Loading apps/ocsp.c +8 −3 Original line number Diff line number Diff line Loading @@ -55,8 +55,12 @@ * Hudson (tjh@cryptsoft.com). * */ #ifndef OPENSSL_NO_OCSP #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_OCSP NON_EMPTY_TRANSLATION_UNIT #else # ifdef OPENSSL_SYS_VMS # define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined * on OpenVMS */ Loading @@ -69,8 +73,9 @@ # include <string.h> # include <time.h> # include <ctype.h> # include "apps.h" /* needs to be included before the openssl * headers! */ /* Needs to be included before the openssl headers */ # include "apps.h" # include <openssl/e_os2.h> # include <openssl/crypto.h> # include <openssl/err.h> Loading apps/s_client.c +8 −0 Original line number Diff line number Diff line Loading @@ -207,7 +207,9 @@ static int c_ign_eof = 0; static int c_brief = 0; static void print_stuff(BIO *berr, SSL *con, int full); #ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg); #endif static int saved_errno; Loading Loading @@ -757,7 +759,9 @@ OPTIONS s_client_options[] = { "Set TLS extension servername in ClientHello"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, #ifndef OPENSSL_NO_OCSP {"status", OPT_STATUS, '-', "Request certificate status from server"}, #endif {"serverinfo", OPT_SERVERINFO, 's', "types Send empty ClientHello extensions (comma-separated numbers)"}, {"alpn", OPT_ALPN, 's', Loading Loading @@ -1888,11 +1892,13 @@ int s_client_main(int argc, char **argv) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); } #ifndef OPENSSL_NO_OCSP if (c_status_req) { SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); } #endif SSL_set_bio(con, sbio, sbio); SSL_set_connect_state(con); Loading Loading @@ -2736,6 +2742,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) (void)BIO_flush(bio); } # ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg) { const unsigned char *p; Loading @@ -2759,5 +2766,6 @@ static int ocsp_resp_cb(SSL *s, void *arg) OCSP_RESPONSE_free(rsp); return 1; } # endif #endif apps/s_server.c +8 −1 Original line number Diff line number Diff line Loading @@ -230,7 +230,6 @@ static BIO *bio_s_msg = NULL; static int s_debug = 0; static int s_tlsextdebug = 0; static int s_tlsextstatus = 0; static int cert_status_cb(SSL *s, void *arg); static int no_resume_ephemeral = 0; static int s_msg = 0; static int s_quiet = 0; Loading Loading @@ -604,6 +603,7 @@ typedef struct tlsextstatusctx_st { static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, 0 }; #ifndef OPENSSL_NO_OCSP /* * Certificate Status callback. This is called when a client includes a * certificate status request extension. This is a simplified version. It Loading Loading @@ -717,6 +717,7 @@ static int cert_status_cb(SSL *s, void *arg) ret = SSL_TLSEXT_ERR_ALERT_FATAL; goto done; } #endif #ifndef OPENSSL_NO_NEXTPROTONEG /* This is the context that we pass to next_proto_cb */ Loading Loading @@ -919,12 +920,14 @@ OPTIONS s_server_options[] = { "CA file for certificate verification (PEM format)"}, {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"}, #ifndef OPENSSL_NO_OCSP {"status", OPT_STATUS, '-', "Request certificate status from server"}, {"status_verbose", OPT_STATUS_VERBOSE, '-', "Print more output in certificate status callback"}, {"status_timeout", OPT_STATUS_TIMEOUT, 'n', "Status request responder timeout"}, {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"}, #endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "trace protocol messages"}, #endif Loading Loading @@ -1323,6 +1326,7 @@ int s_server_main(int argc, char *argv[]) tlscstatp.timeout = atoi(opt_arg()); break; case OPT_STATUS_URL: #ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; if (!OCSP_parse_url(opt_arg(), &tlscstatp.host, Loading @@ -1331,6 +1335,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_err, "Error parsing URL\n"); goto end; } #endif break; case OPT_MSG: s_msg = 1; Loading Loading @@ -2009,6 +2014,7 @@ int s_server_main(int argc, char *argv[]) if (ctx2) SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); } #ifndef OPENSSL_NO_OCSP if (s_tlsextstatus) { SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); Loading @@ -2017,6 +2023,7 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp); } } #endif BIO_printf(bio_s_out, "ACCEPT\n"); (void)BIO_flush(bio_s_out); Loading crypto/err/err_all.c +2 −0 Original line number Diff line number Diff line Loading @@ -132,7 +132,9 @@ void err_load_crypto_strings_intern(void) # ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); # endif # ifndef OPENSSL_NO_OCSP ERR_load_OCSP_strings(); # endif #ifndef OPENSSL_NO_UI ERR_load_UI_strings(); #endif Loading crypto/x509/x_all.c +4 −0 Original line number Diff line number Diff line Loading @@ -103,11 +103,13 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) &x->sig_alg, &x->signature, &x->cert_info, ctx); } #ifndef OPENSSL_NO_OCSP int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) { return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); } #endif int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { Loading Loading @@ -137,12 +139,14 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) &x->crl, ctx); } #ifndef OPENSSL_NO_OCSP int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) { return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcrl, ASN1_ITEM_rptr(X509_CRL)); } #endif int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { Loading Loading
apps/ocsp.c +8 −3 Original line number Diff line number Diff line Loading @@ -55,8 +55,12 @@ * Hudson (tjh@cryptsoft.com). * */ #ifndef OPENSSL_NO_OCSP #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_OCSP NON_EMPTY_TRANSLATION_UNIT #else # ifdef OPENSSL_SYS_VMS # define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined * on OpenVMS */ Loading @@ -69,8 +73,9 @@ # include <string.h> # include <time.h> # include <ctype.h> # include "apps.h" /* needs to be included before the openssl * headers! */ /* Needs to be included before the openssl headers */ # include "apps.h" # include <openssl/e_os2.h> # include <openssl/crypto.h> # include <openssl/err.h> Loading
apps/s_client.c +8 −0 Original line number Diff line number Diff line Loading @@ -207,7 +207,9 @@ static int c_ign_eof = 0; static int c_brief = 0; static void print_stuff(BIO *berr, SSL *con, int full); #ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg); #endif static int saved_errno; Loading Loading @@ -757,7 +759,9 @@ OPTIONS s_client_options[] = { "Set TLS extension servername in ClientHello"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, #ifndef OPENSSL_NO_OCSP {"status", OPT_STATUS, '-', "Request certificate status from server"}, #endif {"serverinfo", OPT_SERVERINFO, 's', "types Send empty ClientHello extensions (comma-separated numbers)"}, {"alpn", OPT_ALPN, 's', Loading Loading @@ -1888,11 +1892,13 @@ int s_client_main(int argc, char **argv) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); } #ifndef OPENSSL_NO_OCSP if (c_status_req) { SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); } #endif SSL_set_bio(con, sbio, sbio); SSL_set_connect_state(con); Loading Loading @@ -2736,6 +2742,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) (void)BIO_flush(bio); } # ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg) { const unsigned char *p; Loading @@ -2759,5 +2766,6 @@ static int ocsp_resp_cb(SSL *s, void *arg) OCSP_RESPONSE_free(rsp); return 1; } # endif #endif
apps/s_server.c +8 −1 Original line number Diff line number Diff line Loading @@ -230,7 +230,6 @@ static BIO *bio_s_msg = NULL; static int s_debug = 0; static int s_tlsextdebug = 0; static int s_tlsextstatus = 0; static int cert_status_cb(SSL *s, void *arg); static int no_resume_ephemeral = 0; static int s_msg = 0; static int s_quiet = 0; Loading Loading @@ -604,6 +603,7 @@ typedef struct tlsextstatusctx_st { static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, 0 }; #ifndef OPENSSL_NO_OCSP /* * Certificate Status callback. This is called when a client includes a * certificate status request extension. This is a simplified version. It Loading Loading @@ -717,6 +717,7 @@ static int cert_status_cb(SSL *s, void *arg) ret = SSL_TLSEXT_ERR_ALERT_FATAL; goto done; } #endif #ifndef OPENSSL_NO_NEXTPROTONEG /* This is the context that we pass to next_proto_cb */ Loading Loading @@ -919,12 +920,14 @@ OPTIONS s_server_options[] = { "CA file for certificate verification (PEM format)"}, {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"}, #ifndef OPENSSL_NO_OCSP {"status", OPT_STATUS, '-', "Request certificate status from server"}, {"status_verbose", OPT_STATUS_VERBOSE, '-', "Print more output in certificate status callback"}, {"status_timeout", OPT_STATUS_TIMEOUT, 'n', "Status request responder timeout"}, {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"}, #endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "trace protocol messages"}, #endif Loading Loading @@ -1323,6 +1326,7 @@ int s_server_main(int argc, char *argv[]) tlscstatp.timeout = atoi(opt_arg()); break; case OPT_STATUS_URL: #ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; if (!OCSP_parse_url(opt_arg(), &tlscstatp.host, Loading @@ -1331,6 +1335,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_err, "Error parsing URL\n"); goto end; } #endif break; case OPT_MSG: s_msg = 1; Loading Loading @@ -2009,6 +2014,7 @@ int s_server_main(int argc, char *argv[]) if (ctx2) SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); } #ifndef OPENSSL_NO_OCSP if (s_tlsextstatus) { SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); Loading @@ -2017,6 +2023,7 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp); } } #endif BIO_printf(bio_s_out, "ACCEPT\n"); (void)BIO_flush(bio_s_out); Loading
crypto/err/err_all.c +2 −0 Original line number Diff line number Diff line Loading @@ -132,7 +132,9 @@ void err_load_crypto_strings_intern(void) # ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); # endif # ifndef OPENSSL_NO_OCSP ERR_load_OCSP_strings(); # endif #ifndef OPENSSL_NO_UI ERR_load_UI_strings(); #endif Loading
crypto/x509/x_all.c +4 −0 Original line number Diff line number Diff line Loading @@ -103,11 +103,13 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) &x->sig_alg, &x->signature, &x->cert_info, ctx); } #ifndef OPENSSL_NO_OCSP int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) { return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); } #endif int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { Loading Loading @@ -137,12 +139,14 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) &x->crl, ctx); } #ifndef OPENSSL_NO_OCSP int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) { return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcrl, ASN1_ITEM_rptr(X509_CRL)); } #endif int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>