ocsp.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/* ocsp.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef OPENSSL_NO_OCSP
#include <stdio.h>
#include <string.h>
#include "apps.h"
/* Maximum leeway in validity period: default 5 minutes */
int MAIN(int, char **);
{
char **args;
int ret = 1;
int accept_count = -1;
int badarg = 0;
int i;
int ignore_err = 0;
char *ridx_filename = NULL;
char *rca_filename = NULL;
goto end;
reqnames = sk_new_null();
{
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
{
badarg = 1;
}
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
ignore_err = 1;
noverify = 1;
add_nonce = 2;
add_nonce = 0;
rflags |= OCSP_NOCERTS;
{
req_text = 1;
resp_text = 1;
}
req_text = 1;
resp_text = 1;
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
verify_certfile = *args;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
sign_certfile = *args;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
verify_certfile = *args;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
if (nsec < 0)
{
"Illegal validity period %s\n",
*args);
badarg = 1;
}
}
else badarg = 1;
}
{
if (args[1])
{
args++;
if (maxage < 0)
{
"Illegal validity age %s\n",
*args);
badarg = 1;
}
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
NULL, e, "issuer certificate");
}
else badarg = 1;
}
{
if (args[1])
{
args++;
NULL, e, "certificate");
goto end;
goto end;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
goto end;
goto end;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
ridx_filename = *args;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
rca_filename = *args;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
if (nmin < 0)
{
"Illegal update period %s\n",
*args);
badarg = 1;
}
}
if (ndays == -1)
ndays = 0;
else badarg = 1;
}
{
if (args[1])
{
args++;
if (accept_count < 0)
{
"Illegal accept count %s\n",
*args);
badarg = 1;
}
}
else badarg = 1;
}
{
if (args[1])
{
args++;
if (ndays < 0)
{
"Illegal update period %s\n",
*args);
badarg = 1;
}
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
{
if (args[1])
{
args++;
}
else badarg = 1;
}
else badarg = 1;
args++;
}
/* Have we anything to do? */
if (badarg)
{
goto end;
}
if(!out)
{
goto end;
}
{
if (!derbio)
{
goto end;
}
if(!req)
{
goto end;
}
}
{
if (!acbio)
goto end;
}
{
NULL, e, "responder certificate");
if (!rsigner)
{
goto end;
}
NULL, e, "CA certificate");
if (rcertfile)
{
NULL, e, "responder other certificates");
}
"responder private key");
if (!rkey)
goto end;
}
if(acbio)
if (acbio)
{
goto end;
if (!req)
{
goto done_resp;
}
}
{
goto end;
}
if (signfile)
{
NULL, e, "signer certificate");
if (!signer)
{
goto end;
}
if (sign_certfile)
{
NULL, e, "signer certificates");
if (!sign_other) goto end;
}
"signer private key");
if (!key)
goto end;
{
goto end;
}
}
if (reqout)
{
if(!derbio)
{
goto end;
}
}
{
goto end;
}
if (ridx_filename && !rdb)
{
}
if (rdb)
{
if (cbio)
}
else if (host)
{
#ifndef OPENSSL_NO_SOCK
#else
goto end;
#endif
if (!cbio)
{
goto end;
}
if (use_ssl == 1)
{
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
#elif !defined(OPENSSL_NO_SSL3)
#elif !defined(OPENSSL_NO_SSL2)
#else
goto end;
#endif
}
if (BIO_do_connect(cbio) <= 0)
{
goto end;
}
if (!resp)
{
goto end;
}
}
else if (respin)
{
if (!derbio)
{
goto end;
}
if(!resp)
{
goto end;
}
}
else
{
ret = 0;
goto end;
}
if (respout)
{
if(!derbio)
{
goto end;
}
}
i = OCSP_response_status(resp);
if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
{
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
ret = 0;
goto end;
}
/* If running as responder don't verify our own response */
if (cbio)
{
if (accept_count > 0)
accept_count--;
/* Redo if more connections needed */
if (accept_count)
{
goto redo_accept;
}
goto end;
}
if (!store)
if (!store)
goto end;
if (verify_certfile)
{
NULL, e, "validator certificate");
if (!verify_other) goto end;
}
if (!bs)
{
goto end;
}
if (!noverify)
{
{
if (i == -1)
else
{
goto end;
}
}
if(i <= 0)
{
}
else
}
goto end;
ret = 0;
end:
if (use_ssl != -1)
{
}
}
{
if(!issuer)
{
return 0;
}
return 1;
err:
return 0;
}
{
if(!issuer)
{
return 0;
}
if(!sno)
{
return 0;
}
return 1;
err:
return 0;
}
{
char *name;
int i;
return 1;
for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
{
{
continue;
}
/* Check validity: if invalid write to output BIO so we
* know which response this refers to.
*/
{
}
if(nextupd)
{
}
if (status != V_OCSP_CERTSTATUS_REVOKED)
continue;
if (reason != -1)
}
return 1;
}
{
if (id_count <= 0)
{
goto end;
}
bs = OCSP_BASICRESP_new();
if (ndays != -1)
/* Examine each certificate id in the request */
for (i = 0; i < id_count; i++)
{
char **inf;
/* Is this request about our CA? */
{
0, NULL,
continue;
}
if (!inf)
0, NULL,
0, NULL,
{
int reason = -1;
if (invtm)
else if (inst)
}
}
end:
return ret;
}
{
int i;
if (BN_is_zero(bn))
else
return rrow;
}
/* Quick and dirty OCSP server: read in and parse input request */
{
if (!bufbio)
goto err;
#ifndef OPENSSL_NO_SOCK
#else
#endif
if (!acbio)
goto err;
if (BIO_do_accept(acbio) <= 0)
{
goto err;
}
return acbio;
err:
return NULL;
}
{
char inbuf[1024];
if (BIO_do_accept(acbio) <= 0)
{
return 0;
}
for(;;)
{
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */
if (!have_post)
{
{
return 1;
}
have_post = 1;
}
/* Look for end of headers */
break;
}
/* Try to read OCSP request */
if (!req)
{
}
return 1;
}
{
char http_resp[] =
"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
"Content-Length: %d\r\n\r\n";
if (!cbio)
return 0;
return 1;
}
#endif