summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/ocsp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/ocsp.c')
-rw-r--r--src/usr.bin/openssl/ocsp.c356
1 files changed, 178 insertions, 178 deletions
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index 026bd49b0a..cc942a459c 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp.c,v 1.22 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: ocsp.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -143,27 +143,27 @@ static struct {
143 int use_ssl; 143 int use_ssl;
144 char *verify_certfile; 144 char *verify_certfile;
145 unsigned long verify_flags; 145 unsigned long verify_flags;
146} ocsp_config; 146} cfg;
147 147
148static int 148static int
149ocsp_opt_cert(char *arg) 149ocsp_opt_cert(char *arg)
150{ 150{
151 X509_free(ocsp_config.cert); 151 X509_free(cfg.cert);
152 ocsp_config.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL, 152 cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL,
153 "certificate"); 153 "certificate");
154 if (ocsp_config.cert == NULL) { 154 if (cfg.cert == NULL) {
155 ocsp_config.no_usage = 1; 155 cfg.no_usage = 1;
156 return (1); 156 return (1);
157 } 157 }
158 if (ocsp_config.cert_id_md == NULL) 158 if (cfg.cert_id_md == NULL)
159 ocsp_config.cert_id_md = EVP_sha1(); 159 cfg.cert_id_md = EVP_sha1();
160 if (!add_ocsp_cert(&ocsp_config.req, ocsp_config.cert, 160 if (!add_ocsp_cert(&cfg.req, cfg.cert,
161 ocsp_config.cert_id_md, ocsp_config.issuer, ocsp_config.ids)) { 161 cfg.cert_id_md, cfg.issuer, cfg.ids)) {
162 ocsp_config.no_usage = 1; 162 cfg.no_usage = 1;
163 return (1); 163 return (1);
164 } 164 }
165 if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { 165 if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) {
166 ocsp_config.no_usage = 1; 166 cfg.no_usage = 1;
167 return (1); 167 return (1);
168 } 168 }
169 return (0); 169 return (0);
@@ -177,7 +177,7 @@ ocsp_opt_cert_id_md(int argc, char **argv, int *argsused)
177 if (*name++ != '-') 177 if (*name++ != '-')
178 return (1); 178 return (1);
179 179
180 if ((ocsp_config.cert_id_md = EVP_get_digestbyname(name)) == NULL) 180 if ((cfg.cert_id_md = EVP_get_digestbyname(name)) == NULL)
181 return (1); 181 return (1);
182 182
183 *argsused = 1; 183 *argsused = 1;
@@ -190,8 +190,8 @@ ocsp_opt_header(int argc, char **argv, int *argsused)
190 if (argc < 3 || argv[1] == NULL || argv[2] == NULL) 190 if (argc < 3 || argv[1] == NULL || argv[2] == NULL)
191 return (1); 191 return (1);
192 192
193 if (!X509V3_add_value(argv[1], argv[2], &ocsp_config.headers)) { 193 if (!X509V3_add_value(argv[1], argv[2], &cfg.headers)) {
194 ocsp_config.no_usage = 1; 194 cfg.no_usage = 1;
195 return (1); 195 return (1);
196 } 196 }
197 197
@@ -202,21 +202,21 @@ ocsp_opt_header(int argc, char **argv, int *argsused)
202static int 202static int
203ocsp_opt_host(char *arg) 203ocsp_opt_host(char *arg)
204{ 204{
205 if (ocsp_config.use_ssl != -1) 205 if (cfg.use_ssl != -1)
206 return (1); 206 return (1);
207 207
208 ocsp_config.host = arg; 208 cfg.host = arg;
209 return (0); 209 return (0);
210} 210}
211 211
212static int 212static int
213ocsp_opt_issuer(char *arg) 213ocsp_opt_issuer(char *arg)
214{ 214{
215 X509_free(ocsp_config.issuer); 215 X509_free(cfg.issuer);
216 ocsp_config.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL, 216 cfg.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL,
217 "issuer certificate"); 217 "issuer certificate");
218 if (ocsp_config.issuer == NULL) { 218 if (cfg.issuer == NULL) {
219 ocsp_config.no_usage = 1; 219 cfg.no_usage = 1;
220 return (1); 220 return (1);
221 } 221 }
222 return (0); 222 return (0);
@@ -227,7 +227,7 @@ ocsp_opt_ndays(char *arg)
227{ 227{
228 const char *errstr = NULL; 228 const char *errstr = NULL;
229 229
230 ocsp_config.ndays = strtonum(arg, 0, INT_MAX, &errstr); 230 cfg.ndays = strtonum(arg, 0, INT_MAX, &errstr);
231 if (errstr != NULL) { 231 if (errstr != NULL) {
232 BIO_printf(bio_err, "Illegal update period %s: %s\n", 232 BIO_printf(bio_err, "Illegal update period %s: %s\n",
233 arg, errstr); 233 arg, errstr);
@@ -241,17 +241,17 @@ ocsp_opt_nmin(char *arg)
241{ 241{
242 const char *errstr = NULL; 242 const char *errstr = NULL;
243 243
244 ocsp_config.nmin = strtonum(arg, 0, INT_MAX, &errstr); 244 cfg.nmin = strtonum(arg, 0, INT_MAX, &errstr);
245 if (errstr != NULL) { 245 if (errstr != NULL) {
246 BIO_printf(bio_err, "Illegal update period %s: %s\n", 246 BIO_printf(bio_err, "Illegal update period %s: %s\n",
247 arg, errstr); 247 arg, errstr);
248 return (1); 248 return (1);
249 } 249 }
250 250
251 if (ocsp_config.ndays != -1) 251 if (cfg.ndays != -1)
252 return (1); 252 return (1);
253 253
254 ocsp_config.ndays = 0; 254 cfg.ndays = 0;
255 return (0); 255 return (0);
256} 256}
257 257
@@ -260,7 +260,7 @@ ocsp_opt_nrequest(char *arg)
260{ 260{
261 const char *errstr = NULL; 261 const char *errstr = NULL;
262 262
263 ocsp_config.accept_count = strtonum(arg, 0, INT_MAX, &errstr); 263 cfg.accept_count = strtonum(arg, 0, INT_MAX, &errstr);
264 if (errstr != NULL) { 264 if (errstr != NULL) {
265 BIO_printf(bio_err, "Illegal accept count %s: %s\n", 265 BIO_printf(bio_err, "Illegal accept count %s: %s\n",
266 arg, errstr); 266 arg, errstr);
@@ -272,25 +272,25 @@ ocsp_opt_nrequest(char *arg)
272static int 272static int
273ocsp_opt_port(char *arg) 273ocsp_opt_port(char *arg)
274{ 274{
275 if (ocsp_config.use_ssl != -1) 275 if (cfg.use_ssl != -1)
276 return (1); 276 return (1);
277 277
278 ocsp_config.port = arg; 278 cfg.port = arg;
279 return (0); 279 return (0);
280} 280}
281 281
282static int 282static int
283ocsp_opt_serial(char *arg) 283ocsp_opt_serial(char *arg)
284{ 284{
285 if (ocsp_config.cert_id_md == NULL) 285 if (cfg.cert_id_md == NULL)
286 ocsp_config.cert_id_md = EVP_sha1(); 286 cfg.cert_id_md = EVP_sha1();
287 if (!add_ocsp_serial(&ocsp_config.req, arg, ocsp_config.cert_id_md, 287 if (!add_ocsp_serial(&cfg.req, arg, cfg.cert_id_md,
288 ocsp_config.issuer, ocsp_config.ids)) { 288 cfg.issuer, cfg.ids)) {
289 ocsp_config.no_usage = 1; 289 cfg.no_usage = 1;
290 return (1); 290 return (1);
291 } 291 }
292 if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { 292 if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) {
293 ocsp_config.no_usage = 1; 293 cfg.no_usage = 1;
294 return (1); 294 return (1);
295 } 295 }
296 return (0); 296 return (0);
@@ -301,7 +301,7 @@ ocsp_opt_status_age(char *arg)
301{ 301{
302 const char *errstr = NULL; 302 const char *errstr = NULL;
303 303
304 ocsp_config.maxage = strtonum(arg, 0, LONG_MAX, &errstr); 304 cfg.maxage = strtonum(arg, 0, LONG_MAX, &errstr);
305 if (errstr != NULL) { 305 if (errstr != NULL) {
306 BIO_printf(bio_err, "Illegal validity age %s: %s\n", 306 BIO_printf(bio_err, "Illegal validity age %s: %s\n",
307 arg, errstr); 307 arg, errstr);
@@ -313,8 +313,8 @@ ocsp_opt_status_age(char *arg)
313static int 313static int
314ocsp_opt_text(void) 314ocsp_opt_text(void)
315{ 315{
316 ocsp_config.req_text = 1; 316 cfg.req_text = 1;
317 ocsp_config.resp_text = 1; 317 cfg.resp_text = 1;
318 return (0); 318 return (0);
319} 319}
320 320
@@ -323,7 +323,7 @@ ocsp_opt_timeout(char *arg)
323{ 323{
324 const char *errstr = NULL; 324 const char *errstr = NULL;
325 325
326 ocsp_config.req_timeout = strtonum(arg, 0, INT_MAX, &errstr); 326 cfg.req_timeout = strtonum(arg, 0, INT_MAX, &errstr);
327 if (errstr != NULL) { 327 if (errstr != NULL) {
328 BIO_printf(bio_err, "Illegal timeout value %s: %s\n", 328 BIO_printf(bio_err, "Illegal timeout value %s: %s\n",
329 arg, errstr); 329 arg, errstr);
@@ -335,10 +335,10 @@ ocsp_opt_timeout(char *arg)
335static int 335static int
336ocsp_opt_url(char *arg) 336ocsp_opt_url(char *arg)
337{ 337{
338 if (ocsp_config.host == NULL && ocsp_config.port == NULL && 338 if (cfg.host == NULL && cfg.port == NULL &&
339 ocsp_config.path == NULL) { 339 cfg.path == NULL) {
340 if (!OCSP_parse_url(arg, &ocsp_config.host, &ocsp_config.port, 340 if (!OCSP_parse_url(arg, &cfg.host, &cfg.port,
341 &ocsp_config.path, &ocsp_config.use_ssl)) { 341 &cfg.path, &cfg.use_ssl)) {
342 BIO_printf(bio_err, "Error parsing URL\n"); 342 BIO_printf(bio_err, "Error parsing URL\n");
343 return (1); 343 return (1);
344 } 344 }
@@ -349,8 +349,8 @@ ocsp_opt_url(char *arg)
349static int 349static int
350ocsp_opt_vafile(char *arg) 350ocsp_opt_vafile(char *arg)
351{ 351{
352 ocsp_config.verify_certfile = arg; 352 cfg.verify_certfile = arg;
353 ocsp_config.verify_flags |= OCSP_TRUSTOTHER; 353 cfg.verify_flags |= OCSP_TRUSTOTHER;
354 return (0); 354 return (0);
355} 355}
356 356
@@ -359,7 +359,7 @@ ocsp_opt_validity_period(char *arg)
359{ 359{
360 const char *errstr = NULL; 360 const char *errstr = NULL;
361 361
362 ocsp_config.nsec = strtonum(arg, 0, LONG_MAX, &errstr); 362 cfg.nsec = strtonum(arg, 0, LONG_MAX, &errstr);
363 if (errstr != NULL) { 363 if (errstr != NULL) {
364 BIO_printf(bio_err, "Illegal validity period %s: %s\n", 364 BIO_printf(bio_err, "Illegal validity period %s: %s\n",
365 arg, errstr); 365 arg, errstr);
@@ -374,21 +374,21 @@ static const struct option ocsp_options[] = {
374 .argname = "file", 374 .argname = "file",
375 .desc = "CA certificate corresponding to the revocation information", 375 .desc = "CA certificate corresponding to the revocation information",
376 .type = OPTION_ARG, 376 .type = OPTION_ARG,
377 .opt.arg = &ocsp_config.rca_filename, 377 .opt.arg = &cfg.rca_filename,
378 }, 378 },
379 { 379 {
380 .name = "CAfile", 380 .name = "CAfile",
381 .argname = "file", 381 .argname = "file",
382 .desc = "Trusted certificates file", 382 .desc = "Trusted certificates file",
383 .type = OPTION_ARG, 383 .type = OPTION_ARG,
384 .opt.arg = &ocsp_config.CAfile, 384 .opt.arg = &cfg.CAfile,
385 }, 385 },
386 { 386 {
387 .name = "CApath", 387 .name = "CApath",
388 .argname = "directory", 388 .argname = "directory",
389 .desc = "Trusted certificates directory", 389 .desc = "Trusted certificates directory",
390 .type = OPTION_ARG, 390 .type = OPTION_ARG,
391 .opt.arg = &ocsp_config.CApath, 391 .opt.arg = &cfg.CApath,
392 }, 392 },
393 { 393 {
394 .name = "cert", 394 .name = "cert",
@@ -415,14 +415,14 @@ static const struct option ocsp_options[] = {
415 .name = "ignore_err", 415 .name = "ignore_err",
416 .desc = "Ignore the invalid response", 416 .desc = "Ignore the invalid response",
417 .type = OPTION_FLAG, 417 .type = OPTION_FLAG,
418 .opt.flag = &ocsp_config.ignore_err, 418 .opt.flag = &cfg.ignore_err,
419 }, 419 },
420 { 420 {
421 .name = "index", 421 .name = "index",
422 .argname = "indexfile", 422 .argname = "indexfile",
423 .desc = "Certificate status index file", 423 .desc = "Certificate status index file",
424 .type = OPTION_ARG, 424 .type = OPTION_ARG,
425 .opt.arg = &ocsp_config.ridx_filename, 425 .opt.arg = &cfg.ridx_filename,
426 }, 426 },
427 { 427 {
428 .name = "issuer", 428 .name = "issuer",
@@ -449,70 +449,70 @@ static const struct option ocsp_options[] = {
449 .name = "no_cert_checks", 449 .name = "no_cert_checks",
450 .desc = "Don't do additional checks on signing certificate", 450 .desc = "Don't do additional checks on signing certificate",
451 .type = OPTION_UL_VALUE_OR, 451 .type = OPTION_UL_VALUE_OR,
452 .opt.ulvalue = &ocsp_config.verify_flags, 452 .opt.ulvalue = &cfg.verify_flags,
453 .ulvalue = OCSP_NOCHECKS, 453 .ulvalue = OCSP_NOCHECKS,
454 }, 454 },
455 { 455 {
456 .name = "no_cert_verify", 456 .name = "no_cert_verify",
457 .desc = "Don't check signing certificate", 457 .desc = "Don't check signing certificate",
458 .type = OPTION_UL_VALUE_OR, 458 .type = OPTION_UL_VALUE_OR,
459 .opt.ulvalue = &ocsp_config.verify_flags, 459 .opt.ulvalue = &cfg.verify_flags,
460 .ulvalue = OCSP_NOVERIFY, 460 .ulvalue = OCSP_NOVERIFY,
461 }, 461 },
462 { 462 {
463 .name = "no_certs", 463 .name = "no_certs",
464 .desc = "Don't include any certificates in signed request", 464 .desc = "Don't include any certificates in signed request",
465 .type = OPTION_UL_VALUE_OR, 465 .type = OPTION_UL_VALUE_OR,
466 .opt.ulvalue = &ocsp_config.sign_flags, 466 .opt.ulvalue = &cfg.sign_flags,
467 .ulvalue = OCSP_NOCERTS, 467 .ulvalue = OCSP_NOCERTS,
468 }, 468 },
469 { 469 {
470 .name = "no_chain", 470 .name = "no_chain",
471 .desc = "Don't use certificates in the response", 471 .desc = "Don't use certificates in the response",
472 .type = OPTION_UL_VALUE_OR, 472 .type = OPTION_UL_VALUE_OR,
473 .opt.ulvalue = &ocsp_config.verify_flags, 473 .opt.ulvalue = &cfg.verify_flags,
474 .ulvalue = OCSP_NOCHAIN, 474 .ulvalue = OCSP_NOCHAIN,
475 }, 475 },
476 { 476 {
477 .name = "no_explicit", 477 .name = "no_explicit",
478 .desc = "Don't check the explicit trust for OCSP signing", 478 .desc = "Don't check the explicit trust for OCSP signing",
479 .type = OPTION_UL_VALUE_OR, 479 .type = OPTION_UL_VALUE_OR,
480 .opt.ulvalue = &ocsp_config.verify_flags, 480 .opt.ulvalue = &cfg.verify_flags,
481 .ulvalue = OCSP_NOEXPLICIT, 481 .ulvalue = OCSP_NOEXPLICIT,
482 }, 482 },
483 { 483 {
484 .name = "no_intern", 484 .name = "no_intern",
485 .desc = "Don't search certificates contained in response for signer", 485 .desc = "Don't search certificates contained in response for signer",
486 .type = OPTION_UL_VALUE_OR, 486 .type = OPTION_UL_VALUE_OR,
487 .opt.ulvalue = &ocsp_config.verify_flags, 487 .opt.ulvalue = &cfg.verify_flags,
488 .ulvalue = OCSP_NOINTERN, 488 .ulvalue = OCSP_NOINTERN,
489 }, 489 },
490 { 490 {
491 .name = "no_nonce", 491 .name = "no_nonce",
492 .desc = "Don't add OCSP nonce to request", 492 .desc = "Don't add OCSP nonce to request",
493 .type = OPTION_VALUE, 493 .type = OPTION_VALUE,
494 .opt.value = &ocsp_config.add_nonce, 494 .opt.value = &cfg.add_nonce,
495 .value = 0, 495 .value = 0,
496 }, 496 },
497 { 497 {
498 .name = "no_signature_verify", 498 .name = "no_signature_verify",
499 .desc = "Don't check signature on response", 499 .desc = "Don't check signature on response",
500 .type = OPTION_UL_VALUE_OR, 500 .type = OPTION_UL_VALUE_OR,
501 .opt.ulvalue = &ocsp_config.verify_flags, 501 .opt.ulvalue = &cfg.verify_flags,
502 .ulvalue = OCSP_NOSIGS, 502 .ulvalue = OCSP_NOSIGS,
503 }, 503 },
504 { 504 {
505 .name = "nonce", 505 .name = "nonce",
506 .desc = "Add OCSP nonce to request", 506 .desc = "Add OCSP nonce to request",
507 .type = OPTION_VALUE, 507 .type = OPTION_VALUE,
508 .opt.value = &ocsp_config.add_nonce, 508 .opt.value = &cfg.add_nonce,
509 .value = 2, 509 .value = 2,
510 }, 510 },
511 { 511 {
512 .name = "noverify", 512 .name = "noverify",
513 .desc = "Don't verify response at all", 513 .desc = "Don't verify response at all",
514 .type = OPTION_FLAG, 514 .type = OPTION_FLAG,
515 .opt.flag = &ocsp_config.noverify, 515 .opt.flag = &cfg.noverify,
516 }, 516 },
517 { 517 {
518 .name = "nrequest", 518 .name = "nrequest",
@@ -526,14 +526,14 @@ static const struct option ocsp_options[] = {
526 .argname = "file", 526 .argname = "file",
527 .desc = "Output filename", 527 .desc = "Output filename",
528 .type = OPTION_ARG, 528 .type = OPTION_ARG,
529 .opt.arg = &ocsp_config.outfile, 529 .opt.arg = &cfg.outfile,
530 }, 530 },
531 { 531 {
532 .name = "path", 532 .name = "path",
533 .argname = "path", 533 .argname = "path",
534 .desc = "Path to use in OCSP request", 534 .desc = "Path to use in OCSP request",
535 .type = OPTION_ARG, 535 .type = OPTION_ARG,
536 .opt.arg = &ocsp_config.path, 536 .opt.arg = &cfg.path,
537 }, 537 },
538 { 538 {
539 .name = "port", 539 .name = "port",
@@ -546,76 +546,76 @@ static const struct option ocsp_options[] = {
546 .name = "req_text", 546 .name = "req_text",
547 .desc = "Print text form of request", 547 .desc = "Print text form of request",
548 .type = OPTION_FLAG, 548 .type = OPTION_FLAG,
549 .opt.flag = &ocsp_config.req_text, 549 .opt.flag = &cfg.req_text,
550 }, 550 },
551 { 551 {
552 .name = "reqin", 552 .name = "reqin",
553 .argname = "file", 553 .argname = "file",
554 .desc = "Read DER encoded OCSP request from \"file\"", 554 .desc = "Read DER encoded OCSP request from \"file\"",
555 .type = OPTION_ARG, 555 .type = OPTION_ARG,
556 .opt.arg = &ocsp_config.reqin, 556 .opt.arg = &cfg.reqin,
557 }, 557 },
558 { 558 {
559 .name = "reqout", 559 .name = "reqout",
560 .argname = "file", 560 .argname = "file",
561 .desc = "Write DER encoded OCSP request to \"file\"", 561 .desc = "Write DER encoded OCSP request to \"file\"",
562 .type = OPTION_ARG, 562 .type = OPTION_ARG,
563 .opt.arg = &ocsp_config.reqout, 563 .opt.arg = &cfg.reqout,
564 }, 564 },
565 { 565 {
566 .name = "resp_key_id", 566 .name = "resp_key_id",
567 .desc = "Identify response by signing certificate key ID", 567 .desc = "Identify response by signing certificate key ID",
568 .type = OPTION_UL_VALUE_OR, 568 .type = OPTION_UL_VALUE_OR,
569 .opt.ulvalue = &ocsp_config.rflags, 569 .opt.ulvalue = &cfg.rflags,
570 .ulvalue = OCSP_RESPID_KEY, 570 .ulvalue = OCSP_RESPID_KEY,
571 }, 571 },
572 { 572 {
573 .name = "resp_no_certs", 573 .name = "resp_no_certs",
574 .desc = "Don't include any certificates in response", 574 .desc = "Don't include any certificates in response",
575 .type = OPTION_UL_VALUE_OR, 575 .type = OPTION_UL_VALUE_OR,
576 .opt.ulvalue = &ocsp_config.rflags, 576 .opt.ulvalue = &cfg.rflags,
577 .ulvalue = OCSP_NOCERTS, 577 .ulvalue = OCSP_NOCERTS,
578 }, 578 },
579 { 579 {
580 .name = "resp_text", 580 .name = "resp_text",
581 .desc = "Print text form of response", 581 .desc = "Print text form of response",
582 .type = OPTION_FLAG, 582 .type = OPTION_FLAG,
583 .opt.flag = &ocsp_config.resp_text, 583 .opt.flag = &cfg.resp_text,
584 }, 584 },
585 { 585 {
586 .name = "respin", 586 .name = "respin",
587 .argname = "file", 587 .argname = "file",
588 .desc = "Read DER encoded OCSP response from \"file\"", 588 .desc = "Read DER encoded OCSP response from \"file\"",
589 .type = OPTION_ARG, 589 .type = OPTION_ARG,
590 .opt.arg = &ocsp_config.respin, 590 .opt.arg = &cfg.respin,
591 }, 591 },
592 { 592 {
593 .name = "respout", 593 .name = "respout",
594 .argname = "file", 594 .argname = "file",
595 .desc = "Write DER encoded OCSP response to \"file\"", 595 .desc = "Write DER encoded OCSP response to \"file\"",
596 .type = OPTION_ARG, 596 .type = OPTION_ARG,
597 .opt.arg = &ocsp_config.respout, 597 .opt.arg = &cfg.respout,
598 }, 598 },
599 { 599 {
600 .name = "rkey", 600 .name = "rkey",
601 .argname = "file", 601 .argname = "file",
602 .desc = "Responder key to sign responses with", 602 .desc = "Responder key to sign responses with",
603 .type = OPTION_ARG, 603 .type = OPTION_ARG,
604 .opt.arg = &ocsp_config.rkeyfile, 604 .opt.arg = &cfg.rkeyfile,
605 }, 605 },
606 { 606 {
607 .name = "rother", 607 .name = "rother",
608 .argname = "file", 608 .argname = "file",
609 .desc = "Other certificates to include in response", 609 .desc = "Other certificates to include in response",
610 .type = OPTION_ARG, 610 .type = OPTION_ARG,
611 .opt.arg = &ocsp_config.rcertfile, 611 .opt.arg = &cfg.rcertfile,
612 }, 612 },
613 { 613 {
614 .name = "rsigner", 614 .name = "rsigner",
615 .argname = "file", 615 .argname = "file",
616 .desc = "Responder certificate to sign responses with", 616 .desc = "Responder certificate to sign responses with",
617 .type = OPTION_ARG, 617 .type = OPTION_ARG,
618 .opt.arg = &ocsp_config.rsignfile, 618 .opt.arg = &cfg.rsignfile,
619 }, 619 },
620 { 620 {
621 .name = "serial", 621 .name = "serial",
@@ -629,21 +629,21 @@ static const struct option ocsp_options[] = {
629 .argname = "file", 629 .argname = "file",
630 .desc = "Additional certificates to include in signed request", 630 .desc = "Additional certificates to include in signed request",
631 .type = OPTION_ARG, 631 .type = OPTION_ARG,
632 .opt.arg = &ocsp_config.sign_certfile, 632 .opt.arg = &cfg.sign_certfile,
633 }, 633 },
634 { 634 {
635 .name = "signer", 635 .name = "signer",
636 .argname = "file", 636 .argname = "file",
637 .desc = "Certificate to sign OCSP request with", 637 .desc = "Certificate to sign OCSP request with",
638 .type = OPTION_ARG, 638 .type = OPTION_ARG,
639 .opt.arg = &ocsp_config.signfile, 639 .opt.arg = &cfg.signfile,
640 }, 640 },
641 { 641 {
642 .name = "signkey", 642 .name = "signkey",
643 .argname = "file", 643 .argname = "file",
644 .desc = "Private key to sign OCSP request with", 644 .desc = "Private key to sign OCSP request with",
645 .type = OPTION_ARG, 645 .type = OPTION_ARG,
646 .opt.arg = &ocsp_config.keyfile, 646 .opt.arg = &cfg.keyfile,
647 }, 647 },
648 { 648 {
649 .name = "status_age", 649 .name = "status_age",
@@ -669,7 +669,7 @@ static const struct option ocsp_options[] = {
669 .name = "trust_other", 669 .name = "trust_other",
670 .desc = "Don't verify additional certificates", 670 .desc = "Don't verify additional certificates",
671 .type = OPTION_UL_VALUE_OR, 671 .type = OPTION_UL_VALUE_OR,
672 .opt.ulvalue = &ocsp_config.verify_flags, 672 .opt.ulvalue = &cfg.verify_flags,
673 .ulvalue = OCSP_TRUSTOTHER, 673 .ulvalue = OCSP_TRUSTOTHER,
674 }, 674 },
675 { 675 {
@@ -698,7 +698,7 @@ static const struct option ocsp_options[] = {
698 .argname = "file", 698 .argname = "file",
699 .desc = "Additional certificates to search for signer", 699 .desc = "Additional certificates to search for signer",
700 .type = OPTION_ARG, 700 .type = OPTION_ARG,
701 .opt.arg = &ocsp_config.verify_certfile, 701 .opt.arg = &cfg.verify_certfile,
702 }, 702 },
703 { 703 {
704 .name = NULL, 704 .name = NULL,
@@ -755,37 +755,37 @@ ocsp_main(int argc, char **argv)
755 exit(1); 755 exit(1);
756 } 756 }
757 757
758 memset(&ocsp_config, 0, sizeof(ocsp_config)); 758 memset(&cfg, 0, sizeof(cfg));
759 ocsp_config.accept_count = -1; 759 cfg.accept_count = -1;
760 ocsp_config.add_nonce = 1; 760 cfg.add_nonce = 1;
761 if ((ocsp_config.ids = sk_OCSP_CERTID_new_null()) == NULL) 761 if ((cfg.ids = sk_OCSP_CERTID_new_null()) == NULL)
762 goto end; 762 goto end;
763 ocsp_config.maxage = -1; 763 cfg.maxage = -1;
764 ocsp_config.ndays = -1; 764 cfg.ndays = -1;
765 ocsp_config.nsec = MAX_VALIDITY_PERIOD; 765 cfg.nsec = MAX_VALIDITY_PERIOD;
766 ocsp_config.req_timeout = -1; 766 cfg.req_timeout = -1;
767 if ((ocsp_config.reqnames = sk_OPENSSL_STRING_new_null()) == NULL) 767 if ((cfg.reqnames = sk_OPENSSL_STRING_new_null()) == NULL)
768 goto end; 768 goto end;
769 ocsp_config.use_ssl = -1; 769 cfg.use_ssl = -1;
770 770
771 if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) { 771 if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) {
772 if (ocsp_config.no_usage) 772 if (cfg.no_usage)
773 goto end; 773 goto end;
774 else 774 else
775 badarg = 1; 775 badarg = 1;
776 } 776 }
777 777
778 /* Have we anything to do? */ 778 /* Have we anything to do? */
779 if (!ocsp_config.req && !ocsp_config.reqin && !ocsp_config.respin && 779 if (!cfg.req && !cfg.reqin && !cfg.respin &&
780 !(ocsp_config.port && ocsp_config.ridx_filename)) 780 !(cfg.port && cfg.ridx_filename))
781 badarg = 1; 781 badarg = 1;
782 782
783 if (badarg) { 783 if (badarg) {
784 ocsp_usage(); 784 ocsp_usage();
785 goto end; 785 goto end;
786 } 786 }
787 if (ocsp_config.outfile) 787 if (cfg.outfile)
788 out = BIO_new_file(ocsp_config.outfile, "w"); 788 out = BIO_new_file(cfg.outfile, "w");
789 else 789 else
790 out = BIO_new_fp(stdout, BIO_NOCLOSE); 790 out = BIO_new_fp(stdout, BIO_NOCLOSE);
791 791
@@ -793,47 +793,47 @@ ocsp_main(int argc, char **argv)
793 BIO_printf(bio_err, "Error opening output file\n"); 793 BIO_printf(bio_err, "Error opening output file\n");
794 goto end; 794 goto end;
795 } 795 }
796 if (!ocsp_config.req && (ocsp_config.add_nonce != 2)) 796 if (!cfg.req && (cfg.add_nonce != 2))
797 ocsp_config.add_nonce = 0; 797 cfg.add_nonce = 0;
798 798
799 if (!ocsp_config.req && ocsp_config.reqin) { 799 if (!cfg.req && cfg.reqin) {
800 derbio = BIO_new_file(ocsp_config.reqin, "rb"); 800 derbio = BIO_new_file(cfg.reqin, "rb");
801 if (!derbio) { 801 if (!derbio) {
802 BIO_printf(bio_err, 802 BIO_printf(bio_err,
803 "Error Opening OCSP request file\n"); 803 "Error Opening OCSP request file\n");
804 goto end; 804 goto end;
805 } 805 }
806 ocsp_config.req = d2i_OCSP_REQUEST_bio(derbio, NULL); 806 cfg.req = d2i_OCSP_REQUEST_bio(derbio, NULL);
807 BIO_free(derbio); 807 BIO_free(derbio);
808 if (!ocsp_config.req) { 808 if (!cfg.req) {
809 BIO_printf(bio_err, "Error reading OCSP request\n"); 809 BIO_printf(bio_err, "Error reading OCSP request\n");
810 goto end; 810 goto end;
811 } 811 }
812 } 812 }
813 if (!ocsp_config.req && ocsp_config.port) { 813 if (!cfg.req && cfg.port) {
814 acbio = init_responder(ocsp_config.port); 814 acbio = init_responder(cfg.port);
815 if (!acbio) 815 if (!acbio)
816 goto end; 816 goto end;
817 } 817 }
818 if (ocsp_config.rsignfile && !rdb) { 818 if (cfg.rsignfile && !rdb) {
819 if (!ocsp_config.rkeyfile) 819 if (!cfg.rkeyfile)
820 ocsp_config.rkeyfile = ocsp_config.rsignfile; 820 cfg.rkeyfile = cfg.rsignfile;
821 rsigner = load_cert(bio_err, ocsp_config.rsignfile, FORMAT_PEM, 821 rsigner = load_cert(bio_err, cfg.rsignfile, FORMAT_PEM,
822 NULL, "responder certificate"); 822 NULL, "responder certificate");
823 if (!rsigner) { 823 if (!rsigner) {
824 BIO_printf(bio_err, 824 BIO_printf(bio_err,
825 "Error loading responder certificate\n"); 825 "Error loading responder certificate\n");
826 goto end; 826 goto end;
827 } 827 }
828 rca_cert = load_cert(bio_err, ocsp_config.rca_filename, 828 rca_cert = load_cert(bio_err, cfg.rca_filename,
829 FORMAT_PEM, NULL, "CA certificate"); 829 FORMAT_PEM, NULL, "CA certificate");
830 if (ocsp_config.rcertfile) { 830 if (cfg.rcertfile) {
831 rother = load_certs(bio_err, ocsp_config.rcertfile, 831 rother = load_certs(bio_err, cfg.rcertfile,
832 FORMAT_PEM, NULL, "responder other certificates"); 832 FORMAT_PEM, NULL, "responder other certificates");
833 if (!rother) 833 if (!rother)
834 goto end; 834 goto end;
835 } 835 }
836 rkey = load_key(bio_err, ocsp_config.rkeyfile, FORMAT_PEM, 0, 836 rkey = load_key(bio_err, cfg.rkeyfile, FORMAT_PEM, 0,
837 NULL, "responder private key"); 837 NULL, "responder private key");
838 if (!rkey) 838 if (!rkey)
839 goto end; 839 goto end;
@@ -844,95 +844,95 @@ ocsp_main(int argc, char **argv)
844 redo_accept: 844 redo_accept:
845 845
846 if (acbio) { 846 if (acbio) {
847 if (!do_responder(&ocsp_config.req, &cbio, acbio, 847 if (!do_responder(&cfg.req, &cbio, acbio,
848 ocsp_config.port)) 848 cfg.port))
849 goto end; 849 goto end;
850 if (!ocsp_config.req) { 850 if (!cfg.req) {
851 resp = OCSP_response_create( 851 resp = OCSP_response_create(
852 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 852 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
853 send_ocsp_response(cbio, resp); 853 send_ocsp_response(cbio, resp);
854 goto done_resp; 854 goto done_resp;
855 } 855 }
856 } 856 }
857 if (!ocsp_config.req && 857 if (!cfg.req &&
858 (ocsp_config.signfile || ocsp_config.reqout || ocsp_config.host || 858 (cfg.signfile || cfg.reqout || cfg.host ||
859 ocsp_config.add_nonce || ocsp_config.ridx_filename)) { 859 cfg.add_nonce || cfg.ridx_filename)) {
860 BIO_printf(bio_err, 860 BIO_printf(bio_err,
861 "Need an OCSP request for this operation!\n"); 861 "Need an OCSP request for this operation!\n");
862 goto end; 862 goto end;
863 } 863 }
864 if (ocsp_config.req && ocsp_config.add_nonce) 864 if (cfg.req && cfg.add_nonce)
865 OCSP_request_add1_nonce(ocsp_config.req, NULL, -1); 865 OCSP_request_add1_nonce(cfg.req, NULL, -1);
866 866
867 if (ocsp_config.signfile) { 867 if (cfg.signfile) {
868 if (!ocsp_config.keyfile) 868 if (!cfg.keyfile)
869 ocsp_config.keyfile = ocsp_config.signfile; 869 cfg.keyfile = cfg.signfile;
870 signer = load_cert(bio_err, ocsp_config.signfile, FORMAT_PEM, 870 signer = load_cert(bio_err, cfg.signfile, FORMAT_PEM,
871 NULL, "signer certificate"); 871 NULL, "signer certificate");
872 if (!signer) { 872 if (!signer) {
873 BIO_printf(bio_err, 873 BIO_printf(bio_err,
874 "Error loading signer certificate\n"); 874 "Error loading signer certificate\n");
875 goto end; 875 goto end;
876 } 876 }
877 if (ocsp_config.sign_certfile) { 877 if (cfg.sign_certfile) {
878 sign_other = load_certs(bio_err, 878 sign_other = load_certs(bio_err,
879 ocsp_config.sign_certfile, FORMAT_PEM, NULL, 879 cfg.sign_certfile, FORMAT_PEM, NULL,
880 "signer certificates"); 880 "signer certificates");
881 if (!sign_other) 881 if (!sign_other)
882 goto end; 882 goto end;
883 } 883 }
884 key = load_key(bio_err, ocsp_config.keyfile, FORMAT_PEM, 0, 884 key = load_key(bio_err, cfg.keyfile, FORMAT_PEM, 0,
885 NULL, "signer private key"); 885 NULL, "signer private key");
886 if (!key) 886 if (!key)
887 goto end; 887 goto end;
888 888
889 if (!OCSP_request_sign(ocsp_config.req, signer, key, NULL, 889 if (!OCSP_request_sign(cfg.req, signer, key, NULL,
890 sign_other, ocsp_config.sign_flags)) { 890 sign_other, cfg.sign_flags)) {
891 BIO_printf(bio_err, "Error signing OCSP request\n"); 891 BIO_printf(bio_err, "Error signing OCSP request\n");
892 goto end; 892 goto end;
893 } 893 }
894 } 894 }
895 if (ocsp_config.req_text && ocsp_config.req) 895 if (cfg.req_text && cfg.req)
896 OCSP_REQUEST_print(out, ocsp_config.req, 0); 896 OCSP_REQUEST_print(out, cfg.req, 0);
897 897
898 if (ocsp_config.reqout) { 898 if (cfg.reqout) {
899 derbio = BIO_new_file(ocsp_config.reqout, "wb"); 899 derbio = BIO_new_file(cfg.reqout, "wb");
900 if (!derbio) { 900 if (!derbio) {
901 BIO_printf(bio_err, "Error opening file %s\n", 901 BIO_printf(bio_err, "Error opening file %s\n",
902 ocsp_config.reqout); 902 cfg.reqout);
903 goto end; 903 goto end;
904 } 904 }
905 i2d_OCSP_REQUEST_bio(derbio, ocsp_config.req); 905 i2d_OCSP_REQUEST_bio(derbio, cfg.req);
906 BIO_free(derbio); 906 BIO_free(derbio);
907 } 907 }
908 if (ocsp_config.ridx_filename && (!rkey || !rsigner || !rca_cert)) { 908 if (cfg.ridx_filename && (!rkey || !rsigner || !rca_cert)) {
909 BIO_printf(bio_err, 909 BIO_printf(bio_err,
910 "Need a responder certificate, key and CA for this operation!\n"); 910 "Need a responder certificate, key and CA for this operation!\n");
911 goto end; 911 goto end;
912 } 912 }
913 if (ocsp_config.ridx_filename && !rdb) { 913 if (cfg.ridx_filename && !rdb) {
914 rdb = load_index(ocsp_config.ridx_filename, NULL); 914 rdb = load_index(cfg.ridx_filename, NULL);
915 if (!rdb) 915 if (!rdb)
916 goto end; 916 goto end;
917 if (!index_index(rdb)) 917 if (!index_index(rdb))
918 goto end; 918 goto end;
919 } 919 }
920 if (rdb) { 920 if (rdb) {
921 i = make_ocsp_response(&resp, ocsp_config.req, rdb, rca_cert, 921 i = make_ocsp_response(&resp, cfg.req, rdb, rca_cert,
922 rsigner, rkey, rother, ocsp_config.rflags, 922 rsigner, rkey, rother, cfg.rflags,
923 ocsp_config.nmin, ocsp_config.ndays); 923 cfg.nmin, cfg.ndays);
924 if (cbio) 924 if (cbio)
925 send_ocsp_response(cbio, resp); 925 send_ocsp_response(cbio, resp);
926 } else if (ocsp_config.host) { 926 } else if (cfg.host) {
927 resp = process_responder(bio_err, ocsp_config.req, 927 resp = process_responder(bio_err, cfg.req,
928 ocsp_config.host, 928 cfg.host,
929 ocsp_config.path ? ocsp_config.path : "/", 929 cfg.path ? cfg.path : "/",
930 ocsp_config.port, ocsp_config.use_ssl, ocsp_config.headers, 930 cfg.port, cfg.use_ssl, cfg.headers,
931 ocsp_config.req_timeout); 931 cfg.req_timeout);
932 if (!resp) 932 if (!resp)
933 goto end; 933 goto end;
934 } else if (ocsp_config.respin) { 934 } else if (cfg.respin) {
935 derbio = BIO_new_file(ocsp_config.respin, "rb"); 935 derbio = BIO_new_file(cfg.respin, "rb");
936 if (!derbio) { 936 if (!derbio) {
937 BIO_printf(bio_err, 937 BIO_printf(bio_err,
938 "Error Opening OCSP response file\n"); 938 "Error Opening OCSP response file\n");
@@ -951,11 +951,11 @@ ocsp_main(int argc, char **argv)
951 951
952 done_resp: 952 done_resp:
953 953
954 if (ocsp_config.respout) { 954 if (cfg.respout) {
955 derbio = BIO_new_file(ocsp_config.respout, "wb"); 955 derbio = BIO_new_file(cfg.respout, "wb");
956 if (!derbio) { 956 if (!derbio) {
957 BIO_printf(bio_err, "Error opening file %s\n", 957 BIO_printf(bio_err, "Error opening file %s\n",
958 ocsp_config.respout); 958 cfg.respout);
959 goto end; 959 goto end;
960 } 960 }
961 i2d_OCSP_RESPONSE_bio(derbio, resp); 961 i2d_OCSP_RESPONSE_bio(derbio, resp);
@@ -966,24 +966,24 @@ ocsp_main(int argc, char **argv)
966 if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { 966 if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
967 BIO_printf(bio_err, "Responder Error: %s (%d)\n", 967 BIO_printf(bio_err, "Responder Error: %s (%d)\n",
968 OCSP_response_status_str(i), i); 968 OCSP_response_status_str(i), i);
969 if (ocsp_config.ignore_err) 969 if (cfg.ignore_err)
970 goto redo_accept; 970 goto redo_accept;
971 ret = 1; 971 ret = 1;
972 goto end; 972 goto end;
973 } 973 }
974 if (ocsp_config.resp_text) 974 if (cfg.resp_text)
975 OCSP_RESPONSE_print(out, resp, 0); 975 OCSP_RESPONSE_print(out, resp, 0);
976 976
977 /* If running as responder don't verify our own response */ 977 /* If running as responder don't verify our own response */
978 if (cbio) { 978 if (cbio) {
979 if (ocsp_config.accept_count > 0) 979 if (cfg.accept_count > 0)
980 ocsp_config.accept_count--; 980 cfg.accept_count--;
981 /* Redo if more connections needed */ 981 /* Redo if more connections needed */
982 if (ocsp_config.accept_count) { 982 if (cfg.accept_count) {
983 BIO_free_all(cbio); 983 BIO_free_all(cbio);
984 cbio = NULL; 984 cbio = NULL;
985 OCSP_REQUEST_free(ocsp_config.req); 985 OCSP_REQUEST_free(cfg.req);
986 ocsp_config.req = NULL; 986 cfg.req = NULL;
987 OCSP_RESPONSE_free(resp); 987 OCSP_RESPONSE_free(resp);
988 resp = NULL; 988 resp = NULL;
989 goto redo_accept; 989 goto redo_accept;
@@ -991,12 +991,12 @@ ocsp_main(int argc, char **argv)
991 goto end; 991 goto end;
992 } 992 }
993 if (!store) 993 if (!store)
994 store = setup_verify(bio_err, ocsp_config.CAfile, 994 store = setup_verify(bio_err, cfg.CAfile,
995 ocsp_config.CApath); 995 cfg.CApath);
996 if (!store) 996 if (!store)
997 goto end; 997 goto end;
998 if (ocsp_config.verify_certfile) { 998 if (cfg.verify_certfile) {
999 verify_other = load_certs(bio_err, ocsp_config.verify_certfile, 999 verify_other = load_certs(bio_err, cfg.verify_certfile,
1000 FORMAT_PEM, NULL, "validator certificate"); 1000 FORMAT_PEM, NULL, "validator certificate");
1001 if (!verify_other) 1001 if (!verify_other)
1002 goto end; 1002 goto end;
@@ -1007,9 +1007,9 @@ ocsp_main(int argc, char **argv)
1007 BIO_printf(bio_err, "Error parsing response\n"); 1007 BIO_printf(bio_err, "Error parsing response\n");
1008 goto end; 1008 goto end;
1009 } 1009 }
1010 if (!ocsp_config.noverify) { 1010 if (!cfg.noverify) {
1011 if (ocsp_config.req && 1011 if (cfg.req &&
1012 ((i = OCSP_check_nonce(ocsp_config.req, bs)) <= 0)) { 1012 ((i = OCSP_check_nonce(cfg.req, bs)) <= 0)) {
1013 if (i == -1) { 1013 if (i == -1) {
1014 BIO_printf(bio_err, 1014 BIO_printf(bio_err,
1015 "WARNING: no nonce in response\n"); 1015 "WARNING: no nonce in response\n");
@@ -1019,7 +1019,7 @@ ocsp_main(int argc, char **argv)
1019 } 1019 }
1020 } 1020 }
1021 i = OCSP_basic_verify(bs, verify_other, store, 1021 i = OCSP_basic_verify(bs, verify_other, store,
1022 ocsp_config.verify_flags); 1022 cfg.verify_flags);
1023 if (i < 0) 1023 if (i < 0)
1024 i = OCSP_basic_verify(bs, NULL, store, 0); 1024 i = OCSP_basic_verify(bs, NULL, store, 0);
1025 1025
@@ -1030,8 +1030,8 @@ ocsp_main(int argc, char **argv)
1030 BIO_printf(bio_err, "Response verify OK\n"); 1030 BIO_printf(bio_err, "Response verify OK\n");
1031 } 1031 }
1032 } 1032 }
1033 if (!print_ocsp_summary(out, bs, ocsp_config.req, ocsp_config.reqnames, 1033 if (!print_ocsp_summary(out, bs, cfg.req, cfg.reqnames,
1034 ocsp_config.ids, ocsp_config.nsec, ocsp_config.maxage)) 1034 cfg.ids, cfg.nsec, cfg.maxage))
1035 goto end; 1035 goto end;
1036 1036
1037 ret = 0; 1037 ret = 0;
@@ -1042,27 +1042,27 @@ ocsp_main(int argc, char **argv)
1042 X509_STORE_free(store); 1042 X509_STORE_free(store);
1043 EVP_PKEY_free(key); 1043 EVP_PKEY_free(key);
1044 EVP_PKEY_free(rkey); 1044 EVP_PKEY_free(rkey);
1045 X509_free(ocsp_config.issuer); 1045 X509_free(cfg.issuer);
1046 X509_free(ocsp_config.cert); 1046 X509_free(cfg.cert);
1047 X509_free(rsigner); 1047 X509_free(rsigner);
1048 X509_free(rca_cert); 1048 X509_free(rca_cert);
1049 free_index(rdb); 1049 free_index(rdb);
1050 BIO_free_all(cbio); 1050 BIO_free_all(cbio);
1051 BIO_free_all(acbio); 1051 BIO_free_all(acbio);
1052 BIO_free(out); 1052 BIO_free(out);
1053 OCSP_REQUEST_free(ocsp_config.req); 1053 OCSP_REQUEST_free(cfg.req);
1054 OCSP_RESPONSE_free(resp); 1054 OCSP_RESPONSE_free(resp);
1055 OCSP_BASICRESP_free(bs); 1055 OCSP_BASICRESP_free(bs);
1056 sk_OPENSSL_STRING_free(ocsp_config.reqnames); 1056 sk_OPENSSL_STRING_free(cfg.reqnames);
1057 sk_OCSP_CERTID_free(ocsp_config.ids); 1057 sk_OCSP_CERTID_free(cfg.ids);
1058 sk_X509_pop_free(sign_other, X509_free); 1058 sk_X509_pop_free(sign_other, X509_free);
1059 sk_X509_pop_free(verify_other, X509_free); 1059 sk_X509_pop_free(verify_other, X509_free);
1060 sk_CONF_VALUE_pop_free(ocsp_config.headers, X509V3_conf_free); 1060 sk_CONF_VALUE_pop_free(cfg.headers, X509V3_conf_free);
1061 1061
1062 if (ocsp_config.use_ssl != -1) { 1062 if (cfg.use_ssl != -1) {
1063 free(ocsp_config.host); 1063 free(cfg.host);
1064 free(ocsp_config.port); 1064 free(cfg.port);
1065 free(ocsp_config.path); 1065 free(cfg.path);
1066 } 1066 }
1067 return (ret); 1067 return (ret);
1068} 1068}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 20:08:13 +0000