1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ocsp.c */ 2e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * project 2000. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * licensing@OpenSSL.org. 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_OCSP 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 60221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef OPENSSL_SYS_VMS 61221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#define _XOPEN_SOURCE_EXTENDED /* So fd_set and friends get properly defined 62221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom on OpenVMS */ 63221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 64221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define USE_SOCKETS 66221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdlib.h> 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <string.h> 70221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <time.h> 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "apps.h" /* needs to be included before the openssl headers! */ 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/e_os2.h> 73221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/crypto.h> 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/err.h> 75221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/ssl.h> 76221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/evp.h> 77221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/bn.h> 78221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/x509v3.h> 79221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 80221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if defined(NETWARE_CLIB) 81221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# ifdef NETWARE_BSDSOCK 82221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <sys/socket.h> 83221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <sys/bsdskt.h> 84221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# else 85221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <novsock2.h> 86221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# endif 87221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#elif defined(NETWARE_LIBC) 88221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# ifdef NETWARE_BSDSOCK 89221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <sys/select.h> 90221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# else 91221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# include <novsock2.h> 92221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# endif 93221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 94221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Maximum leeway in validity period: default 5 minutes */ 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define MAX_VALIDITY_PERIOD (5 * 60) 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 98221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids); 100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids); 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, 103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OPENSSL_STRING) *names, 104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OCSP_CERTID) *ids, long nsec, 105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long maxage); 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *ca, X509 *rcert, EVP_PKEY *rkey, 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *rother, unsigned long flags, 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nmin, int ndays); 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic BIO *init_responder(char *port); 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, 117221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(CONF_VALUE) *headers, 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req, int req_timeout); 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef PROG 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define PROG ocsp_main 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MAIN(int, char **); 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MAIN(int argc, char **argv) 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENGINE *e = NULL; 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char **args; 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *host = NULL, *port = NULL, *path = "/"; 13077c6be7176c48d2ce4d5979a84876d34204eedafKenny Root char *thost = NULL, *tport = NULL, *tpath = NULL; 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *reqin = NULL, *respin = NULL; 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *reqout = NULL, *respout = NULL; 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *signfile = NULL, *keyfile = NULL; 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *rsignfile = NULL, *rkeyfile = NULL; 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *outfile = NULL; 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int add_nonce = 1, noverify = 0, use_ssl = -1; 137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(CONF_VALUE) *headers = NULL; 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req = NULL; 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE *resp = NULL; 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_BASICRESP *bs = NULL; 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *issuer = NULL, *cert = NULL; 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *signer = NULL, *rsigner = NULL; 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *key = NULL, *rkey = NULL; 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *acbio = NULL, *cbio = NULL; 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *derbio = NULL; 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *out = NULL; 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req_timeout = -1; 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req_text = 0, resp_text = 0; 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long nsec = MAX_VALIDITY_PERIOD, maxage = -1; 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *CAfile = NULL, *CApath = NULL; 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE *store = NULL; 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = 1; 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int accept_count = -1; 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int badarg = 0; 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ignore_err = 0; 160221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OPENSSL_STRING) *reqnames = NULL; 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids = NULL; 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *rca_cert = NULL; 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *ridx_filename = NULL; 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *rca_filename = NULL; 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CA_DB *rdb = NULL; 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nmin = 0, ndays = -1; 168221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const EVP_MD *cert_id_md = NULL; 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!load_config(bio_err, NULL)) 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_load_error_strings(); 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OpenSSL_add_ssl_algorithms(); 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args = argv + 1; 177221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom reqnames = sk_OPENSSL_STRING_new_null(); 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ids = sk_OCSP_CERTID_new_null(); 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (!badarg && *args && *args[0] == '-') 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!strcmp(*args, "-out")) 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project outfile = *args; 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-timeout")) 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_timeout = atol(*args); 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req_timeout < 0) 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal timeout value %s\n", 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-url")) 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 20877c6be7176c48d2ce4d5979a84876d34204eedafKenny Root if (thost) 20977c6be7176c48d2ce4d5979a84876d34204eedafKenny Root OPENSSL_free(thost); 21077c6be7176c48d2ce4d5979a84876d34204eedafKenny Root if (tport) 21177c6be7176c48d2ce4d5979a84876d34204eedafKenny Root OPENSSL_free(tport); 21277c6be7176c48d2ce4d5979a84876d34204eedafKenny Root if (tpath) 21377c6be7176c48d2ce4d5979a84876d34204eedafKenny Root OPENSSL_free(tpath); 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error parsing URL\n"); 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 22277c6be7176c48d2ce4d5979a84876d34204eedafKenny Root thost = host; 22377c6be7176c48d2ce4d5979a84876d34204eedafKenny Root tport = port; 22477c6be7176c48d2ce4d5979a84876d34204eedafKenny Root tpath = path; 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-host")) 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project host = *args; 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-port")) 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project port = *args; 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 246221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (!strcmp(*args, "-header")) 247221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 248221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (args[1] && args[2]) 249221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 250221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!X509V3_add_value(args[1], args[2], &headers)) 251221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto end; 252221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom args += 2; 253221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 254221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else badarg = 1; 255221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-ignore_err")) 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ignore_err = 1; 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-noverify")) 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project noverify = 1; 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-nonce")) 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project add_nonce = 2; 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_nonce")) 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project add_nonce = 0; 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-resp_no_certs")) 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rflags |= OCSP_NOCERTS; 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-resp_key_id")) 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rflags |= OCSP_RESPID_KEY; 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_certs")) 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sign_flags |= OCSP_NOCERTS; 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_signature_verify")) 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOSIGS; 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_cert_verify")) 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOVERIFY; 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_chain")) 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOCHAIN; 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_cert_checks")) 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOCHECKS; 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_explicit")) 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOEXPLICIT; 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-trust_other")) 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_TRUSTOTHER; 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-no_intern")) 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_NOINTERN; 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-text")) 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_text = 1; 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp_text = 1; 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-req_text")) 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_text = 1; 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-resp_text")) 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp_text = 1; 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-reqin")) 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reqin = *args; 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-respin")) 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project respin = *args; 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-signer")) 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project signfile = *args; 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-VAfile")) 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_certfile = *args; 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_flags |= OCSP_TRUSTOTHER; 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-sign_other")) 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sign_certfile = *args; 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-verify_other")) 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_certfile = *args; 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-CAfile")) 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CAfile = *args; 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-CApath")) 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CApath = *args; 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-validity_period")) 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nsec = atol(*args); 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (nsec < 0) 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal validity period %s\n", 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-status_age")) 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project maxage = atol(*args); 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (maxage < 0) 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal validity age %s\n", 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-signkey")) 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project keyfile = *args; 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-reqout")) 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reqout = *args; 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-respout")) 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project respout = *args; 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-path")) 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project path = *args; 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-issuer")) 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(issuer); 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project issuer = load_cert(bio_err, *args, FORMAT_PEM, 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "issuer certificate"); 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!issuer) goto end; 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-cert")) 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(cert); 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cert = load_cert(bio_err, *args, FORMAT_PEM, 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "certificate"); 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!cert) goto end; 455221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!cert_id_md) cert_id_md = EVP_sha1(); 456221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 458221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!sk_OPENSSL_STRING_push(reqnames, *args)) 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-serial")) 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 468221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!cert_id_md) cert_id_md = EVP_sha1(); 469221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 471221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!sk_OPENSSL_STRING_push(reqnames, *args)) 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-index")) 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ridx_filename = *args; 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-CA")) 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rca_filename = *args; 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-nmin")) 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nmin = atol(*args); 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (nmin < 0) 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal update period %s\n", 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ndays == -1) 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ndays = 0; 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-nrequest")) 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project accept_count = atol(*args); 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (accept_count < 0) 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal accept count %s\n", 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp (*args, "-ndays")) 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ndays = atol(*args); 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ndays < 0) 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Illegal update period %s\n", 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *args); 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badarg = 1; 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-rsigner")) 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsignfile = *args; 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-rkey")) 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rkeyfile = *args; 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*args, "-rother")) 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (args[1]) 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rcertfile = *args; 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else badarg = 1; 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 571221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL) 572221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 573221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom badarg = 1; 574221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project args++; 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Have we anything to do? */ 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1; 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (badarg) 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "OCSP utility\n"); 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "Usage ocsp [options]\n"); 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "where options are\n"); 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-out file output filename\n"); 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-issuer file issuer certificate\n"); 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-cert file certificate to check\n"); 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-serial n serial number to check\n"); 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n"); 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n"); 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n"); 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n"); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-req_text print text form of request\n"); 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-resp_text print text form of response\n"); 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-text print text form of request and response\n"); 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n"); 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n"); 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n"); 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n"); 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-nonce add OCSP nonce to request\n"); 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n"); 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-url URL OCSP responder URL\n"); 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n"); 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-path path to use in OCSP request\n"); 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-VAfile file validator certificates file\n"); 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-noverify don't verify response at all\n"); 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n"); 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-trust_other don't verify additional certificates\n"); 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n"); 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n"); 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n"); 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_chain don't chain verify response\n"); 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-port num port to run responder on\n"); 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-index file certificate status index file\n"); 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-CA file CA certificate\n"); 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-rother file other certificates to include in response\n"); 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-ndays n number of days before next update\n"); 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); 63004ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n"); 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(outfile) out = BIO_new_file(outfile, "w"); 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else out = BIO_new_fp(stdout, BIO_NOCLOSE); 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!out) 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error opening output file\n"); 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && (add_nonce != 2)) add_nonce = 0; 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && reqin) 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project derbio = BIO_new_file(reqin, "rb"); 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!derbio) 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error Opening OCSP request file\n"); 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req = d2i_OCSP_REQUEST_bio(derbio, NULL); 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(derbio); 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!req) 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error reading OCSP request\n"); 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && port) 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project acbio = init_responder(port); 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!acbio) 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsignfile && !rdb) 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rkeyfile) rkeyfile = rsignfile; 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM, 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "responder certificate"); 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsigner) 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error loading responder certificate\n"); 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM, 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "CA certificate"); 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rcertfile) 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rother = load_certs(bio_err, rcertfile, FORMAT_PEM, 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "responder other certificates"); 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rother) goto end; 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "responder private key"); 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rkey) 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(acbio) 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project redo_accept: 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (acbio) 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!do_responder(&req, &cbio, acbio, port)) 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req) 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project send_ocsp_response(cbio, resp); 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto done_resp; 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Need an OCSP request for this operation!\n"); 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1); 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (signfile) 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!keyfile) keyfile = signfile; 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project signer = load_cert(bio_err, signfile, FORMAT_PEM, 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "signer certificate"); 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!signer) 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error loading signer certificate\n"); 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sign_certfile) 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM, 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "signer certificates"); 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sign_other) goto end; 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "signer private key"); 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!key) 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 737221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 738221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags)) 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error signing OCSP request\n"); 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req_text && req) OCSP_REQUEST_print(out, req, 0); 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reqout) 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project derbio = BIO_new_file(reqout, "wb"); 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!derbio) 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error opening file %s\n", reqout); 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_OCSP_REQUEST_bio(derbio, req); 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(derbio); 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ridx_filename && (!rkey || !rsigner || !rca_cert)) 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ridx_filename && !rdb) 766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rdb = load_index(ridx_filename, NULL); 768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rdb) goto end; 769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!index_index(rdb)) goto end; 770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rdb) 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays); 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cbio) 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project send_ocsp_response(cbio, resp); 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (host) 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SOCK 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp = process_responder(bio_err, req, host, path, 782221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom port, use_ssl, headers, req_timeout); 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!resp) 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (respin) 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project derbio = BIO_new_file(respin, "rb"); 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!derbio) 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error Opening OCSP response file\n"); 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(derbio); 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!resp) 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error reading OCSP response\n"); 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 0; 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project done_resp: 814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (respout) 816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project derbio = BIO_new_file(respout, "wb"); 818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!derbio) 819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error opening file %s\n", respout); 821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_OCSP_RESPONSE_bio(derbio, resp); 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(derbio); 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = OCSP_response_status(resp); 828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(out, "Responder Error: %s (%d)\n", 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_response_status_str(i), i); 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ignore_err) 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto redo_accept; 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 0; 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (resp_text) OCSP_RESPONSE_print(out, resp, 0); 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If running as responder don't verify our own response */ 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cbio) 843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (accept_count > 0) 845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project accept_count--; 846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Redo if more connections needed */ 847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (accept_count) 848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(cbio); 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cbio = NULL; 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST_free(req); 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req = NULL; 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE_free(resp); 854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp = NULL; 855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto redo_accept; 856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!store) 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project store = setup_verify(bio_err, CAfile, CApath); 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!store) 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verify_certfile) 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "validator certificate"); 868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!verify_other) goto end; 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bs = OCSP_response_get1_basic(resp); 872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!bs) 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error parsing response\n"); 876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!noverify) 880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) 882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == -1) 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "WARNING: no nonce in response\n"); 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Nonce Verify error\n"); 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = OCSP_basic_verify(bs, verify_other, store, verify_flags); 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0); 894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(i <= 0) 896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Response Verify Failure\n"); 898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Response verify OK\n"); 902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage)) 906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 0; 909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(signer); 913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_free(store); 914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(key); 915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(rkey); 916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(issuer); 917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(cert); 918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(rsigner); 919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(rca_cert); 920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project free_index(rdb); 921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(cbio); 922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(acbio); 923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(out); 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST_free(req); 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE_free(resp); 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_BASICRESP_free(bs); 927221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sk_OPENSSL_STRING_free(reqnames); 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_OCSP_CERTID_free(ids); 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_pop_free(sign_other, X509_free); 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_pop_free(verify_other, X509_free); 931221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 93377c6be7176c48d2ce4d5979a84876d34204eedafKenny Root if (thost) 93477c6be7176c48d2ce4d5979a84876d34204eedafKenny Root OPENSSL_free(thost); 93577c6be7176c48d2ce4d5979a84876d34204eedafKenny Root if (tport) 93677c6be7176c48d2ce4d5979a84876d34204eedafKenny Root OPENSSL_free(tport); 93777c6be7176c48d2ce4d5979a84876d34204eedafKenny Root if (tpath) 93877c6be7176c48d2ce4d5979a84876d34204eedafKenny Root OPENSSL_free(tpath); 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_EXIT(ret); 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 943221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer, 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids) 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *id; 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!issuer) 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "No issuer certificate specified\n"); 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!*req) *req = OCSP_REQUEST_new(); 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!*req) goto err; 954221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom id = OCSP_cert_to_id(cert_id_md, cert, issuer); 955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!OCSP_request_add0_id(*req, id)) goto err; 957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error Creating OCSP request\n"); 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 964221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_id_md, X509 *issuer, 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(OCSP_CERTID) *ids) 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *id; 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *iname; 969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_BIT_STRING *ikey; 970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER *sno; 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!issuer) 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "No issuer certificate specified\n"); 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!*req) *req = OCSP_REQUEST_new(); 977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!*req) goto err; 978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project iname = X509_get_subject_name(issuer); 979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ikey = X509_get0_pubkey_bitstr(issuer); 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sno = s2i_ASN1_INTEGER(NULL, serial); 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!sno) 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error converting serial number %s\n", serial); 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 986221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno); 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER_free(sno); 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!OCSP_request_add0_id(*req, id)) goto err; 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error Creating OCSP request\n"); 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, 998221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OPENSSL_STRING) *names, 999221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OCSP_CERTID) *ids, long nsec, 1000221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long maxage) 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *id; 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *name; 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int status, reason; 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1010221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids)) 1011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) 1014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = sk_OCSP_CERTID_value(ids, i); 1016221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom name = sk_OPENSSL_STRING_value(names, i); 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(out, "%s: ", name); 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!OCSP_resp_find_status(bs, id, &status, &reason, 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &rev, &thisupd, &nextupd)) 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "ERROR: No Status found.\n"); 1023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check validity: if invalid write to output BIO so we 1027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * know which response this refers to. 1028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) 1030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "WARNING: Status times invalid.\n"); 1032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(out); 1033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1034656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(out, "%s\n", OCSP_cert_status_str(status)); 1035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\tThis Update: "); 1037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_print(out, thisupd); 1038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\n"); 1039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(nextupd) 1041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\tNext Update: "); 1043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_print(out, nextupd); 1044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\n"); 1045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (status != V_OCSP_CERTSTATUS_REVOKED) 1048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason != -1) 1051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(out, "\tReason: %s\n", 1052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_crl_reason_str(reason)); 1053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\tRevocation Time: "); 1055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_print(out, rev); 1056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(out, "\n"); 1057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, 1064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *ca, X509 *rcert, EVP_PKEY *rkey, 1065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *rother, unsigned long flags, 1066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nmin, int ndays) 1067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME *thisupd = NULL, *nextupd = NULL; 1069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *cid, *ca_id = NULL; 1070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_BASICRESP *bs = NULL; 1071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i, id_count, ret = 1; 1072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id_count = OCSP_request_onereq_count(req); 1074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (id_count <= 0) 1076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 1078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bs = OCSP_BASICRESP_new(); 1083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd = X509_gmtime_adj(NULL, 0); 1084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ndays != -1) 1085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 ); 1086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Examine each certificate id in the request */ 1088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < id_count; i++) 1089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_ONEREQ *one; 1091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER *serial; 1092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char **inf; 1093221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ASN1_OBJECT *cert_id_md_oid; 1094221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const EVP_MD *cert_id_md; 1095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project one = OCSP_request_onereq_get0(req, i); 1096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cid = OCSP_onereq_get0_id(one); 1097221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1098221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid); 1099221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); 1101221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (! cert_id_md) 1102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, 1104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NULL); 1105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto end; 1106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ca_id) OCSP_CERTID_free(ca_id); 1108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca); 1109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Is this request about our CA? */ 1111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (OCSP_id_issuer_cmp(ca_id, cid)) 1112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_basic_add1_status(bs, cid, 1114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_OCSP_CERTSTATUS_UNKNOWN, 1115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, NULL, 1116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd, nextupd); 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); 1120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project inf = lookup_serial(db, serial); 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!inf) 1122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_basic_add1_status(bs, cid, 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_OCSP_CERTSTATUS_UNKNOWN, 1124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, NULL, 1125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd, nextupd); 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (inf[DB_type][0] == DB_TYPE_VAL) 1127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_basic_add1_status(bs, cid, 1128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_OCSP_CERTSTATUS_GOOD, 1129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, NULL, 1130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd, nextupd); 1131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (inf[DB_type][0] == DB_TYPE_REV) 1132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT *inst = NULL; 1134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME *revtm = NULL; 1135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME *invtm = NULL; 1136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_SINGLERESP *single; 1137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int reason = -1; 1138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]); 1139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project single = OCSP_basic_add1_status(bs, cid, 1140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_OCSP_CERTSTATUS_REVOKED, 1141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason, revtm, 1142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project thisupd, nextupd); 1143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (invtm) 1144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); 1145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (inst) 1146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0); 1147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT_free(inst); 1148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME_free(revtm); 1149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_free(invtm); 1150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_copy_nonce(bs, req); 1154221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1155221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); 1156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); 1158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project end: 1160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME_free(thisupd); 1161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME_free(nextupd); 1162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID_free(ca_id); 1163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_BASICRESP_free(bs); 1164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 1165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) 1169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *bn = NULL; 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *itmp, *row[DB_NUMBER],**rrow; 1173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; 1174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bn = ASN1_INTEGER_to_BN(ser,NULL); 1175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */ 1176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_zero(bn)) 1177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = BUF_strdup("00"); 1178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project itmp = BN_bn2hex(bn); 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial] = itmp; 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(bn); 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(itmp); 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return rrow; 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Quick and dirty OCSP server: read in and parse input request */ 1188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic BIO *init_responder(char *port) 1190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *acbio = NULL, *bufbio = NULL; 1192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bufbio = BIO_new(BIO_f_buffer()); 1193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!bufbio) 1194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SOCK 1196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project acbio = BIO_new_accept(port); 1197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 1198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n"); 1199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!acbio) 1201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_accept_bios(acbio, bufbio); 1203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bufbio = NULL; 1204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_do_accept(acbio) <= 0) 1206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error setting up accept BIO\n"); 1208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return acbio; 1213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 1215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(acbio); 1216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(bufbio); 1217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port) 1221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int have_post = 0, len; 1223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req = NULL; 1224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char inbuf[1024]; 1225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *cbio = NULL; 1226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_do_accept(acbio) <= 0) 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error accepting connection\n"); 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cbio = BIO_pop(acbio); 1235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *pcbio = cbio; 1236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for(;;) 1238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = BIO_gets(cbio, inbuf, sizeof inbuf); 1240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len <= 0) 1241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Look for "POST" signalling start of query */ 1243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!have_post) 1244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(strncmp(inbuf, "POST", 4)) 1246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Invalid request\n"); 1248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project have_post = 1; 1251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Look for end of headers */ 1253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) 1254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Try to read OCSP request */ 1258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req = d2i_OCSP_REQUEST_bio(cbio, NULL); 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req) 1262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error parsing OCSP request\n"); 1264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *preq = req; 1268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char http_resp[] = 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" 1277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Content-Length: %d\r\n\r\n"; 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!cbio) 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2d_OCSP_RESPONSE_bio(cbio, resp); 1282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(cbio); 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, 1287221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(CONF_VALUE) *headers, 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req, int req_timeout) 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int fd; 1291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int rv; 1292221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int i; 1293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQ_CTX *ctx = NULL; 1294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE *rsp = NULL; 1295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fd_set confds; 1296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project struct timeval tv; 1297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req_timeout != -1) 1299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_nbio(cbio, 1); 1300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = BIO_do_connect(cbio); 1302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) 1304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Error connecting BIO\n"); 1306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_get_fd(cbio, &fd) <= 0) 1310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Can't get connection fd\n"); 1312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1315221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (req_timeout != -1 && rv <= 0) 1316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project FD_ZERO(&confds); 1318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project openssl_fdset(fd, &confds); 1319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_usec = 0; 1320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_sec = req_timeout; 1321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); 1322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 0) 1323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Timeout on connect\n"); 1325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1330221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ctx = OCSP_sendreq_new(cbio, path, NULL, -1); 1331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ctx) 1332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1333221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1334221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < sk_CONF_VALUE_num(headers); i++) 1335221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1336221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i); 1337221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value)) 1338221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1339221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1340221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1341221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!OCSP_REQ_CTX_set1_req(ctx, req)) 1342221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 1345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = OCSP_sendreq_nbio(&rsp, ctx); 1347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv != -1) 1348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1349221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (req_timeout == -1) 1350221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom continue; 1351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project FD_ZERO(&confds); 1352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project openssl_fdset(fd, &confds); 1353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_usec = 0; 1354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_sec = req_timeout; 1355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_should_read(cbio)) 1356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); 1357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (BIO_should_write(cbio)) 1358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); 1359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Unexpected retry condition\n"); 1362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == 0) 1365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Timeout on request\n"); 1367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rv == -1) 1370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "Select error\n"); 1372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1374221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 1377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx) 1378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQ_CTX_free(ctx); 1379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return rsp; 1381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectOCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, 1384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *host, char *path, char *port, int use_ssl, 1385221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(CONF_VALUE) *headers, 1386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req_timeout) 1387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *cbio = NULL; 1389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX *ctx = NULL; 1390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE *resp = NULL; 1391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cbio = BIO_new_connect(host); 1392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!cbio) 1393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(err, "Error creating connect BIO\n"); 1395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (port) BIO_set_conn_port(cbio, port); 1398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (use_ssl == 1) 1399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *sbio; 1401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) 1402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = SSL_CTX_new(SSLv23_client_method()); 1403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#elif !defined(OPENSSL_NO_SSL3) 1404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = SSL_CTX_new(SSLv3_client_method()); 1405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#elif !defined(OPENSSL_NO_SSL2) 1406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = SSL_CTX_new(SSLv2_client_method()); 1407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 1408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(err, "SSL is disabled\n"); 1409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx == NULL) 1412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(err, "Error creating SSL context.\n"); 1414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); 1417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sbio = BIO_new_ssl(ctx, 1); 1418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cbio = BIO_push(sbio, cbio); 1419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1420221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom resp = query_responder(err, cbio, path, headers, req, req_timeout); 1421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!resp) 1422c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BIO_printf(bio_err, "Error querying OCSP responder\n"); 1423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project end: 1424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cbio) 1425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(cbio); 1426221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ctx) 1427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CTX_free(ctx); 1428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return resp; 1429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1432