diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2001-08-23 23:54:11 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2001-08-23 23:54:11 +0000 |
| commit | b439a746207a5bfb0b5fff1c5de483aad66c4e78 (patch) | |
| tree | 55acff2cfacf4e921476823d4dff853d49330aa7 /apps/ocsp.c | |
| parent | 3132ab8ce690bc6c10e58006d1afce3a5acf0549 (diff) | |
| download | openssl-b439a746207a5bfb0b5fff1c5de483aad66c4e78.tar.gz | |
Load OCSP responder key before waiting for an incoming
connection so it can prompt for pass phrase on startup
instead of after the first connection.
Add -port switch to usage message.
Diffstat (limited to 'apps/ocsp.c')
| -rw-r--r-- | apps/ocsp.c | 52 |
1 files changed, 27 insertions, 25 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index cc20bfe529..66460391fb 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -547,6 +547,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n"); BIO_printf (bio_err, "-no_chain don't chain verify response\n"); BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); + BIO_printf (bio_err, "-port num port to run responder on\n"); BIO_printf (bio_err, "-index file certificate status index file\n"); BIO_printf (bio_err, "-CA file CA certificate\n"); BIO_printf (bio_err, "-rsigner file responder certificate to sign requests with\n"); @@ -595,6 +596,32 @@ int MAIN(int argc, char **argv) goto end; } + if (rsignfile && !rdb) + { + if (!rkeyfile) rkeyfile = rsignfile; + rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM, + NULL, e, "responder certificate"); + if (!rsigner) + { + BIO_printf(bio_err, "Error loading responder certificate\n"); + goto end; + } + rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM, + NULL, e, "CA certificate"); + if (rcertfile) + { + rother = load_certs(bio_err, sign_certfile, FORMAT_PEM, + NULL, e, "responder other certificates"); + if (!sign_other) goto end; + } + rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL, + "responder private key"); + if (!rkey) + goto end; + } + if(acbio) + BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); + redo_accept: if (acbio) @@ -646,30 +673,6 @@ int MAIN(int argc, char **argv) if (req_text && req) OCSP_REQUEST_print(out, req, 0); - if (rsignfile && !rdb) - { - if (!rkeyfile) rkeyfile = rsignfile; - rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM, - NULL, e, "responder certificate"); - if (!rsigner) - { - BIO_printf(bio_err, "Error loading responder certificate\n"); - goto end; - } - rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM, - NULL, e, "CA certificate"); - if (rcertfile) - { - rother = load_certs(bio_err, sign_certfile, FORMAT_PEM, - NULL, e, "responder other certificates"); - if (!sign_other) goto end; - } - rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL, - "responder private key"); - if (!rkey) - goto end; - } - if (ridx_filename && (!rkey || !rsigner || !rca_cert)) { BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); @@ -1128,7 +1131,6 @@ static BIO *init_responder(char *port) ERR_print_errors(bio_err); goto err; } - BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); return acbio; |