Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Ignore ftruncate failure with errno == EAGAIN | tb | 2020-09-04 | 1 | -2/+5 |
| | | | | | | This makes piping the OCSP response to other programs with -o - work. input and r+ guenther | ||||
* | The X509_LOOKUP code tries to grope around in /etc/ssl/cert/ to find | tb | 2020-01-23 | 1 | -30/+67 |
| | | | | | | | | | | | | | | | | CA certs it couldn't find otherwise. This may lead to a pledge rpath violation reported by Kor, son of Rynar. Unfortunately, providing certs inside a directory is common in linuxes, so we need to keep this functionality for portable. Check if /etc/ssl/cert.pem and /etc/ssl/cert exist and pledge accordingly. Add unveils to restrict this program further on a default OpenBSD install. Fix -C to look only inside the provided root bundle. Input from jsing and sthen, tests by sthen and Kor ok beck, jsing, sthen (after much back and forth) | ||||
* | check result of ftruncate() as we do write() below | bcook | 2019-05-15 | 1 | -2/+4 |
| | | | | ok beck@ | ||||
* | Avoid using an uninitialized variable. | visa | 2017-12-01 | 1 | -4/+6 |
| | | | | | | Found by gcc. OK jca@ | ||||
* | add -i to SYNOPSIS/usage() and sundry tweaks; | jmc | 2017-11-29 | 1 | -2/+3 |
| | | | | ok beck | ||||
* | Add option -i to allow oscpcheck to be used to validate an on-disk staple | beck | 2017-11-28 | 1 | -46/+92 |
| | | | | ok claudio@ benno@ | ||||
* | Print size_t's correctly. | beck | 2017-05-08 | 1 | -3/+3 |
| | | | | Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org> | ||||
* | repair knf & whitespace that jumped out of the screen during review | deraadt | 2017-03-27 | 1 | -23/+18 |
| | | | | ok beck | ||||
* | use a path of "/" if the URL does not include a trailing / - since | beck | 2017-03-27 | 1 | -2/+5 |
| | | | | | | the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@ | ||||
* | Fail early if an ocep server returns a non-200 http response, there is no | beck | 2017-03-27 | 1 | -1/+4 |
| | | | | point in trying to parse error pages as an ocsp response. | ||||
* | pledge stdio before parsing the http response | beck | 2017-02-25 | 1 | -9/+11 |
| | | | | ok tb@ | ||||
* | Add missing $OpenBSD$ | beck | 2017-02-20 | 1 | -0/+1 |
| | |||||
* | netinet/in.h should be included, and freebsd and some others | beck | 2017-02-01 | 1 | -0/+3 |
| | | | | | don't have EAI_NODATA, so make this easier for people from bernard spill | ||||
* | oscp -> ocsp; | jmc | 2017-01-26 | 1 | -1/+1 |
| | | | | from holger mikolon, plus one more in nc; | ||||
* | Use numeric exit codes consistently rather than a mix | beck | 2017-01-26 | 1 | -11/+11 |
| | | | | ok jsing@ | ||||
* | style | beck | 2017-01-26 | 1 | -1/+1 |
| | |||||
* | Fix the structure initialzation to compile. bad inioguchi and millert :) | beck | 2017-01-26 | 1 | -1/+1 |
| | | | | ok jsing@ rpe@ | ||||
* | Fix array initialization syntax for ocspcheck.c | inoguchi | 2017-01-25 | 1 | -1/+1 |
| | | | | | Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@ | ||||
* | correct usage format; ok beck claudio benno | deraadt | 2017-01-24 | 1 | -2/+3 |
| | |||||
* | fix mode on open() and ftruncate(), noticed by | beck | 2017-01-24 | 1 | -2/+4 |
| | | | | bcook@ | ||||
* | Say no to two line error messages on failure | beck | 2017-01-24 | 1 | -4/+3 |
| | |||||
* | Actually load the cafile when providede, and error message cleanup | beck | 2017-01-24 | 1 | -4/+4 |
| | |||||
* | use warn, I have errno here. noticed by theo | beck | 2017-01-24 | 1 | -1/+1 |
| | |||||
* | knf | beck | 2017-01-24 | 1 | -1/+2 |
| | |||||
* | Just don't bother with OpenSSL error strings, they are mostly | beck | 2017-01-24 | 1 | -19/+13 |
| | | | | irrelevant and look gross here anyway.. we don't need them | ||||
* | various cleanup; | jmc | 2017-01-24 | 1 | -1/+1 |
| | |||||
* | New ocspcheck utility to validate a certificate against its ocsp responder | beck | 2017-01-24 | 1 | -0/+635 |
and save the reply for stapling ok deraadt@ jsing@ |