 * ca, X509 * rcert, EVP_PKEY * rkey, |
X509 *ca, X509 *rcert, EVP_PKEY *rkey, |
STACK_OF(X509) * rother, unsigned long flags, |
STACK_OF(X509) *rother, unsigned long flags, |
int nmin, int ndays); |
int nmin, int ndays); |
|
|
static char **lookup_serial(CA_DB * db, ASN1_INTEGER * ser); |
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); |
static BIO *init_responder(char *port); |
static BIO *init_responder(char *port); |
static int do_responder(OCSP_REQUEST ** preq, BIO ** pcbio, BIO * acbio, char *port); |
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); |
static int send_ocsp_response(BIO * cbio, OCSP_RESPONSE * resp); |
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); |
static OCSP_RESPONSE *query_responder(BIO * err, BIO * cbio, char *path, |
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, |
STACK_OF(CONF_VALUE) * headers, |
STACK_OF(CONF_VALUE) *headers, |
OCSP_REQUEST * req, int req_timeout); |
OCSP_REQUEST *req, int req_timeout); |
|
|
static struct { |
static struct { |
int accept_count; |
int accept_count; |
|
|
char *CApath; |
char *CApath; |
X509 *cert; |
X509 *cert; |
const EVP_MD *cert_id_md; |
const EVP_MD *cert_id_md; |
STACK_OF(CONF_VALUE) * headers; |
STACK_OF(CONF_VALUE) *headers; |
char *host; |
char *host; |
STACK_OF(OCSP_CERTID) * ids; |
STACK_OF(OCSP_CERTID) *ids; |
int ignore_err; |
int ignore_err; |
X509 *issuer; |
X509 *issuer; |
char *keyfile; |
char *keyfile; |
|
|
int req_text; |
int req_text; |
int req_timeout; |
int req_timeout; |
char *reqin; |
char *reqin; |
STACK_OF(OPENSSL_STRING) * reqnames; |
STACK_OF(OPENSSL_STRING) *reqnames; |
char *reqout; |
char *reqout; |
int resp_text; |
int resp_text; |
char *respin; |
char *respin; |
|
|
BIO *derbio = NULL; |
BIO *derbio = NULL; |
BIO *out = NULL; |
BIO *out = NULL; |
X509_STORE *store = NULL; |
X509_STORE *store = NULL; |
STACK_OF(X509) * sign_other = NULL, *verify_other = NULL, *rother = NULL; |
STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; |
int ret = 1; |
int ret = 1; |
int badarg = 0; |
int badarg = 0; |
int i; |
int i; |
|
|
} |
} |
|
|
static int |
static int |
add_ocsp_cert(OCSP_REQUEST ** req, X509 * cert, const EVP_MD * cert_id_md, X509 * issuer, |
add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, |
STACK_OF(OCSP_CERTID) * ids) |
STACK_OF(OCSP_CERTID) *ids) |
{ |
{ |
OCSP_CERTID *id; |
OCSP_CERTID *id; |
if (!issuer) { |
if (!issuer) { |
|
|
} |
} |
|
|
static int |
static int |
add_ocsp_serial(OCSP_REQUEST ** req, char *serial, const EVP_MD * cert_id_md, X509 * issuer, |
add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD *cert_id_md, X509 *issuer, |
STACK_OF(OCSP_CERTID) * ids) |
STACK_OF(OCSP_CERTID) *ids) |
{ |
{ |
OCSP_CERTID *id; |
OCSP_CERTID *id; |
X509_NAME *iname; |
X509_NAME *iname; |
|
|
} |
} |
|
|
static int |
static int |
print_ocsp_summary(BIO * out, OCSP_BASICRESP * bs, OCSP_REQUEST * req, |
print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, |
STACK_OF(OPENSSL_STRING) * names, |
STACK_OF(OPENSSL_STRING) *names, |
STACK_OF(OCSP_CERTID) * ids, long nsec, |
STACK_OF(OCSP_CERTID) *ids, long nsec, |
long maxage) |
long maxage) |
{ |
{ |
OCSP_CERTID *id; |
OCSP_CERTID *id; |
|
|
|
|
|
|
static int |
static int |
make_ocsp_response(OCSP_RESPONSE ** resp, OCSP_REQUEST * req, CA_DB * db, |
make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, |
X509 * ca, X509 * rcert, EVP_PKEY * rkey, |
X509 *ca, X509 *rcert, EVP_PKEY *rkey, |
STACK_OF(X509) * rother, unsigned long flags, |
STACK_OF(X509) *rother, unsigned long flags, |
int nmin, int ndays) |
int nmin, int ndays) |
{ |
{ |
ASN1_TIME *thisupd = NULL, *nextupd = NULL; |
ASN1_TIME *thisupd = NULL, *nextupd = NULL; |
|
|
} |
} |
|
|
static char ** |
static char ** |
lookup_serial(CA_DB * db, ASN1_INTEGER * ser) |
lookup_serial(CA_DB *db, ASN1_INTEGER *ser) |
{ |
{ |
int i; |
int i; |
BIGNUM *bn = NULL; |
BIGNUM *bn = NULL; |
|
|
} |
} |
|
|
static int |
static int |
do_responder(OCSP_REQUEST ** preq, BIO ** pcbio, BIO * acbio, char *port) |
do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port) |
{ |
{ |
int have_post = 0, len; |
int have_post = 0, len; |
OCSP_REQUEST *req = NULL; |
OCSP_REQUEST *req = NULL; |
|
|
} |
} |
|
|
static int |
static int |
send_ocsp_response(BIO * cbio, OCSP_RESPONSE * resp) |
send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) |
{ |
{ |
static const char http_resp[] = |
static const char http_resp[] = |
"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" |
"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" |
|
|
} |
} |
|
|
static OCSP_RESPONSE * |
static OCSP_RESPONSE * |
query_responder(BIO * err, BIO * cbio, char *path, |
query_responder(BIO *err, BIO *cbio, char *path, |
STACK_OF(CONF_VALUE) * headers, |
STACK_OF(CONF_VALUE) *headers, |
OCSP_REQUEST * req, int req_timeout) |
OCSP_REQUEST *req, int req_timeout) |
{ |
{ |
int fd; |
int fd; |
int rv; |
int rv; |
|
|
} |
} |
|
|
OCSP_RESPONSE * |
OCSP_RESPONSE * |
process_responder(BIO * err, OCSP_REQUEST * req, |
process_responder(BIO *err, OCSP_REQUEST *req, |
char *host, char *path, char *port, int use_ssl, |
char *host, char *path, char *port, int use_ssl, |
STACK_OF(CONF_VALUE) * headers, |
STACK_OF(CONF_VALUE) *headers, |
int req_timeout) |
int req_timeout) |
{ |
{ |
BIO *cbio = NULL; |
BIO *cbio = NULL; |