summaryrefslogtreecommitdiff
path: root/src/usr.sbin/ocspcheck/ocspcheck.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Ignore ftruncate failure with errno == EAGAINtb2020-09-041-2/+5
| | | | | | This makes piping the OCSP response to other programs with -o - work. input and r+ guenther
* The X509_LOOKUP code tries to grope around in /etc/ssl/cert/ to findtb2020-01-231-30/+67
| | | | | | | | | | | | | | | | CA certs it couldn't find otherwise. This may lead to a pledge rpath violation reported by Kor, son of Rynar. Unfortunately, providing certs inside a directory is common in linuxes, so we need to keep this functionality for portable. Check if /etc/ssl/cert.pem and /etc/ssl/cert exist and pledge accordingly. Add unveils to restrict this program further on a default OpenBSD install. Fix -C to look only inside the provided root bundle. Input from jsing and sthen, tests by sthen and Kor ok beck, jsing, sthen (after much back and forth)
* check result of ftruncate() as we do write() belowbcook2019-05-151-2/+4
| | | | ok beck@
* Avoid using an uninitialized variable.visa2017-12-011-4/+6
| | | | | | Found by gcc. OK jca@
* add -i to SYNOPSIS/usage() and sundry tweaks;jmc2017-11-291-2/+3
| | | | ok beck
* Add option -i to allow oscpcheck to be used to validate an on-disk staplebeck2017-11-281-46/+92
| | | | ok claudio@ benno@
* Print size_t's correctly.beck2017-05-081-3/+3
| | | | Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org>
* repair knf & whitespace that jumped out of the screen during reviewderaadt2017-03-271-23/+18
| | | | ok beck
* use a path of "/" if the URL does not include a trailing / - sincebeck2017-03-271-2/+5
| | | | | | the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@
* Fail early if an ocep server returns a non-200 http response, there is nobeck2017-03-271-1/+4
| | | | point in trying to parse error pages as an ocsp response.
* pledge stdio before parsing the http responsebeck2017-02-251-9/+11
| | | | ok tb@
* Add missing $OpenBSD$beck2017-02-201-0/+1
|
* netinet/in.h should be included, and freebsd and some othersbeck2017-02-011-0/+3
| | | | | don't have EAI_NODATA, so make this easier for people from bernard spill
* oscp -> ocsp;jmc2017-01-261-1/+1
| | | | from holger mikolon, plus one more in nc;
* Use numeric exit codes consistently rather than a mixbeck2017-01-261-11/+11
| | | | ok jsing@
* stylebeck2017-01-261-1/+1
|
* Fix the structure initialzation to compile. bad inioguchi and millert :)beck2017-01-261-1/+1
| | | | ok jsing@ rpe@
* Fix array initialization syntax for ocspcheck.cinoguchi2017-01-251-1/+1
| | | | | Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
* correct usage format; ok beck claudio bennoderaadt2017-01-241-2/+3
|
* fix mode on open() and ftruncate(), noticed bybeck2017-01-241-2/+4
| | | | bcook@
* Say no to two line error messages on failurebeck2017-01-241-4/+3
|
* Actually load the cafile when providede, and error message cleanupbeck2017-01-241-4/+4
|
* use warn, I have errno here. noticed by theobeck2017-01-241-1/+1
|
* knfbeck2017-01-241-1/+2
|
* Just don't bother with OpenSSL error strings, they are mostlybeck2017-01-241-19/+13
| | | | irrelevant and look gross here anyway.. we don't need them
* various cleanup;jmc2017-01-241-1/+1
|
* New ocspcheck utility to validate a certificate against its ocsp responderbeck2017-01-241-0/+635
and save the reply for stapling ok deraadt@ jsing@