summaryrefslogtreecommitdiff
path: root/src/usr.sbin/ocspcheck/ocspcheck.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix debug output for http headerstb2024-12-041-5/+4
| | | | from Kenjiro Nakayama
* Convert libressl to use the BoringSSL style time conversionsbeck2024-03-241-2/+3
| | | | | | | | This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
* Replace ASN1_time_parse() with ASN1_TIME_to_tm()tb2023-11-131-3/+4
| | | | | | | Like in libtls, we use ASN1_GENERALIZEDTIME_check() to ensure we actually have a GeneralizedTime. ok beck
* spelling fixes; from paul tagliamontejmc2022-12-281-2/+2
| | | | any parts of his diff not taken are noted on tech
* Change the error reporting pattern throughout the tree when unveilbeck2021-07-121-4/+4
| | | | | | | | | fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
* Walk over all results from getaddrinfo() instead of giving up after theclaudio2021-02-091-2/+1
| | | | | | | first entry. This way ocspcheck will try all returned IPs to contact the OCSP server. Found by the regress test and a resolv.conf file with 'family inet6 inet4'. OK kn@ deraadt@
* Refactor a bunch of oscpcheck for single return to clean it up,beck2020-10-161-63/+95
| | | | | | | | | | | | and add the ability to parse a port in the specified ocsp url. Since this will now pass them, enable regress tests previously committed for ocspcheck. mostly by me with some cleanup by tb after an obvious yak was found to shave in the OCSP routines in libcrypto ok tb@
* Ignore ftruncate failure with errno == EAGAINtb2020-09-041-2/+5
| | | | | | This makes piping the OCSP response to other programs with -o - work. input and r+ guenther
* The X509_LOOKUP code tries to grope around in /etc/ssl/cert/ to findtb2020-01-231-30/+67
| | | | | | | | | | | | | | | | CA certs it couldn't find otherwise. This may lead to a pledge rpath violation reported by Kor, son of Rynar. Unfortunately, providing certs inside a directory is common in linuxes, so we need to keep this functionality for portable. Check if /etc/ssl/cert.pem and /etc/ssl/cert exist and pledge accordingly. Add unveils to restrict this program further on a default OpenBSD install. Fix -C to look only inside the provided root bundle. Input from jsing and sthen, tests by sthen and Kor ok beck, jsing, sthen (after much back and forth)
* check result of ftruncate() as we do write() belowbcook2019-05-151-2/+4
| | | | ok beck@
* Avoid using an uninitialized variable.visa2017-12-011-4/+6
| | | | | | Found by gcc. OK jca@
* add -i to SYNOPSIS/usage() and sundry tweaks;jmc2017-11-291-2/+3
| | | | ok beck
* Add option -i to allow oscpcheck to be used to validate an on-disk staplebeck2017-11-281-46/+92
| | | | ok claudio@ benno@
* Print size_t's correctly.beck2017-05-081-3/+3
| | | | Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org>
* repair knf & whitespace that jumped out of the screen during reviewderaadt2017-03-271-23/+18
| | | | ok beck
* use a path of "/" if the URL does not include a trailing / - sincebeck2017-03-271-2/+5
| | | | | | the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@
* Fail early if an ocep server returns a non-200 http response, there is nobeck2017-03-271-1/+4
| | | | point in trying to parse error pages as an ocsp response.
* pledge stdio before parsing the http responsebeck2017-02-251-9/+11
| | | | ok tb@
* Add missing $OpenBSD$beck2017-02-201-0/+1
|
* netinet/in.h should be included, and freebsd and some othersbeck2017-02-011-0/+3
| | | | | don't have EAI_NODATA, so make this easier for people from bernard spill
* oscp -> ocsp;jmc2017-01-261-1/+1
| | | | from holger mikolon, plus one more in nc;
* Use numeric exit codes consistently rather than a mixbeck2017-01-261-11/+11
| | | | ok jsing@
* stylebeck2017-01-261-1/+1
|
* Fix the structure initialzation to compile. bad inioguchi and millert :)beck2017-01-261-1/+1
| | | | ok jsing@ rpe@
* Fix array initialization syntax for ocspcheck.cinoguchi2017-01-251-1/+1
| | | | | Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
* correct usage format; ok beck claudio bennoderaadt2017-01-241-2/+3
|
* fix mode on open() and ftruncate(), noticed bybeck2017-01-241-2/+4
| | | | bcook@
* Say no to two line error messages on failurebeck2017-01-241-4/+3
|
* Actually load the cafile when providede, and error message cleanupbeck2017-01-241-4/+4
|
* use warn, I have errno here. noticed by theobeck2017-01-241-1/+1
|
* knfbeck2017-01-241-1/+2
|
* Just don't bother with OpenSSL error strings, they are mostlybeck2017-01-241-19/+13
| | | | irrelevant and look gross here anyway.. we don't need them
* various cleanup;jmc2017-01-241-1/+1
|
* New ocspcheck utility to validate a certificate against its ocsp responderbeck2017-01-241-0/+635
and save the reply for stapling ok deraadt@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-09 03:35:26 +0000