diff options
| author | Richard Levitte <levitte@openssl.org> | 2001-05-30 15:29:28 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2001-05-30 15:29:28 +0000 |
| commit | 30b4c2724ea2a078d921ba16a51b8d3e2ad85c42 (patch) | |
| tree | 551cb4a7545944a838e3a1f571dabce14bea1a24 /apps/ocsp.c | |
| parent | 2adc929367129a845ae2aa8358e645d4dbb9c624 (diff) | |
| download | openssl-30b4c2724ea2a078d921ba16a51b8d3e2ad85c42.zip openssl-30b4c2724ea2a078d921ba16a51b8d3e2ad85c42.tar.gz openssl-30b4c2724ea2a078d921ba16a51b8d3e2ad85c42.tar.bz2 | |
Extend all the loading functions to take an engine pointer, a pass
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.
Also, have our own password callback that we can send both a password
and some prompt info to. The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...
Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves... That's changed too.
Diffstat (limited to 'apps/ocsp.c')
| -rw-r--r-- | apps/ocsp.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index ba456fc..16207a6 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -82,6 +82,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; char **args; char *host = NULL, *port = NULL, *path = "/"; char *reqin = NULL, *respin = NULL; @@ -326,7 +327,8 @@ int MAIN(int argc, char **argv) { args++; X509_free(issuer); - issuer = load_cert(bio_err, *args, FORMAT_PEM); + issuer = load_cert(bio_err, *args, FORMAT_PEM, + NULL, e, "issuer certificate"); if(!issuer) goto end; } else badarg = 1; @@ -337,7 +339,8 @@ int MAIN(int argc, char **argv) { args++; X509_free(cert); - cert = load_cert(bio_err, *args, FORMAT_PEM); + cert = load_cert(bio_err, *args, FORMAT_PEM, + NULL, e, "certificate"); if(!cert) goto end; if(!add_ocsp_cert(&req, cert, issuer, ids)) goto end; @@ -445,7 +448,8 @@ int MAIN(int argc, char **argv) if (signfile) { if (!keyfile) keyfile = signfile; - signer = load_cert(bio_err, signfile, FORMAT_PEM); + signer = load_cert(bio_err, signfile, FORMAT_PEM, + NULL, e, "signer certificate"); if (!signer) { BIO_printf(bio_err, "Error loading signer certificate\n"); @@ -453,13 +457,17 @@ int MAIN(int argc, char **argv) } if (sign_certfile) { - sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM); + sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM, + NULL, e, "signer certificates"); if (!sign_other) goto end; } - key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL); + key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL, + "signer private key"); if (!key) { +#if 0 /* An appropriate message has already been printed */ BIO_printf(bio_err, "Error loading signer private key\n"); +#endif goto end; } if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags)) @@ -565,7 +573,8 @@ int MAIN(int argc, char **argv) if(!store) goto end; if (verify_certfile) { - verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM); + verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, + NULL, e, "validator certificate"); if (!verify_other) goto end; } |