diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2007-09-26 21:56:59 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2007-09-26 21:56:59 +0000 |
| commit | 67c8e7f41486934b6809673b6d836d38eaf2383b (patch) | |
| tree | 06fd94dda26946a4d53a63a98b280aeffbc0aac7 /apps/ocsp.c | |
| parent | 74eb3e091412be483d419c6ae3cdb6be2c1fb273 (diff) | |
| download | openssl-67c8e7f41486934b6809673b6d836d38eaf2383b.zip openssl-67c8e7f41486934b6809673b6d836d38eaf2383b.tar.gz openssl-67c8e7f41486934b6809673b6d836d38eaf2383b.tar.bz2 | |
Support for certificate status TLS extension.
Diffstat (limited to 'apps/ocsp.c')
| -rw-r--r-- | apps/ocsp.c | 91 |
1 files changed, 51 insertions, 40 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index 219dc2f3..df0339b 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -120,7 +120,6 @@ int MAIN(int argc, char **argv) long nsec = MAX_VALIDITY_PERIOD, maxage = -1; char *CAfile = NULL, *CApath = NULL; X509_STORE *store = NULL; - SSL_CTX *ctx = NULL; STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; @@ -723,48 +722,14 @@ int MAIN(int argc, char **argv) else if (host) { #ifndef OPENSSL_NO_SOCK - cbio = BIO_new_connect(host); + resp = process_responder(bio_err, req, host, path, + port, use_ssl, req_timeout); + if (!resp) + goto end; #else BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); goto end; #endif - if (!cbio) - { - BIO_printf(bio_err, "Error creating connect BIO\n"); - goto end; - } - if (port) BIO_set_conn_port(cbio, port); - if (use_ssl == 1) - { - BIO *sbio; -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) - ctx = SSL_CTX_new(SSLv23_client_method()); -#elif !defined(OPENSSL_NO_SSL3) - ctx = SSL_CTX_new(SSLv3_client_method()); -#elif !defined(OPENSSL_NO_SSL2) - ctx = SSL_CTX_new(SSLv2_client_method()); -#else - BIO_printf(bio_err, "SSL is disabled\n"); - goto end; -#endif - if (ctx == NULL) - { - BIO_printf(bio_err, "Error creating SSL context.\n"); - goto end; - } - SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); - sbio = BIO_new_ssl(ctx, 1); - cbio = BIO_push(sbio, cbio); - } - - resp = query_responder(bio_err, cbio, path, req, req_timeout); - BIO_free_all(cbio); - cbio = NULL; - if (!resp) - { - BIO_printf(bio_err, "Error querying OCSP responsder\n"); - goto end; - } } else if (respin) { @@ -913,7 +878,6 @@ end: OPENSSL_free(host); OPENSSL_free(port); OPENSSL_free(path); - SSL_CTX_free(ctx); } OPENSSL_EXIT(ret); @@ -1334,4 +1298,51 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, return rsp; } +OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, + char *host, char *path, char *port, int use_ssl, + int req_timeout) + { + BIO *cbio = NULL; + SSL_CTX *ctx = NULL; + OCSP_RESPONSE *resp = NULL; + cbio = BIO_new_connect(host); + if (!cbio) + { + BIO_printf(err, "Error creating connect BIO\n"); + goto end; + } + if (port) BIO_set_conn_port(cbio, port); + if (use_ssl == 1) + { + BIO *sbio; +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv23_client_method()); +#elif !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv3_client_method()); +#elif !defined(OPENSSL_NO_SSL2) + ctx = SSL_CTX_new(SSLv2_client_method()); +#else + BIO_printf(err, "SSL is disabled\n"); + goto end; +#endif + if (ctx == NULL) + { + BIO_printf(err, "Error creating SSL context.\n"); + goto end; + } + SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); + sbio = BIO_new_ssl(ctx, 1); + cbio = BIO_push(sbio, cbio); + } + resp = query_responder(err, cbio, path, req, req_timeout); + if (!resp) + BIO_printf(bio_err, "Error querying OCSP responsder\n"); + end: + if (ctx) + SSL_CTX_free(ctx); + if (cbio) + BIO_free_all(cbio); + return resp; + } + #endif |