summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/usr.sbin/ocspcheck/ocspcheck.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c
index 65342fa13c..5124d588b3 100644
--- a/src/usr.sbin/ocspcheck/ocspcheck.c
+++ b/src/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocspcheck.c,v 1.16 2017/02/20 23:55:22 beck Exp $ */ 1/* $OpenBSD: ocspcheck.c,v 1.17 2017/02/25 23:48:08 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -589,6 +589,16 @@ main(int argc, char **argv)
589 request->data, request->size); 589 request->data, request->size);
590 if (hget == NULL) 590 if (hget == NULL)
591 errx(1, "http_get"); 591 errx(1, "http_get");
592
593 /*
594 * Pledge minimally before fiddling with libcrypto init
595 * routines and parsing untrusted input from someone's OCSP
596 * server.
597 */
598
599 if (pledge("stdio", NULL) == -1)
600 err(1, "pledge");
601
592 httph = http_head_parse(hget->http, hget->xfer, &httphsz); 602 httph = http_head_parse(hget->http, hget->xfer, &httphsz);
593 dspew("Server at %s returns:\n", host); 603 dspew("Server at %s returns:\n", host);
594 for (i = 0; i < httphsz; i++) 604 for (i = 0; i < httphsz; i++)
@@ -598,14 +608,6 @@ main(int argc, char **argv)
598 errx(1, "No body in reply from %s", host); 608 errx(1, "No body in reply from %s", host);
599 609
600 /* 610 /*
601 * Pledge minimally before fiddling with libcrypto init routines
602 * and untrusted input from someone's OCSP server.
603 */
604
605 if (pledge("stdio", NULL) == -1)
606 err(1, "pledge");
607
608 /*
609 * Validate the OCSP response we got back 611 * Validate the OCSP response we got back
610 */ 612 */
611 OPENSSL_add_all_algorithms_noconf(); 613 OPENSSL_add_all_algorithms_noconf();
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 04:01:14 +0000