summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/ocsp.c
diff options
context:
space:
mode:
authortb <>2023-03-06 14:32:06 +0000
committertb <>2023-03-06 14:32:06 +0000
commit6c965e26b1a93da63948edae6b68564be1ded507 (patch)
treebbe07d6e06b695cebe22802551f2db0a61354d7c /src/usr.bin/openssl/ocsp.c
parent48e828ea26ee91710242131cd75cd9d1d20b773c (diff)
downloadopenbsd-6c965e26b1a93da63948edae6b68564be1ded507.tar.gz
openbsd-6c965e26b1a93da63948edae6b68564be1ded507.tar.bz2
openbsd-6c965e26b1a93da63948edae6b68564be1ded507.zip
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
Diffstat (limited to 'src/usr.bin/openssl/ocsp.c')
-rw-r--r--src/usr.bin/openssl/ocsp.c356
1 files changed, 178 insertions, 178 deletions
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index 026bd49b0a..cc942a459c 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp.c,v 1.22 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: ocsp.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -143,27 +143,27 @@ static struct {
143 int use_ssl; 143 int use_ssl;
144 char *verify_certfile; 144 char *verify_certfile;
145 unsigned long verify_flags; 145 unsigned long verify_flags;
146} ocsp_config; 146} cfg;
147 147
148static int 148static int
149ocsp_opt_cert(char *arg) 149ocsp_opt_cert(char *arg)
150{ 150{
151 X509_free(ocsp_config.cert); 151 X509_free(cfg.cert);
152 ocsp_config.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL, 152 cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL,
153 "certificate"); 153 "certificate");
154 if (ocsp_config.cert == NULL) { 154 if (cfg.cert == NULL) {
155 ocsp_config.no_usage = 1; 155 cfg.no_usage = 1;
156 return (1); 156 return (1);
157 } 157 }
158 if (ocsp_config.cert_id_md == NULL) 158 if (cfg.cert_id_md == NULL)
159 ocsp_config.cert_id_md = EVP_sha1(); 159 cfg.cert_id_md = EVP_sha1();
160 if (!add_ocsp_cert(&ocsp_config.req, ocsp_config.cert, 160 if (!add_ocsp_cert(&cfg.req, cfg.cert,
161 ocsp_config.cert_id_md, ocsp_config.issuer, ocsp_config.ids)) { 161 cfg.cert_id_md, cfg.issuer, cfg.ids)) {
162 ocsp_config.no_usage = 1; 162 cfg.no_usage = 1;
163 return (1); 163 return (1);
164 } 164 }
165 if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { 165 if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) {
166 ocsp_config.no_usage = 1; 166 cfg.no_usage = 1;
167 return (1); 167 return (1);
168 } 168 }
169 return (0); 169 return (0);
@@ -177,7 +177,7 @@ ocsp_opt_cert_id_md(int argc, char **argv, int *argsused)
177 if (*name++ != '-') 177 if (*name++ != '-')
178 return (1); 178 return (1);
179 179
180 if ((ocsp_config.cert_id_md = EVP_get_digestbyname(name)) == NULL) 180 if ((cfg.cert_id_md = EVP_get_digestbyname(name)) == NULL)
181 return (1); 181 return (1);
182 182
183 *argsused = 1; 183 *argsused = 1;
@@ -190,8 +190,8 @@ ocsp_opt_header(int argc, char **argv, int *argsused)
190 if (argc < 3 || argv[1] == NULL || argv[2] == NULL) 190 if (argc < 3 || argv[1] == NULL || argv[2] == NULL)
191 return (1); 191 return (1);
192 192
193 if (!X509V3_add_value(argv[1], argv[2], &ocsp_config.headers)) { 193 if (!X509V3_add_value(argv[1], argv[2], &cfg.headers)) {
194 ocsp_config.no_usage = 1; 194 cfg.no_usage = 1;
195 return (1); 195 return (1);
196 } 196 }
197 197
@@ -202,21 +202,21 @@ ocsp_opt_header(int argc, char **argv, int *argsused)
202static int 202static int
203ocsp_opt_host(char *arg) 203ocsp_opt_host(char *arg)
204{ 204{
205 if (ocsp_config.use_ssl != -1) 205 if (cfg.use_ssl != -1)
206 return (1); 206 return (1);
207 207
208 ocsp_config.host = arg; 208 cfg.host = arg;
209 return (0); 209 return (0);
210} 210}
211 211
212static int 212static int
213ocsp_opt_issuer(char *arg) 213ocsp_opt_issuer(char *arg)
214{ 214{
215 X509_free(ocsp_config.issuer); 215 X509_free(cfg.issuer);
216 ocsp_config.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL, 216 cfg.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL,
217 "issuer certificate"); 217 "issuer certificate");
218 if (ocsp_config.issuer == NULL) { 218 if (cfg.issuer == NULL) {
219 ocsp_config.no_usage = 1; 219 cfg.no_usage = 1;
220 return (1); 220 return (1);
221 } 221 }
222 return (0); 222 return (0);
@@ -227,7 +227,7 @@ ocsp_opt_ndays(char *arg)
227{ 227{
228 const char *errstr = NULL; 228 const char *errstr = NULL;
229 229
230 ocsp_config.ndays = strtonum(arg, 0, INT_MAX, &errstr); 230 cfg.ndays = strtonum(arg, 0, INT_MAX, &errstr);
231 if (errstr != NULL) { 231 if (errstr != NULL) {
232 BIO_printf(bio_err, "Illegal update period %s: %s\n", 232 BIO_printf(bio_err, "Illegal update period %s: %s\n",
233 arg, errstr); 233 arg, errstr);
@@ -241,17 +241,17 @@ ocsp_opt_nmin(char *arg)
241{ 241{
242 const char *errstr = NULL; 242 const char *errstr = NULL;
243 243
244 ocsp_config.nmin = strtonum(arg, 0, INT_MAX, &errstr); 244 cfg.nmin = strtonum(arg, 0, INT_MAX, &errstr);
245 if (errstr != NULL) { 245 if (errstr != NULL) {
246 BIO_printf(bio_err, "Illegal update period %s: %s\n", 246 BIO_printf(bio_err, "Illegal update period %s: %s\n",
247 arg, errstr); 247 arg, errstr);
248 return (1); 248 return (1);
249 } 249 }
250 250
251 if (ocsp_config.ndays != -1) 251 if (cfg.ndays != -1)
252 return (1); 252 return (1);
253 253
254 ocsp_config.ndays = 0; 254 cfg.ndays = 0;
255 return (0); 255 return (0);
256} 256}
257 257
@@ -260,7 +260,7 @@ ocsp_opt_nrequest(char *arg)
260{ 260{
261 const char *errstr = NULL; 261 const char *errstr = NULL;
262 262
263 ocsp_config.accept_count = strtonum(arg, 0, INT_MAX, &errstr); 263 cfg.accept_count = strtonum(arg, 0, INT_MAX, &errstr);
264 if (errstr != NULL) { 264 if (errstr != NULL) {
265 BIO_printf(bio_err, "Illegal accept count %s: %s\n", 265 BIO_printf(bio_err, "Illegal accept count %s: %s\n",
266 arg, errstr); 266 arg, errstr);
@@ -272,25 +272,25 @@ ocsp_opt_nrequest(char *arg)
272static int 272static int
273ocsp_opt_port(char *arg) 273ocsp_opt_port(char *arg)
274{ 274{
275 if (ocsp_config.use_ssl != -1) 275 if (cfg.use_ssl != -1)
276 return (1); 276 return (1);
277 277
278 ocsp_config.port = arg; 278 cfg.port = arg;
279 return (0); 279 return (0);
280} 280}
281 281
282static int 282static int
283ocsp_opt_serial(char *arg) 283ocsp_opt_serial(char *arg)
284{ 284{
285 if (ocsp_config.cert_id_md == NULL) 285 if (cfg.cert_id_md == NULL)
286 ocsp_config.cert_id_md = EVP_sha1(); 286 cfg.cert_id_md = EVP_sha1();
287 if (!add_ocsp_serial(&ocsp_config.req, arg, ocsp_config.cert_id_md, 287 if (!add_ocsp_serial(&cfg.req, arg, cfg.cert_id_md,
288 ocsp_config.issuer, ocsp_config.ids)) { 288 cfg.issuer, cfg.ids)) {
289 ocsp_config.no_usage = 1; 289 cfg.no_usage = 1;
290 return (1); 290 return (1);
291 } 291 }
292 if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { 292 if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) {
293 ocsp_config.no_usage = 1; 293 cfg.no_usage = 1;
294 return (1); 294 return (1);
295 } 295 }
296 return (0); 296 return (0);
@@ -301,7 +301,7 @@ ocsp_opt_status_age(char *arg)
301{ 301{
302 const char *errstr = NULL; 302 const char *errstr = NULL;
303 303
304 ocsp_config.maxage = strtonum(arg, 0, LONG_MAX, &errstr); 304 cfg.maxage = strtonum(arg, 0, LONG_MAX, &errstr);
305 if (errstr != NULL) { 305 if (errstr != NULL) {
306 BIO_printf(bio_err, "Illegal validity age %s: %s\n", 306 BIO_printf(bio_err, "Illegal validity age %s: %s\n",
307 arg, errstr); 307 arg, errstr);
@@ -313,8 +313,8 @@ ocsp_opt_status_age(char *arg)
313static int 313static int
314ocsp_opt_text(void) 314ocsp_opt_text(void)
315{ 315{
316 ocsp_config.req_text = 1; 316 cfg.req_text = 1;
317 ocsp_config.resp_text = 1; 317 cfg.resp_text = 1;
318 return (0); 318 return (0);
319} 319}
320 320
@@ -323,7 +323,7 @@ ocsp_opt_timeout(char *arg)
323{ 323{
324 const char *errstr = NULL; 324 const char *errstr = NULL;
325 325
326 ocsp_config.req_timeout = strtonum(arg, 0, INT_MAX, &errstr); 326 cfg.req_timeout = strtonum(arg, 0, INT_MAX, &errstr);
327 if (errstr != NULL) { 327 if (errstr != NULL) {
328 BIO_printf(bio_err, "Illegal timeout value %s: %s\n", 328 BIO_printf(bio_err, "Illegal timeout value %s: %s\n",
329 arg, errstr); 329 arg, errstr);
@@ -335,10 +335,10 @@ ocsp_opt_timeout(char *arg)
335static int 335static int
336ocsp_opt_url(char *arg) 336ocsp_opt_url(char *arg)
337{ 337{
338 if (ocsp_config.host == NULL && ocsp_config.port == NULL && 338 if (cfg.host == NULL && cfg.port == NULL &&
339 ocsp_config.path == NULL) { 339 cfg.path == NULL) {
340 if (!OCSP_parse_url(arg, &ocsp_config.host, &ocsp_config.port, 340 if (!OCSP_parse_url(arg, &cfg.host, &cfg.port,
341 &ocsp_config.path, &ocsp_config.use_ssl)) { 341 &cfg.path, &cfg.use_ssl)) {
342 BIO_printf(bio_err, "Error parsing URL\n"); 342 BIO_printf(bio_err, "Error parsing URL\n");
343 return (1); 343 return (1);
344 } 344 }
@@ -349,8 +349,8 @@ ocsp_opt_url(char *arg)
349static int 349static int
350ocsp_opt_vafile(char *arg) 350ocsp_opt_vafile(char *arg)
351{ 351{
352 ocsp_config.verify_certfile = arg; 352 cfg.verify_certfile = arg;
353 ocsp_config.verify_flags |= OCSP_TRUSTOTHER; 353 cfg.verify_flags |= OCSP_TRUSTOTHER;
354 return (0); 354 return (0);
355} 355}
356 356
@@ -359,7 +359,7 @@ ocsp_opt_validity_period(char *arg)
359{ 359{
360 const char *errstr = NULL; 360 const char *errstr = NULL;
361 361
362 ocsp_config.nsec = strtonum(arg, 0, LONG_MAX, &errstr); 362 cfg.nsec = strtonum(arg, 0, LONG_MAX, &errstr);
363 if (errstr != NULL) { 363 if (errstr != NULL) {
364 BIO_printf(bio_err, "Illegal validity period %s: %s\n", 364 BIO_printf(bio_err, "Illegal validity period %s: %s\n",
365 arg, errstr); 365 arg, errstr);
@@ -374,21 +374,21 @@ static const struct option ocsp_options[] = {
374 .argname = "file", 374 .argname = "file",
375 .desc = "CA certificate corresponding to the revocation information", 375 .desc = "CA certificate corresponding to the revocation information",
376 .type = OPTION_ARG, 376 .type = OPTION_ARG,
377 .opt.arg = &ocsp_config.rca_filename, 377 .opt.arg = &cfg.rca_filename,
378 }, 378 },
379 { 379 {
380 .name = "CAfile", 380 .name = "CAfile",
381 .argname = "file", 381 .argname = "file",
382 .desc = "Trusted certificates file", 382 .desc = "Trusted certificates file",
383 .type = OPTION_ARG, 383 .type = OPTION_ARG,
384 .opt.arg = &ocsp_config.CAfile, 384 .opt.arg = &cfg.CAfile,
385 }, 385 },
386 { 386 {
387 .name = "CApath", 387 .name = "CApath",
388 .argname = "directory", 388 .argname = "directory",
389 .desc = "Trusted certificates directory", 389 .desc = "Trusted certificates directory",
390 .type = OPTION_ARG, 390 .type = OPTION_ARG,
391 .opt.arg = &ocsp_config.CApath, 391 .opt.arg = &cfg.CApath,
392 }, 392 },
393 { 393 {
394 .name = "cert", 394 .name = "cert",
@@ -415,14 +415,14 @@ static const struct option ocsp_options[] = {
415 .name = "ignore_err", 415 .name = "ignore_err",
416 .desc = "Ignore the invalid response", 416 .desc = "Ignore the invalid response",
417 .type = OPTION_FLAG, 417 .type = OPTION_FLAG,
418 .opt.flag = &ocsp_config.ignore_err, 418 .opt.flag = &cfg.ignore_err,
419 }, 419 },
420 { 420 {
421 .name = "index", 421 .name = "index",
422 .argname = "indexfile", 422 .argname = "indexfile",
423 .desc = "Certificate status index file", 423 .desc = "Certificate status index file",
424 .type = OPTION_ARG, 424 .type = OPTION_ARG,
425 .opt.arg = &ocsp_config.ridx_filename, 425 .opt.arg = &cfg.ridx_filename,
426 }, 426 },
427 { 427 {
428 .name = "issuer", 428 .name = "issuer",
@@ -449,70 +449,70 @@ static const struct option ocsp_options[] = {
449 .name = "no_cert_checks", 449 .name = "no_cert_checks",
450 .desc = "Don't do additional checks on signing certificate", 450 .desc = "Don't do additional checks on signing certificate",
451 .type = OPTION_UL_VALUE_OR, 451 .type = OPTION_UL_VALUE_OR,
452 .opt.ulvalue = &ocsp_config.verify_flags, 452 .opt.ulvalue = &cfg.verify_flags,
453 .ulvalue = OCSP_NOCHECKS, 453 .ulvalue = OCSP_NOCHECKS,
454 }, 454 },
455 { 455 {
456 .name = "no_cert_verify", 456 .name = "no_cert_verify",
457 .desc = "Don't check signing certificate", 457 .desc = "Don't check signing certificate",
458 .type = OPTION_UL_VALUE_OR, 458 .type = OPTION_UL_VALUE_OR,
459 .opt.ulvalue = &ocsp_config.verify_flags, 459 .opt.ulvalue = &cfg.verify_flags,
460 .ulvalue = OCSP_NOVERIFY, 460 .ulvalue = OCSP_NOVERIFY,
461 }, 461 },
462 { 462 {
463 .name = "no_certs", 463 .name = "no_certs",
464 .desc = "Don't include any certificates in signed request", 464 .desc = "Don't include any certificates in signed request",
465 .type = OPTION_UL_VALUE_OR, 465 .type = OPTION_UL_VALUE_OR,
466 .opt.ulvalue = &ocsp_config.sign_flags, 466 .opt.ulvalue = &cfg.sign_flags,
467 .ulvalue = OCSP_NOCERTS, 467 .ulvalue = OCSP_NOCERTS,
468 }, 468 },
469 { 469 {
470 .name = "no_chain", 470 .name = "no_chain",
471 .desc = "Don't use certificates in the response", 471 .desc = "Don't use certificates in the response",
472 .type = OPTION_UL_VALUE_OR, 472 .type = OPTION_UL_VALUE_OR,
473 .opt.ulvalue = &ocsp_config.verify_flags, 473 .opt.ulvalue = &cfg.verify_flags,
474 .ulvalue = OCSP_NOCHAIN, 474 .ulvalue = OCSP_NOCHAIN,
475 }, 475 },
476 { 476 {
477 .name = "no_explicit", 477 .name = "no_explicit",
478 .desc = "Don't check the explicit trust for OCSP signing", 478 .desc = "Don't check the explicit trust for OCSP signing",
479 .type = OPTION_UL_VALUE_OR, 479 .type = OPTION_UL_VALUE_OR,
480 .opt.ulvalue = &ocsp_config.verify_flags, 480 .opt.ulvalue = &cfg.verify_flags,
481 .ulvalue = OCSP_NOEXPLICIT, 481 .ulvalue = OCSP_NOEXPLICIT,
482 }, 482 },
483 { 483 {
484 .name = "no_intern", 484 .name = "no_intern",
485 .desc = "Don't search certificates contained in response for signer", 485 .desc = "Don't search certificates contained in response for signer",
486 .type = OPTION_UL_VALUE_OR, 486 .type = OPTION_UL_VALUE_OR,
487 .opt.ulvalue = &ocsp_config.verify_flags, 487 .opt.ulvalue = &cfg.verify_flags,
488 .ulvalue = OCSP_NOINTERN, 488 .ulvalue = OCSP_NOINTERN,
489 }, 489 },
490 { 490 {
491 .name = "no_nonce", 491 .name = "no_nonce",
492 .desc = "Don't add OCSP nonce to request", 492 .desc = "Don't add OCSP nonce to request",
493 .type = OPTION_VALUE, 493 .type = OPTION_VALUE,
494 .opt.value = &ocsp_config.add_nonce, 494 .opt.value = &cfg.add_nonce,
495 .value = 0, 495 .value = 0,
496 }, 496 },
497 { 497 {
498 .name = "no_signature_verify", 498 .name = "no_signature_verify",
499 .desc = "Don't check signature on response", 499 .desc = "Don't check signature on response",
500 .type = OPTION_UL_VALUE_OR, 500 .type = OPTION_UL_VALUE_OR,
501 .opt.ulvalue = &ocsp_config.verify_flags, 501 .opt.ulvalue = &cfg.verify_flags,
502 .ulvalue = OCSP_NOSIGS, 502 .ulvalue = OCSP_NOSIGS,
503 }, 503 },
504 { 504 {
505 .name = "nonce", 505 .name = "nonce",
506 .desc = "Add OCSP nonce to request", 506 .desc = "Add OCSP nonce to request",
507 .type = OPTION_VALUE, 507 .type = OPTION_VALUE,
508 .opt.value = &ocsp_config.add_nonce, 508 .opt.value = &cfg.add_nonce,
509 .value = 2, 509 .value = 2,
510 }, 510 },
511 { 511 {
512 .name = "noverify", 512 .name = "noverify",
513 .desc = "Don't verify response at all", 513 .desc = "Don't verify response at all",
514 .type = OPTION_FLAG, 514 .type = OPTION_FLAG,
515 .opt.flag = &ocsp_config.noverify, 515 .opt.flag = &cfg.noverify,
516 }, 516 },
517 { 517 {
518 .name = "nrequest", 518 .name = "nrequest",
@@ -526,14 +526,14 @@ static const struct option ocsp_options[] = {
526 .argname = "file", 526 .argname = "file",
527 .desc = "Output filename", 527 .desc = "Output filename",
528 .type = OPTION_ARG, 528 .type = OPTION_ARG,
529 .opt.arg = &ocsp_config.outfile, 529 .opt.arg = &cfg.outfile,
530 }, 530 },
531 { 531 {
532 .name = "path", 532 .name = "path",
533 .argname = "path", 533 .argname = "path",
534 .desc = "Path to use in OCSP request", 534 .desc = "Path to use in OCSP request",
535 .type = OPTION_ARG, 535 .type = OPTION_ARG,
536 .opt.arg = &ocsp_config.path, 536 .opt.arg = &cfg.path,
537 }, 537 },
538 { 538 {
539 .name = "port", 539 .name = "port",
@@ -546,76 +546,76 @@ static const struct option ocsp_options[] = {
546 .name = "req_text", 546 .name = "req_text",
547 .desc = "Print text form of request", 547 .desc = "Print text form of request",
548 .type = OPTION_FLAG, 548 .type = OPTION_FLAG,
549 .opt.flag = &ocsp_config.req_text, 549 .opt.flag = &cfg.req_text,
550 }, 550 },
551 { 551 {
552 .name = "reqin", 552 .name = "reqin",
553 .argname = "file", 553 .argname = "file",
554 .desc = "Read DER encoded OCSP request from \"file\"", 554 .desc = "Read DER encoded OCSP request from \"file\"",
555 .type = OPTION_ARG, 555 .type = OPTION_ARG,
556 .opt.arg = &ocsp_config.reqin, 556 .opt.arg = &cfg.reqin,
557 }, 557 },
558 { 558 {
559 .name = "reqout", 559 .name = "reqout",
560 .argname = "file", 560 .argname = "file",
561 .desc = "Write DER encoded OCSP request to \"file\"", 561 .desc = "Write DER encoded OCSP request to \"file\"",
562 .type = OPTION_ARG, 562 .type = OPTION_ARG,
563 .opt.arg = &ocsp_config.reqout, 563 .opt.arg = &cfg.reqout,
564 }, 564 },
565 { 565 {
566 .name = "resp_key_id", 566 .name = "resp_key_id",
567 .desc = "Identify response by signing certificate key ID", 567 .desc = "Identify response by signing certificate key ID",
568 .type = OPTION_UL_VALUE_OR, 568 .type = OPTION_UL_VALUE_OR,
569 .opt.ulvalue = &ocsp_config.rflags, 569 .opt.ulvalue = &cfg.rflags,
570 .ulvalue = OCSP_RESPID_KEY, 570 .ulvalue = OCSP_RESPID_KEY,
571 }, 571 },
572 { 572 {
573 .name = "resp_no_certs", 573 .name = "resp_no_certs",
574 .desc = "Don't include any certificates in response", 574 .desc = "Don't include any certificates in response",
575 .type = OPTION_UL_VALUE_OR, 575 .type = OPTION_UL_VALUE_OR,
576 .opt.ulvalue = &ocsp_config.rflags, 576 .opt.ulvalue = &cfg.rflags,
577 .ulvalue = OCSP_NOCERTS, 577 .ulvalue = OCSP_NOCERTS,
578 }, 578 },
579 { 579 {
580 .name = "resp_text", 580 .name = "resp_text",
581 .desc = "Print text form of response", 581 .desc = "Print text form of response",
582 .type = OPTION_FLAG, 582 .type = OPTION_FLAG,
583 .opt.flag = &ocsp_config.resp_text, 583 .opt.flag = &cfg.resp_text,
584 }, 584 },
585 { 585 {
586 .name = "respin", 586 .name = "respin",
587 .argname = "file", 587 .argname = "file",
588 .desc = "Read DER encoded OCSP response from \"file\"", 588 .desc = "Read DER encoded OCSP response from \"file\"",
589 .type = OPTION_ARG, 589 .type = OPTION_ARG,
590 .opt.arg = &ocsp_config.respin, 590 .opt.arg = &cfg.respin,
591 }, 591 },
592 { 592 {
593 .name = "respout", 593 .name = "respout",
594 .argname = "file", 594 .argname = "file",
595 .desc = "Write DER encoded OCSP response to \"file\"", 595 .desc = "Write DER encoded OCSP response to \"file\"",
596 .type = OPTION_ARG, 596 .type = OPTION_ARG,
597 .opt.arg = &ocsp_config.respout, 597 .opt.arg = &cfg.respout,
598 }, 598 },
599 { 599 {
600 .name = "rkey", 600 .name = "rkey",
601 .argname = "file", 601 .argname = "file",
602 .desc = "Responder key to sign responses with", 602 .desc = "Responder key to sign responses with",
603 .type = OPTION_ARG, 603 .type = OPTION_ARG,
604 .opt.arg = &ocsp_config.rkeyfile, 604 .opt.arg = &cfg.rkeyfile,
605 }, 605 },
606 { 606 {
607 .name = "rother", 607 .name = "rother",
608 .argname = "file", 608 .argname = "file",
609 .desc = "Other certificates to include in response", 609 .desc = "Other certificates to include in response",
610 .type = OPTION_ARG, 610 .type = OPTION_ARG,
611 .opt.arg = &ocsp_config.rcertfile, 611 .opt.arg = &cfg.rcertfile,
612 }, 612 },
613 { 613 {
614 .name = "rsigner", 614 .name = "rsigner",
615 .argname = "file", 615 .argname = "file",
616 .desc = "Responder certificate to sign responses with", 616 .desc = "Responder certificate to sign responses with",
617 .type = OPTION_ARG, 617 .type = OPTION_ARG,
618 .opt.arg = &ocsp_config.rsignfile, 618 .opt.arg = &cfg.rsignfile,
619 }, 619 },
620 { 620 {
621 .name = "serial", 621 .name = "serial",
@@ -629,21 +629,21 @@ static const struct option ocsp_options[] = {
629 .argname = "file", 629 .argname = "file",
630 .desc = "Additional certificates to include in signed request", 630 .desc = "Additional certificates to include in signed request",
631 .type = OPTION_ARG, 631 .type = OPTION_ARG,
632 .opt.arg = &ocsp_config.sign_certfile, 632 .opt.arg = &cfg.sign_certfile,
633 }, 633 },
634 { 634 {
635 .name = "signer", 635 .name = "signer",
636 .argname = "file", 636 .argname = "file",
637 .desc = "Certificate to sign OCSP request with", 637 .desc = "Certificate to sign OCSP request with",
638 .type = OPTION_ARG, 638 .type = OPTION_ARG,
639 .opt.arg = &ocsp_config.signfile, 639 .opt.arg = &cfg.signfile,
640 }, 640 },
641 { 641 {
642 .name = "signkey", 642 .name = "signkey",
643 .argname = "file", 643 .argname = "file",
644 .desc = "Private key to sign OCSP request with", 644 .desc = "Private key to sign OCSP request with",
645 .type = OPTION_ARG, 645 .type = OPTION_ARG,
646 .opt.arg = &ocsp_config.keyfile, 646 .opt.arg = &cfg.keyfile,
647 }, 647 },
648 { 648 {
649 .name = "status_age", 649 .name = "status_age",
@@ -669,7 +669,7 @@ static const struct option ocsp_options[] = {
669 .name = "trust_other", 669 .name = "trust_other",
670 .desc = "Don't verify additional certificates", 670 .desc = "Don't verify additional certificates",
671 .type = OPTION_UL_VALUE_OR, 671 .type = OPTION_UL_VALUE_OR,
672 .opt.ulvalue = &ocsp_config.verify_flags, 672 .opt.ulvalue = &cfg.verify_flags,
673 .ulvalue = OCSP_TRUSTOTHER, 673 .ulvalue = OCSP_TRUSTOTHER,
674 }, 674 },
675 { 675 {
@@ -698,7 +698,7 @@ static const struct option ocsp_options[] = {
698 .argname = "file", 698 .argname = "file",
699 .desc = "Additional certificates to search for signer", 699 .desc = "Additional certificates to search for signer",
700 .type = OPTION_ARG, 700 .type = OPTION_ARG,
701 .opt.arg = &ocsp_config.verify_certfile, 701 .opt.arg = &cfg.verify_certfile,
702 }, 702 },
703 { 703 {
704 .name = NULL, 704 .name = NULL,
@@ -755,37 +755,37 @@ ocsp_main(int argc, char **argv)
755 exit(1); 755 exit(1);
756 } 756 }
757 757
758 memset(&ocsp_config, 0, sizeof(ocsp_config)); 758 memset(&cfg, 0, sizeof(cfg));
759 ocsp_config.accept_count = -1; 759 cfg.accept_count = -1;
760 ocsp_config.add_nonce = 1; 760 cfg.add_nonce = 1;
761 if ((ocsp_config.ids = sk_OCSP_CERTID_new_null()) == NULL) 761 if ((cfg.ids = sk_OCSP_CERTID_new_null()) == NULL)
762 goto end; 762 goto end;
763 ocsp_config.maxage = -1; 763 cfg.maxage = -1;
764 ocsp_config.ndays = -1; 764 cfg.ndays = -1;
765 ocsp_config.nsec = MAX_VALIDITY_PERIOD; 765 cfg.nsec = MAX_VALIDITY_PERIOD;
766 ocsp_config.req_timeout = -1; 766 cfg.req_timeout = -1;
767 if ((ocsp_config.reqnames = sk_OPENSSL_STRING_new_null()) == NULL) 767 if ((cfg.reqnames = sk_OPENSSL_STRING_new_null()) == NULL)
768 goto end; 768 goto end;
769 ocsp_config.use_ssl = -1; 769 cfg.use_ssl = -1;
770 770
771 if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) { 771 if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) {
772 if (ocsp_config.no_usage) 772 if (cfg.no_usage)
773 goto end; 773 goto end;
774 else 774 else
775 badarg = 1; 775 badarg = 1;
776 } 776 }
777 777
778 /* Have we anything to do? */ 778 /* Have we anything to do? */
779 if (!ocsp_config.req && !ocsp_config.reqin && !ocsp_config.respin && 779 if (!cfg.req && !cfg.reqin && !cfg.respin &&
780 !(ocsp_config.port && ocsp_config.ridx_filename)) 780 !(cfg.port && cfg.ridx_filename))
781 badarg = 1; 781 badarg = 1;
782 782
783 if (badarg) { 783 if (badarg) {
784 ocsp_usage(); 784 ocsp_usage();
785 goto end; 785 goto end;
786 } 786 }
787 if (ocsp_config.outfile) 787 if (cfg.outfile)
788 out = BIO_new_file(ocsp_config.outfile, "w"); 788 out = BIO_new_file(cfg.outfile, "w");
789 else 789 else
790 out = BIO_new_fp(stdout, BIO_NOCLOSE); 790 out = BIO_new_fp(stdout, BIO_NOCLOSE);
791 791
@@ -793,47 +793,47 @@ ocsp_main(int argc, char **argv)
793 BIO_printf(bio_err, "Error opening output file\n"); 793 BIO_printf(bio_err, "Error opening output file\n");
794 goto end; 794 goto end;
795 } 795 }
796 if (!ocsp_config.req && (ocsp_config.add_nonce != 2)) 796 if (!cfg.req && (cfg.add_nonce != 2))
797 ocsp_config.add_nonce = 0; 797 cfg.add_nonce = 0;
798 798
799 if (!ocsp_config.req && ocsp_config.reqin) { 799 if (!cfg.req && cfg.reqin) {
800 derbio = BIO_new_file(ocsp_config.reqin, "rb"); 800 derbio = BIO_new_file(cfg.reqin, "rb");
801 if (!derbio) { 801 if (!derbio) {
802 BIO_printf(bio_err, 802 BIO_printf(bio_err,
803 "Error Opening OCSP request file\n"); 803 "Error Opening OCSP request file\n");
804 goto end; 804 goto end;
805 } 805 }
806 ocsp_config.req = d2i_OCSP_REQUEST_bio(derbio, NULL); 806 cfg.req = d2i_OCSP_REQUEST_bio(derbio, NULL);
807 BIO_free(derbio); 807 BIO_free(derbio);
808 if (!ocsp_config.req) { 808 if (!cfg.req) {
809 BIO_printf(bio_err, "Error reading OCSP request\n"); 809 BIO_printf(bio_err, "Error reading OCSP request\n");
810 goto end; 810 goto end;
811 } 811 }
812 } 812 }
813 if (!ocsp_config.req && ocsp_config.port) { 813 if (!cfg.req && cfg.port) {
814 acbio = init_responder(ocsp_config.port); 814 acbio = init_responder(cfg.port);
815 if (!acbio) 815 if (!acbio)
816 goto end; 816 goto end;
817 } 817 }
818 if (ocsp_config.rsignfile && !rdb) { 818 if (cfg.rsignfile && !rdb) {
819 if (!ocsp_config.rkeyfile) 819 if (!cfg.rkeyfile)
820 ocsp_config.rkeyfile = ocsp_config.rsignfile; 820 cfg.rkeyfile = cfg.rsignfile;
821 rsigner = load_cert(bio_err, ocsp_config.rsignfile, FORMAT_PEM, 821 rsigner = load_cert(bio_err, cfg.rsignfile, FORMAT_PEM,
822 NULL, "responder certificate"); 822 NULL, "responder certificate");
823 if (!rsigner) { 823 if (!rsigner) {
824 BIO_printf(bio_err, 824 BIO_printf(bio_err,
825 "Error loading responder certificate\n"); 825 "Error loading responder certificate\n");
826 goto end; 826 goto end;
827 } 827 }
828 rca_cert = load_cert(bio_err, ocsp_config.rca_filename, 828 rca_cert = load_cert(bio_err, cfg.rca_filename,
829 FORMAT_PEM, NULL, "CA certificate"); 829 FORMAT_PEM, NULL, "CA certificate");
830 if (ocsp_config.rcertfile) { 830 if (cfg.rcertfile) {
831 rother = load_certs(bio_err, ocsp_config.rcertfile, 831 rother = load_certs(bio_err, cfg.rcertfile,
832 FORMAT_PEM, NULL, "responder other certificates"); 832 FORMAT_PEM, NULL, "responder other certificates");
833 if (!rother) 833 if (!rother)
834 goto end; 834 goto end;
835 } 835 }
836 rkey = load_key(bio_err, ocsp_config.rkeyfile, FORMAT_PEM, 0, 836 rkey = load_key(bio_err, cfg.rkeyfile, FORMAT_PEM, 0,
837 NULL, "responder private key"); 837 NULL, "responder private key");
838 if (!rkey) 838 if (!rkey)
839 goto end; 839 goto end;
@@ -844,95 +844,95 @@ ocsp_main(int argc, char **argv)
844 redo_accept: 844 redo_accept:
845 845
846 if (acbio) { 846 if (acbio) {
847 if (!do_responder(&ocsp_config.req, &cbio, acbio, 847 if (!do_responder(&cfg.req, &cbio, acbio,
848 ocsp_config.port)) 848 cfg.port))
849 goto end; 849 goto end;
850 if (!ocsp_config.req) { 850 if (!cfg.req) {
851 resp = OCSP_response_create( 851 resp = OCSP_response_create(
852 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 852 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
853 send_ocsp_response(cbio, resp); 853 send_ocsp_response(cbio, resp);
854 goto done_resp; 854 goto done_resp;
855 } 855 }
856 } 856 }
857 if (!ocsp_config.req && 857 if (!cfg.req &&
858 (ocsp_config.signfile || ocsp_config.reqout || ocsp_config.host || 858 (cfg.signfile || cfg.reqout || cfg.host ||
859 ocsp_config.add_nonce || ocsp_config.ridx_filename)) { 859 cfg.add_nonce || cfg.ridx_filename)) {
860 BIO_printf(bio_err, 860 BIO_printf(bio_err,
861 "Need an OCSP request for this operation!\n"); 861 "Need an OCSP request for this operation!\n");
862 goto end; 862 goto end;
863 } 863 }
864 if (ocsp_config.req && ocsp_config.add_nonce) 864 if (cfg.req && cfg.add_nonce)
865 OCSP_request_add1_nonce(ocsp_config.req, NULL, -1); 865 OCSP_request_add1_nonce(cfg.req, NULL, -1);
866 866
867 if (ocsp_config.signfile) { 867 if (cfg.signfile) {
868 if (!ocsp_config.keyfile) 868 if (!cfg.keyfile)
869 ocsp_config.keyfile = ocsp_config.signfile; 869 cfg.keyfile = cfg.signfile;
870 signer = load_cert(bio_err, ocsp_config.signfile, FORMAT_PEM, 870 signer = load_cert(bio_err, cfg.signfile, FORMAT_PEM,
871 NULL, "signer certificate"); 871 NULL, "signer certificate");
872 if (!signer) { 872 if (!signer) {
873 BIO_printf(bio_err, 873 BIO_printf(bio_err,
874 "Error loading signer certificate\n"); 874 "Error loading signer certificate\n");
875 goto end; 875 goto end;
876 } 876 }
877 if (ocsp_config.sign_certfile) { 877 if (cfg.sign_certfile) {
878 sign_other = load_certs(bio_err, 878 sign_other = load_certs(bio_err,
879 ocsp_config.sign_certfile, FORMAT_PEM, NULL, 879 cfg.sign_certfile, FORMAT_PEM, NULL,
880 "signer certificates"); 880 "signer certificates");
881 if (!sign_other) 881 if (!sign_other)
882 goto end; 882 goto end;
883 } 883 }
884 key = load_key(bio_err, ocsp_config.keyfile, FORMAT_PEM, 0, 884 key = load_key(bio_err, cfg.keyfile, FORMAT_PEM, 0,
885 NULL, "signer private key"); 885 NULL, "signer private key");
886 if (!key) 886 if (!key)
887 goto end; 887 goto end;
888 888
889 if (!OCSP_request_sign(ocsp_config.req, signer, key, NULL, 889 if (!OCSP_request_sign(cfg.req, signer, key, NULL,
890 sign_other, ocsp_config.sign_flags)) { 890 sign_other, cfg.sign_flags)) {
891 BIO_printf(bio_err, "Error signing OCSP request\n"); 891 BIO_printf(bio_err, "Error signing OCSP request\n");
892 goto end; 892 goto end;
893 } 893 }
894 } 894 }
895 if (ocsp_config.req_text && ocsp_config.req) 895 if (cfg.req_text && cfg.req)
896 OCSP_REQUEST_print(out, ocsp_config.req, 0); 896 OCSP_REQUEST_print(out, cfg.req, 0);
897 897
898 if (ocsp_config.reqout) { 898 if (cfg.reqout) {
899 derbio = BIO_new_file(ocsp_config.reqout, "wb"); 899 derbio = BIO_new_file(cfg.reqout, "wb");
900 if (!derbio) { 900 if (!derbio) {
901 BIO_printf(bio_err, "Error opening file %s\n", 901 BIO_printf(bio_err, "Error opening file %s\n",
902 ocsp_config.reqout); 902 cfg.reqout);
903 goto end; 903 goto end;
904 } 904 }
905 i2d_OCSP_REQUEST_bio(derbio, ocsp_config.req); 905 i2d_OCSP_REQUEST_bio(derbio, cfg.req);
906 BIO_free(derbio); 906 BIO_free(derbio);
907 } 907 }
908 if (ocsp_config.ridx_filename && (!rkey || !rsigner || !rca_cert)) { 908 if (cfg.ridx_filename && (!rkey || !rsigner || !rca_cert)) {
909 BIO_printf(bio_err, 909 BIO_printf(bio_err,
910 "Need a responder certificate, key and CA for this operation!\n"); 910 "Need a responder certificate, key and CA for this operation!\n");
911 goto end; 911 goto end;
912 } 912 }
913 if (ocsp_config.ridx_filename && !rdb) { 913 if (cfg.ridx_filename && !rdb) {
914 rdb = load_index(ocsp_config.ridx_filename, NULL); 914 rdb = load_index(cfg.ridx_filename, NULL);
915 if (!rdb) 915 if (!rdb)
916 goto end; 916 goto end;
917 if (!index_index(rdb)) 917 if (!index_index(rdb))
918 goto end; 918 goto end;
919 } 919 }
920 if (rdb) { 920 if (rdb) {
921 i = make_ocsp_response(&resp, ocsp_config.req, rdb, rca_cert, 921 i = make_ocsp_response(&resp, cfg.req, rdb, rca_cert,
922 rsigner, rkey, rother, ocsp_config.rflags, 922 rsigner, rkey, rother, cfg.rflags,
923 ocsp_config.nmin, ocsp_config.ndays); 923 cfg.nmin, cfg.ndays);
924 if (cbio) 924 if (cbio)
925 send_ocsp_response(cbio, resp); 925 send_ocsp_response(cbio, resp);
926 } else if (ocsp_config.host) { 926 } else if (cfg.host) {
927 resp = process_responder(bio_err, ocsp_config.req, 927 resp = process_responder(bio_err, cfg.req,
928 ocsp_config.host, 928 cfg.host,
929 ocsp_config.path ? ocsp_config.path : "/", 929 cfg.path ? cfg.path : "/",
930 ocsp_config.port, ocsp_config.use_ssl, ocsp_config.headers, 930 cfg.port, cfg.use_ssl, cfg.headers,
931 ocsp_config.req_timeout); 931 cfg.req_timeout);
932 if (!resp) 932 if (!resp)
933 goto end; 933 goto end;
934 } else if (ocsp_config.respin) { 934 } else if (cfg.respin) {
935 derbio = BIO_new_file(ocsp_config.respin, "rb"); 935 derbio = BIO_new_file(cfg.respin, "rb");
936 if (!derbio) { 936 if (!derbio) {
937 BIO_printf(bio_err, 937 BIO_printf(bio_err,
938 "Error Opening OCSP response file\n"); 938 "Error Opening OCSP response file\n");
@@ -951,11 +951,11 @@ ocsp_main(int argc, char **argv)
951 951
952 done_resp: 952 done_resp:
953 953
954 if (ocsp_config.respout) { 954 if (cfg.respout) {
955 derbio = BIO_new_file(ocsp_config.respout, "wb"); 955 derbio = BIO_new_file(cfg.respout, "wb");
956 if (!derbio) { 956 if (!derbio) {
957 BIO_printf(bio_err, "Error opening file %s\n", 957 BIO_printf(bio_err, "Error opening file %s\n",
958 ocsp_config.respout); 958 cfg.respout);
959 goto end; 959 goto end;
960 } 960 }
961 i2d_OCSP_RESPONSE_bio(derbio, resp); 961 i2d_OCSP_RESPONSE_bio(derbio, resp);
@@ -966,24 +966,24 @@ ocsp_main(int argc, char **argv)
966 if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { 966 if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
967 BIO_printf(bio_err, "Responder Error: %s (%d)\n", 967 BIO_printf(bio_err, "Responder Error: %s (%d)\n",
968 OCSP_response_status_str(i), i); 968 OCSP_response_status_str(i), i);
969 if (ocsp_config.ignore_err) 969 if (cfg.ignore_err)
970 goto redo_accept; 970 goto redo_accept;
971 ret = 1; 971 ret = 1;
972 goto end; 972 goto end;
973 } 973 }
974 if (ocsp_config.resp_text) 974 if (cfg.resp_text)
975 OCSP_RESPONSE_print(out, resp, 0); 975 OCSP_RESPONSE_print(out, resp, 0);
976 976
977 /* If running as responder don't verify our own response */ 977 /* If running as responder don't verify our own response */
978 if (cbio) { 978 if (cbio) {
979 if (ocsp_config.accept_count > 0) 979 if (cfg.accept_count > 0)
980 ocsp_config.accept_count--; 980 cfg.accept_count--;
981 /* Redo if more connections needed */ 981 /* Redo if more connections needed */
982 if (ocsp_config.accept_count) { 982 if (cfg.accept_count) {
983 BIO_free_all(cbio); 983 BIO_free_all(cbio);
984 cbio = NULL; 984 cbio = NULL;
985 OCSP_REQUEST_free(ocsp_config.req); 985 OCSP_REQUEST_free(cfg.req);
986 ocsp_config.req = NULL; 986 cfg.req = NULL;
987 OCSP_RESPONSE_free(resp); 987 OCSP_RESPONSE_free(resp);
988 resp = NULL; 988 resp = NULL;
989 goto redo_accept; 989 goto redo_accept;
@@ -991,12 +991,12 @@ ocsp_main(int argc, char **argv)
991 goto end; 991 goto end;
992 } 992 }
993 if (!store) 993 if (!store)
994 store = setup_verify(bio_err, ocsp_config.CAfile, 994 store = setup_verify(bio_err, cfg.CAfile,
995 ocsp_config.CApath); 995 cfg.CApath);
996 if (!store) 996 if (!store)
997 goto end; 997 goto end;
998 if (ocsp_config.verify_certfile) { 998 if (cfg.verify_certfile) {
999 verify_other = load_certs(bio_err, ocsp_config.verify_certfile, 999 verify_other = load_certs(bio_err, cfg.verify_certfile,
1000 FORMAT_PEM, NULL, "validator certificate"); 1000 FORMAT_PEM, NULL, "validator certificate");
1001 if (!verify_other) 1001 if (!verify_other)
1002 goto end; 1002 goto end;
@@ -1007,9 +1007,9 @@ ocsp_main(int argc, char **argv)
1007 BIO_printf(bio_err, "Error parsing response\n"); 1007 BIO_printf(bio_err, "Error parsing response\n");
1008 goto end; 1008 goto end;
1009 } 1009 }
1010 if (!ocsp_config.noverify) { 1010 if (!cfg.noverify) {
1011 if (ocsp_config.req && 1011 if (cfg.req &&
1012 ((i = OCSP_check_nonce(ocsp_config.req, bs)) <= 0)) { 1012 ((i = OCSP_check_nonce(cfg.req, bs)) <= 0)) {
1013 if (i == -1) { 1013 if (i == -1) {
1014 BIO_printf(bio_err, 1014 BIO_printf(bio_err,
1015 "WARNING: no nonce in response\n"); 1015 "WARNING: no nonce in response\n");
@@ -1019,7 +1019,7 @@ ocsp_main(int argc, char **argv)
1019 } 1019 }
1020 } 1020 }
1021 i = OCSP_basic_verify(bs, verify_other, store, 1021 i = OCSP_basic_verify(bs, verify_other, store,
1022 ocsp_config.verify_flags); 1022 cfg.verify_flags);
1023 if (i < 0) 1023 if (i < 0)
1024 i = OCSP_basic_verify(bs, NULL, store, 0); 1024 i = OCSP_basic_verify(bs, NULL, store, 0);
1025 1025
@@ -1030,8 +1030,8 @@ ocsp_main(int argc, char **argv)
1030 BIO_printf(bio_err, "Response verify OK\n"); 1030 BIO_printf(bio_err, "Response verify OK\n");
1031 } 1031 }
1032 } 1032 }
1033 if (!print_ocsp_summary(out, bs, ocsp_config.req, ocsp_config.reqnames, 1033 if (!print_ocsp_summary(out, bs, cfg.req, cfg.reqnames,
1034 ocsp_config.ids, ocsp_config.nsec, ocsp_config.maxage)) 1034 cfg.ids, cfg.nsec, cfg.maxage))
1035 goto end; 1035 goto end;
1036 1036
1037 ret = 0; 1037 ret = 0;
@@ -1042,27 +1042,27 @@ ocsp_main(int argc, char **argv)
1042 X509_STORE_free(store); 1042 X509_STORE_free(store);
1043 EVP_PKEY_free(key); 1043 EVP_PKEY_free(key);
1044 EVP_PKEY_free(rkey); 1044 EVP_PKEY_free(rkey);
1045 X509_free(ocsp_config.issuer); 1045 X509_free(cfg.issuer);
1046 X509_free(ocsp_config.cert); 1046 X509_free(cfg.cert);
1047 X509_free(rsigner); 1047 X509_free(rsigner);
1048 X509_free(rca_cert); 1048 X509_free(rca_cert);
1049 free_index(rdb); 1049 free_index(rdb);
1050 BIO_free_all(cbio); 1050 BIO_free_all(cbio);
1051 BIO_free_all(acbio); 1051 BIO_free_all(acbio);
1052 BIO_free(out); 1052 BIO_free(out);
1053 OCSP_REQUEST_free(ocsp_config.req); 1053 OCSP_REQUEST_free(cfg.req);
1054 OCSP_RESPONSE_free(resp); 1054 OCSP_RESPONSE_free(resp);
1055 OCSP_BASICRESP_free(bs); 1055 OCSP_BASICRESP_free(bs);
1056 sk_OPENSSL_STRING_free(ocsp_config.reqnames); 1056 sk_OPENSSL_STRING_free(cfg.reqnames);
1057 sk_OCSP_CERTID_free(ocsp_config.ids); 1057 sk_OCSP_CERTID_free(cfg.ids);
1058 sk_X509_pop_free(sign_other, X509_free); 1058 sk_X509_pop_free(sign_other, X509_free);
1059 sk_X509_pop_free(verify_other, X509_free); 1059 sk_X509_pop_free(verify_other, X509_free);
1060 sk_CONF_VALUE_pop_free(ocsp_config.headers, X509V3_conf_free); 1060 sk_CONF_VALUE_pop_free(cfg.headers, X509V3_conf_free);
1061 1061
1062 if (ocsp_config.use_ssl != -1) { 1062 if (cfg.use_ssl != -1) {
1063 free(ocsp_config.host); 1063 free(cfg.host);
1064 free(ocsp_config.port); 1064 free(cfg.port);
1065 free(ocsp_config.path); 1065 free(cfg.path);
1066 } 1066 }
1067 return (ret); 1067 return (ret);
1068} 1068}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 01:43:21 +0000