![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / ocspcheck
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.33 / (download) - annotate - [select for diffs], Sun Mar 24 11:30:12 2024 UTC (2 months, 1 week ago) by beck
Branch: MAIN
CVS Tags: HEAD
Changes since 1.32: +3 -2 lines
Diff to previous 1.32 (colored)
Convert libressl to use the BoringSSL style time conversions This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
Revision 1.32 / (download) - annotate - [select for diffs], Mon Nov 13 11:46:24 2023 UTC (6 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.31: +4 -3 lines
Diff to previous 1.31 (colored)
Replace ASN1_time_parse() with ASN1_TIME_to_tm() Like in libtls, we use ASN1_GENERALIZEDTIME_check() to ensure we actually have a GeneralizedTime. ok beck
Revision 1.31 / (download) - annotate - [select for diffs], Wed Dec 28 21:30:17 2022 UTC (17 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
spelling fixes; from paul tagliamonte any parts of his diff not taken are noted on tech
Revision 1.30 / (download) - annotate - [select for diffs], Mon Jul 12 15:09:21 2021 UTC (2 years, 10 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored)
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
Revision 1.29 / (download) - annotate - [select for diffs], Tue Feb 9 16:55:51 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.28: +1 -2 lines
Diff to previous 1.28 (colored)
Walk over all results from getaddrinfo() instead of giving up after the first entry. This way ocspcheck will try all returned IPs to contact the OCSP server. Found by the regress test and a resolv.conf file with 'family inet6 inet4'. OK kn@ deraadt@
Revision 1.28 / (download) - annotate - [select for diffs], Fri Oct 16 01:16:55 2020 UTC (3 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.27: +95 -63 lines
Diff to previous 1.27 (colored)
Refactor a bunch of oscpcheck for single return to clean it up, and add the ability to parse a port in the specified ocsp url. Since this will now pass them, enable regress tests previously committed for ocspcheck. mostly by me with some cleanup by tb after an obvious yak was found to shave in the OCSP routines in libcrypto ok tb@
Revision 1.27 / (download) - annotate - [select for diffs], Fri Sep 4 04:17:46 2020 UTC (3 years, 8 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.26: +5 -2 lines
Diff to previous 1.26 (colored)
Ignore ftruncate failure with errno == EAGAIN This makes piping the OCSP response to other programs with -o - work. input and r+ guenther
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jan 23 03:53:39 2020 UTC (4 years, 4 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.25: +67 -30 lines
Diff to previous 1.25 (colored)
The X509_LOOKUP code tries to grope around in /etc/ssl/cert/ to find CA certs it couldn't find otherwise. This may lead to a pledge rpath violation reported by Kor, son of Rynar. Unfortunately, providing certs inside a directory is common in linuxes, so we need to keep this functionality for portable. Check if /etc/ssl/cert.pem and /etc/ssl/cert exist and pledge accordingly. Add unveils to restrict this program further on a default OpenBSD install. Fix -C to look only inside the provided root bundle. Input from jsing and sthen, tests by sthen and Kor ok beck, jsing, sthen (after much back and forth)
Revision 1.25 / (download) - annotate - [select for diffs], Wed May 15 13:44:18 2019 UTC (5 years ago) by bcook
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.24: +4 -2 lines
Diff to previous 1.24 (colored)
check result of ftruncate() as we do write() below ok beck@
Revision 1.24 / (download) - annotate - [select for diffs], Fri Dec 1 14:42:23 2017 UTC (6 years, 6 months ago) by visa
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.23: +6 -4 lines
Diff to previous 1.23 (colored)
Avoid using an uninitialized variable. Found by gcc. OK jca@
Revision 1.23 / (download) - annotate - [select for diffs], Wed Nov 29 21:15:45 2017 UTC (6 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.22: +3 -2 lines
Diff to previous 1.22 (colored)
add -i to SYNOPSIS/usage() and sundry tweaks; ok beck
Revision 1.22 / (download) - annotate - [select for diffs], Tue Nov 28 23:32:00 2017 UTC (6 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.21: +91 -45 lines
Diff to previous 1.21 (colored)
Add option -i to allow oscpcheck to be used to validate an on-disk staple ok claudio@ benno@
Revision 1.21 / (download) - annotate - [select for diffs], Mon May 8 20:15:34 2017 UTC (7 years ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
Print size_t's correctly. Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org>
Revision 1.20 / (download) - annotate - [select for diffs], Mon Mar 27 23:59:08 2017 UTC (7 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.19: +18 -23 lines
Diff to previous 1.19 (colored)
repair knf & whitespace that jumped out of the screen during review ok beck
Revision 1.19 / (download) - annotate - [select for diffs], Mon Mar 27 18:26:53 2017 UTC (7 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.18: +5 -2 lines
Diff to previous 1.18 (colored)
use a path of "/" if the URL does not include a trailing / - since the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@
Revision 1.18 / (download) - annotate - [select for diffs], Mon Mar 27 18:14:20 2017 UTC (7 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.17: +4 -1 lines
Diff to previous 1.17 (colored)
Fail early if an ocep server returns a non-200 http response, there is no point in trying to parse error pages as an ocsp response.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Feb 25 23:48:08 2017 UTC (7 years, 3 months ago) by beck
Branch: MAIN
Changes since 1.16: +11 -9 lines
Diff to previous 1.16 (colored)
pledge stdio before parsing the http response ok tb@
Revision 1.16 / (download) - annotate - [select for diffs], Mon Feb 20 23:55:22 2017 UTC (7 years, 3 months ago) by beck
Branch: MAIN
Changes since 1.15: +1 -0 lines
Diff to previous 1.15 (colored)
Add missing $OpenBSD$
Revision 1.15 / (download) - annotate - [select for diffs], Wed Feb 1 18:54:37 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.14: +3 -0 lines
Diff to previous 1.14 (colored)
netinet/in.h should be included, and freebsd and some others don't have EAI_NODATA, so make this easier for people from bernard spill
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jan 26 22:59:55 2017 UTC (7 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored)
oscp -> ocsp; from holger mikolon, plus one more in nc;
Revision 1.13 / (download) - annotate - [select for diffs], Thu Jan 26 00:58:32 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.12: +11 -11 lines
Diff to previous 1.12 (colored)
Use numeric exit codes consistently rather than a mix ok jsing@
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jan 26 00:53:52 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.11: +1 -1 lines
Diff to previous 1.11 (colored)
style
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 26 00:52:22 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.10: +1 -1 lines
Diff to previous 1.10 (colored)
Fix the structure initialzation to compile. bad inioguchi and millert :) ok jsing@ rpe@
Revision 1.10 / (download) - annotate - [select for diffs], Wed Jan 25 16:53:21 2017 UTC (7 years, 4 months ago) by inoguchi
Branch: MAIN
Changes since 1.9: +1 -1 lines
Diff to previous 1.9 (colored)
Fix array initialization syntax for ocspcheck.c Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jan 24 12:44:40 2017 UTC (7 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +3 -2 lines
Diff to previous 1.8 (colored)
correct usage format; ok beck claudio benno
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jan 24 12:30:35 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.7: +4 -2 lines
Diff to previous 1.7 (colored)
fix mode on open() and ftruncate(), noticed by bcook@
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jan 24 12:08:35 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.6: +3 -4 lines
Diff to previous 1.6 (colored)
Say no to two line error messages on failure
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jan 24 10:54:48 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.5: +4 -4 lines
Diff to previous 1.5 (colored)
Actually load the cafile when providede, and error message cleanup
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jan 24 10:46:37 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.4: +1 -1 lines
Diff to previous 1.4 (colored)
use warn, I have errno here. noticed by theo
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jan 24 10:18:15 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)
knf
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jan 24 09:59:45 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.2: +13 -19 lines
Diff to previous 1.2 (colored)
Just don't bother with OpenSSL error strings, they are mostly irrelevant and look gross here anyway.. we don't need them
Revision 1.2 / (download) - annotate - [select for diffs], Tue Jan 24 09:39:43 2017 UTC (7 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
various cleanup;
Revision 1.1 / (download) - annotate - [select for diffs], Tue Jan 24 08:50:57 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
New ocspcheck utility to validate a certificate against its ocsp responder and save the reply for stapling ok deraadt@ jsing@