1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ocsp.c */ 2e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * project 2000. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * licensing@OpenSSL.org. 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_OCSP 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 60221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef OPENSSL_SYS_VMS 61221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#define _XOPEN_SOURCE_EXTENDED /* So fd_set and friends get properly defined 62221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom on OpenVMS */ 63221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 64221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define USE_SOCKETS 66221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdlib.h> 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <string.h> 70221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <time.h> 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "apps.h" /* needs to be included before the openssl headers! */ 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/e_os2.h> 73221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/crypto.h> 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/err.h> 75221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/ssl.h> 76221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/evp.h> 77221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/bn.h> 78221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/x509v3.h> 79221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 80221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if defined(NETWARE_CLIB) 81221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# ifdef NETWARE_BSDSOCK 82221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <sys/socket.h> 83221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <sys/bsdskt.h> 84221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# else 85221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <novsock2.h> 86221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# endif 87221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#elif defined(NETWARE_LIBC) 88221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# ifdef NETWARE_BSDSOCK 89221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <sys/select.h> 90221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# else 91221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <novsock2.h> 92221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# endif 93221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 94221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Maximum leeway in validity period: default 5 minutes */ 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define MAX_VALIDITY_PERIOD (5 * 60) 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 98221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids); 100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids); 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, 103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OPENSSL_STRING) *names, 104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OCSP_CERTID) *ids, long nsec, 105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long maxage); 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *ca, X509 *rcert, EVP_PKEY *rkey, 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *rother, unsigned long flags, 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nmin, int ndays); 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic BIO *init_responder(char *port); 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, 117221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(CONF_VALUE) *headers, 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req, int req_timeout); 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef PROG 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define PROG ocsp_main 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MAIN(int, char **); 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MAIN(int argc, char **argv) 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENGINE *e = NULL; 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char **args; 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *host = NULL, *port = NULL, *path = "/"; 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *reqin = NULL, *respin = NULL; 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *reqout = NULL, *respout = NULL; 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *signfile = NULL, *keyfile = NULL; 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *rsignfile = NULL, *rkeyfile = NULL; 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *outfile = NULL; 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int add_nonce = 1, noverify = 0, use_ssl = -1; 136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(CONF_VALUE) *headers = NULL; 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req = NULL; 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE *resp = NULL; 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_BASICRESP *bs = NULL; 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *issuer = NULL, *cert = NULL; 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *signer = NULL, *rsigner = NULL; 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *key = NULL, *rkey = NULL; 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *acbio = NULL, *cbio = NULL; 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *derbio = NULL; 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *out = NULL; 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req_timeout = -1; 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req_text = 0, resp_text = 0; 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long nsec = MAX_VALIDITY_PERIOD, maxage = -1; 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *CAfile = NULL, *CApath = NULL; 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE *store = NULL; 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = 1; 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int accept_count = -1; 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int badarg = 0; 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ignore_err = 0; 159221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OPENSSL_STRING) *reqnames = NULL; 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids = NULL; 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *rca_cert = NULL; 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *ridx_filename = NULL; 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *rca_filename = NULL; 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CA_DB *rdb = NULL; 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nmin = 0, ndays = -1; 167221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const EVP_MD *cert_id_md = NULL; 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!load_config(bio_err, NULL)) 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_load_error_strings(); 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OpenSSL_add_ssl_algorithms(); 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args = argv + 1; 176221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom reqnames = sk_OPENSSL_STRING_new_null(); 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ids = sk_OCSP_CERTID_new_null(); 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (!badarg && *args && *args[0] == '-') 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!strcmp(*args, "-out")) 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project outfile = *args; 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-timeout")) 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_timeout = atol(*args); 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req_timeout < 0) 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal timeout value %s\n", 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-url")) 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error parsing URL\n"); 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-host")) 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project host = *args; 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-port")) 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project port = *args; 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 236221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (!strcmp(*args, "-header")) 237221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 238221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (args[1] && args[2]) 239221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 240221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!X509V3_add_value(args[1], args[2], &headers)) 241221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto end; 242221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom args += 2; 243221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 244221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else badarg = 1; 245221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-ignore_err")) 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ignore_err = 1; 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-noverify")) 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project noverify = 1; 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-nonce")) 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project add_nonce = 2; 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_nonce")) 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project add_nonce = 0; 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-resp_no_certs")) 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rflags |= OCSP_NOCERTS; 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-resp_key_id")) 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rflags |= OCSP_RESPID_KEY; 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_certs")) 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sign_flags |= OCSP_NOCERTS; 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_signature_verify")) 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOSIGS; 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_cert_verify")) 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOVERIFY; 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_chain")) 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOCHAIN; 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_cert_checks")) 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOCHECKS; 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_explicit")) 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOEXPLICIT; 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-trust_other")) 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_TRUSTOTHER; 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_intern")) 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOINTERN; 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-text")) 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_text = 1; 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp_text = 1; 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-req_text")) 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_text = 1; 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-resp_text")) 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp_text = 1; 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-reqin")) 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reqin = *args; 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-respin")) 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project respin = *args; 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-signer")) 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project signfile = *args; 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-VAfile")) 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_certfile = *args; 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_TRUSTOTHER; 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-sign_other")) 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sign_certfile = *args; 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-verify_other")) 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_certfile = *args; 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-CAfile")) 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CAfile = *args; 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-CApath")) 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CApath = *args; 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-validity_period")) 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nsec = atol(*args); 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (nsec < 0) 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal validity period %s\n", 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-status_age")) 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project maxage = atol(*args); 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (maxage < 0) 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal validity age %s\n", 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-signkey")) 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project keyfile = *args; 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-reqout")) 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reqout = *args; 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-respout")) 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project respout = *args; 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-path")) 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project path = *args; 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-issuer")) 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(issuer); 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project issuer = load_cert(bio_err, *args, FORMAT_PEM, 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "issuer certificate"); 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!issuer) goto end; 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-cert")) 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(cert); 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cert = load_cert(bio_err, *args, FORMAT_PEM, 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "certificate"); 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!cert) goto end; 445221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!cert_id_md) cert_id_md = EVP_sha1(); 446221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 448221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!sk_OPENSSL_STRING_push(reqnames, *args)) 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-serial")) 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 458221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!cert_id_md) cert_id_md = EVP_sha1(); 459221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 461221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!sk_OPENSSL_STRING_push(reqnames, *args)) 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-index")) 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ridx_filename = *args; 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-CA")) 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rca_filename = *args; 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-nmin")) 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nmin = atol(*args); 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (nmin < 0) 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal update period %s\n", 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ndays == -1) 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ndays = 0; 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-nrequest")) 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project accept_count = atol(*args); 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (accept_count < 0) 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal accept count %s\n", 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-ndays")) 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ndays = atol(*args); 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ndays < 0) 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal update period %s\n", 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-rsigner")) 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsignfile = *args; 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-rkey")) 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rkeyfile = *args; 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-rother")) 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rcertfile = *args; 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 561221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL) 562221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 563221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom badarg = 1; 564221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Have we anything to do? */ 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1; 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (badarg) 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "OCSP utility\n"); 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "Usage ocsp [options]\n"); 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "where options are\n"); 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-out file output filename\n"); 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-issuer file issuer certificate\n"); 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-cert file certificate to check\n"); 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-serial n serial number to check\n"); 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n"); 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n"); 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n"); 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n"); 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-req_text print text form of request\n"); 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-resp_text print text form of response\n"); 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-text print text form of request and response\n"); 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n"); 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n"); 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n"); 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n"); 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-nonce add OCSP nonce to request\n"); 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n"); 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-url URL OCSP responder URL\n"); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n"); 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-path path to use in OCSP request\n"); 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-VAfile file validator certificates file\n"); 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-noverify don't verify response at all\n"); 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n"); 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-trust_other don't verify additional certificates\n"); 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n"); 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n"); 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n"); 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_chain don't chain verify response\n"); 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-port num port to run responder on\n"); 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-index file certificate status index file\n"); 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-CA file CA certificate\n"); 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-rother file other certificates to include in response\n"); 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-ndays n number of days before next update\n"); 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); 62004ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n"); 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(outfile) out = BIO_new_file(outfile, "w"); 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else out = BIO_new_fp(stdout, BIO_NOCLOSE); 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!out) 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error opening output file\n"); 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && (add_nonce != 2)) add_nonce = 0; 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && reqin) 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project derbio = BIO_new_file(reqin, "rb"); 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!derbio) 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error Opening OCSP request file\n"); 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req = d2i_OCSP_REQUEST_bio(derbio, NULL); 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(derbio); 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!req) 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error reading OCSP request\n"); 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && port) 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project acbio = init_responder(port); 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!acbio) 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsignfile && !rdb) 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rkeyfile) rkeyfile = rsignfile; 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM, 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "responder certificate"); 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsigner) 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error loading responder certificate\n"); 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM, 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "CA certificate"); 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rcertfile) 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rother = load_certs(bio_err, rcertfile, FORMAT_PEM, 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "responder other certificates"); 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rother) goto end; 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "responder private key"); 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rkey) 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(acbio) 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project redo_accept: 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (acbio) 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!do_responder(&req, &cbio, acbio, port)) 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req) 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project send_ocsp_response(cbio, resp); 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto done_resp; 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Need an OCSP request for this operation!\n"); 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1); 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (signfile) 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!keyfile) keyfile = signfile; 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project signer = load_cert(bio_err, signfile, FORMAT_PEM, 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "signer certificate"); 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!signer) 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error loading signer certificate\n"); 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sign_certfile) 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM, 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "signer certificates"); 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sign_other) goto end; 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "signer private key"); 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!key) 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 727221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 728221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags)) 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error signing OCSP request\n"); 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req_text && req) OCSP_REQUEST_print(out, req, 0); 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reqout) 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project derbio = BIO_new_file(reqout, "wb"); 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!derbio) 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error opening file %s\n", reqout); 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_OCSP_REQUEST_bio(derbio, req); 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(derbio); 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ridx_filename && (!rkey || !rsigner || !rca_cert)) 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ridx_filename && !rdb) 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rdb = load_index(ridx_filename, NULL); 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rdb) goto end; 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!index_index(rdb)) goto end; 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rdb) 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays); 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cbio) 766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project send_ocsp_response(cbio, resp); 767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (host) 769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SOCK 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp = process_responder(bio_err, req, host, path, 772221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom port, use_ssl, headers, req_timeout); 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!resp) 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (respin) 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project derbio = BIO_new_file(respin, "rb"); 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!derbio) 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error Opening OCSP response file\n"); 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(derbio); 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!resp) 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error reading OCSP response\n"); 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 0; 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project done_resp: 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (respout) 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project derbio = BIO_new_file(respout, "wb"); 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!derbio) 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error opening file %s\n", respout); 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_OCSP_RESPONSE_bio(derbio, resp); 814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(derbio); 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = OCSP_response_status(resp); 818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(out, "Responder Error: %s (%d)\n", 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_response_status_str(i), i); 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ignore_err) 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto redo_accept; 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 0; 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (resp_text) OCSP_RESPONSE_print(out, resp, 0); 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If running as responder don't verify our own response */ 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cbio) 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (accept_count > 0) 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project accept_count--; 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Redo if more connections needed */ 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (accept_count) 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(cbio); 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cbio = NULL; 841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST_free(req); 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req = NULL; 843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE_free(resp); 844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp = NULL; 845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto redo_accept; 846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!store) 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project store = setup_verify(bio_err, CAfile, CApath); 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!store) 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verify_certfile) 855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, 857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "validator certificate"); 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!verify_other) goto end; 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bs = OCSP_response_get1_basic(resp); 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!bs) 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error parsing response\n"); 866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!noverify) 870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) 872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == -1) 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "WARNING: no nonce in response\n"); 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Nonce Verify error\n"); 878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = OCSP_basic_verify(bs, verify_other, store, verify_flags); 883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0); 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(i <= 0) 886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Response Verify Failure\n"); 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Response verify OK\n"); 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage)) 896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 0; 899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(signer); 903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_free(store); 904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(key); 905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(rkey); 906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(issuer); 907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(cert); 908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(rsigner); 909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(rca_cert); 910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project free_index(rdb); 911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(cbio); 912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(acbio); 913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(out); 914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST_free(req); 915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE_free(resp); 916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_BASICRESP_free(bs); 917221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sk_OPENSSL_STRING_free(reqnames); 918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_OCSP_CERTID_free(ids); 919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_pop_free(sign_other, X509_free); 920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_pop_free(verify_other, X509_free); 921221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); 922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (use_ssl != -1) 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(host); 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(port); 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(path); 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_EXIT(ret); 931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 933221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer, 934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids) 935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *id; 937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!issuer) 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "No issuer certificate specified\n"); 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!*req) *req = OCSP_REQUEST_new(); 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!*req) goto err; 944221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom id = OCSP_cert_to_id(cert_id_md, cert, issuer); 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!OCSP_request_add0_id(*req, id)) goto err; 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error Creating OCSP request\n"); 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 954221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_id_md, X509 *issuer, 955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids) 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *id; 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *iname; 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_BIT_STRING *ikey; 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER *sno; 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!issuer) 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "No issuer certificate specified\n"); 964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!*req) *req = OCSP_REQUEST_new(); 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!*req) goto err; 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project iname = X509_get_subject_name(issuer); 969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ikey = X509_get0_pubkey_bitstr(issuer); 970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sno = s2i_ASN1_INTEGER(NULL, serial); 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!sno) 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error converting serial number %s\n", serial); 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 976221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno); 977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER_free(sno); 978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; 979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!OCSP_request_add0_id(*req, id)) goto err; 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error Creating OCSP request\n"); 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, 988221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OPENSSL_STRING) *names, 989221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OCSP_CERTID) *ids, long nsec, 990221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long maxage) 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *id; 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *name; 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int status, reason; 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; 999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1000221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids)) 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = sk_OCSP_CERTID_value(ids, i); 1006221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom name = sk_OPENSSL_STRING_value(names, i); 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(out, "%s: ", name); 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!OCSP_resp_find_status(bs, id, &status, &reason, 1010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &rev, &thisupd, &nextupd)) 1011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "ERROR: No Status found.\n"); 1013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check validity: if invalid write to output BIO so we 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * know which response this refers to. 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "WARNING: Status times invalid.\n"); 1022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(out); 1023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(out, "%s\n", OCSP_cert_status_str(status)); 1025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\tThis Update: "); 1027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_print(out, thisupd); 1028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\n"); 1029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(nextupd) 1031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\tNext Update: "); 1033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_print(out, nextupd); 1034656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\n"); 1035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (status != V_OCSP_CERTSTATUS_REVOKED) 1038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason != -1) 1041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(out, "\tReason: %s\n", 1042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_crl_reason_str(reason)); 1043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\tRevocation Time: "); 1045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_print(out, rev); 1046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\n"); 1047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, 1054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *ca, X509 *rcert, EVP_PKEY *rkey, 1055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *rother, unsigned long flags, 1056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nmin, int ndays) 1057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME *thisupd = NULL, *nextupd = NULL; 1059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *cid, *ca_id = NULL; 1060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_BASICRESP *bs = NULL; 1061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i, id_count, ret = 1; 1062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id_count = OCSP_request_onereq_count(req); 1064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (id_count <= 0) 1066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 1068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bs = OCSP_BASICRESP_new(); 1073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd = X509_gmtime_adj(NULL, 0); 1074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ndays != -1) 1075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 ); 1076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Examine each certificate id in the request */ 1078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < id_count; i++) 1079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_ONEREQ *one; 1081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER *serial; 1082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char **inf; 1083221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ASN1_OBJECT *cert_id_md_oid; 1084221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const EVP_MD *cert_id_md; 1085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project one = OCSP_request_onereq_get0(req, i); 1086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cid = OCSP_onereq_get0_id(one); 1087221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1088221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid); 1089221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1090221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); 1091221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (! cert_id_md) 1092221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1093221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, 1094221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NULL); 1095221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto end; 1096221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1097221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ca_id) OCSP_CERTID_free(ca_id); 1098221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca); 1099221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Is this request about our CA? */ 1101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (OCSP_id_issuer_cmp(ca_id, cid)) 1102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_basic_add1_status(bs, cid, 1104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_OCSP_CERTSTATUS_UNKNOWN, 1105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, NULL, 1106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd, nextupd); 1107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project inf = lookup_serial(db, serial); 1111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!inf) 1112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_basic_add1_status(bs, cid, 1113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_OCSP_CERTSTATUS_UNKNOWN, 1114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, NULL, 1115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd, nextupd); 1116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (inf[DB_type][0] == DB_TYPE_VAL) 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_basic_add1_status(bs, cid, 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_OCSP_CERTSTATUS_GOOD, 1119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, NULL, 1120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd, nextupd); 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (inf[DB_type][0] == DB_TYPE_REV) 1122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT *inst = NULL; 1124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME *revtm = NULL; 1125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME *invtm = NULL; 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_SINGLERESP *single; 1127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int reason = -1; 1128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]); 1129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project single = OCSP_basic_add1_status(bs, cid, 1130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_OCSP_CERTSTATUS_REVOKED, 1131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason, revtm, 1132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd, nextupd); 1133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (invtm) 1134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); 1135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (inst) 1136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0); 1137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT_free(inst); 1138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME_free(revtm); 1139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_free(invtm); 1140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_copy_nonce(bs, req); 1144221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1145221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); 1146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); 1148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project end: 1150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME_free(thisupd); 1151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME_free(nextupd); 1152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID_free(ca_id); 1153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_BASICRESP_free(bs); 1154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 1155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) 1159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 1161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *bn = NULL; 1162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *itmp, *row[DB_NUMBER],**rrow; 1163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; 1164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bn = ASN1_INTEGER_to_BN(ser,NULL); 1165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */ 1166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_zero(bn)) 1167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = BUF_strdup("00"); 1168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = BN_bn2hex(bn); 1170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial] = itmp; 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(bn); 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 1173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(itmp); 1174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return rrow; 1175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Quick and dirty OCSP server: read in and parse input request */ 1178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic BIO *init_responder(char *port) 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *acbio = NULL, *bufbio = NULL; 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bufbio = BIO_new(BIO_f_buffer()); 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!bufbio) 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SOCK 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project acbio = BIO_new_accept(port); 1187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 1188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n"); 1189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!acbio) 1191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_accept_bios(acbio, bufbio); 1193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bufbio = NULL; 1194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_do_accept(acbio) <= 0) 1196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error setting up accept BIO\n"); 1198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return acbio; 1203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 1205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(acbio); 1206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(bufbio); 1207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port) 1211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int have_post = 0, len; 1213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req = NULL; 1214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char inbuf[1024]; 1215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *cbio = NULL; 1216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_do_accept(acbio) <= 0) 1218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error accepting connection\n"); 1220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cbio = BIO_pop(acbio); 1225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *pcbio = cbio; 1226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for(;;) 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = BIO_gets(cbio, inbuf, sizeof inbuf); 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len <= 0) 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Look for "POST" signalling start of query */ 1233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!have_post) 1234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(strncmp(inbuf, "POST", 4)) 1236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Invalid request\n"); 1238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project have_post = 1; 1241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Look for end of headers */ 1243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) 1244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Try to read OCSP request */ 1248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req = d2i_OCSP_REQUEST_bio(cbio, NULL); 1250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req) 1252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error parsing OCSP request\n"); 1254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *preq = req; 1258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) 1264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char http_resp[] = 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" 1267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Content-Length: %d\r\n\r\n"; 1268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!cbio) 1269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); 1271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_OCSP_RESPONSE_bio(cbio, resp); 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(cbio); 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, 1277221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(CONF_VALUE) *headers, 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req, int req_timeout) 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int fd; 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int rv; 1282221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int i; 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQ_CTX *ctx = NULL; 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE *rsp = NULL; 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fd_set confds; 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project struct timeval tv; 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req_timeout != -1) 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_nbio(cbio, 1); 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = BIO_do_connect(cbio); 1292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) 1294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Error connecting BIO\n"); 1296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_get_fd(cbio, &fd) <= 0) 1300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Can't get connection fd\n"); 1302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1305221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (req_timeout != -1 && rv <= 0) 1306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project FD_ZERO(&confds); 1308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project openssl_fdset(fd, &confds); 1309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_usec = 0; 1310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_sec = req_timeout; 1311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); 1312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 0) 1313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Timeout on connect\n"); 1315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1320221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ctx = OCSP_sendreq_new(cbio, path, NULL, -1); 1321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ctx) 1322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1323221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1324221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < sk_CONF_VALUE_num(headers); i++) 1325221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1326221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i); 1327221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value)) 1328221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1329221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1330221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1331221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!OCSP_REQ_CTX_set1_req(ctx, req)) 1332221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 1335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = OCSP_sendreq_nbio(&rsp, ctx); 1337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv != -1) 1338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1339221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (req_timeout == -1) 1340221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom continue; 1341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project FD_ZERO(&confds); 1342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project openssl_fdset(fd, &confds); 1343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_usec = 0; 1344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_sec = req_timeout; 1345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_should_read(cbio)) 1346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); 1347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (BIO_should_write(cbio)) 1348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); 1349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Unexpected retry condition\n"); 1352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 0) 1355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Timeout on request\n"); 1357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == -1) 1360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Select error\n"); 1362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 1367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx) 1368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQ_CTX_free(ctx); 1369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return rsp; 1371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectOCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, 1374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *host, char *path, char *port, int use_ssl, 1375221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(CONF_VALUE) *headers, 1376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req_timeout) 1377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *cbio = NULL; 1379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX *ctx = NULL; 1380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE *resp = NULL; 1381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cbio = BIO_new_connect(host); 1382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!cbio) 1383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(err, "Error creating connect BIO\n"); 1385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (port) BIO_set_conn_port(cbio, port); 1388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (use_ssl == 1) 1389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *sbio; 1391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) 1392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = SSL_CTX_new(SSLv23_client_method()); 1393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#elif !defined(OPENSSL_NO_SSL3) 1394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = SSL_CTX_new(SSLv3_client_method()); 1395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#elif !defined(OPENSSL_NO_SSL2) 1396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = SSL_CTX_new(SSLv2_client_method()); 1397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 1398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(err, "SSL is disabled\n"); 1399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx == NULL) 1402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(err, "Error creating SSL context.\n"); 1404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); 1407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sbio = BIO_new_ssl(ctx, 1); 1408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cbio = BIO_push(sbio, cbio); 1409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1410221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom resp = query_responder(err, cbio, path, headers, req, req_timeout); 1411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!resp) 1412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error querying OCSP responsder\n"); 1413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project end: 1414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cbio) 1415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(cbio); 1416221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ctx) 1417221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CTX_free(ctx); 1418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return resp; 1419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1422