Commit 89623f84 authored by David Cooper's avatar David Cooper Committed by Matt Caswell
Browse files

Make editorial changes suggested by Rich Salz and add the -rsigopt option to... 


Make editorial changes suggested by Rich Salz and add the -rsigopt option to the man page for the ocsp command.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4190)
parent b4dd21a7

apps/ocsp.c

+3 −4
Original line number Diff line number Diff line
@@ -719,7 +719,6 @@ redo_accept: 
    X509_free(signer);

    X509_STORE_free(store);

    X509_VERIFY_PARAM_free(vpm);

    if (rsign_sigopts != NULL)

    sk_OPENSSL_STRING_free(rsign_sigopts);

    EVP_PKEY_free(key);

    EVP_PKEY_free(rkey);
@@ -971,6 +970,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req 
    }

    for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {

        char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);



        if (pkey_ctrl_string(pkctx, sigopt) <= 0) {

            BIO_printf(err, "parameter error \"%s\"\n", sigopt);

            ERR_print_errors(bio_err);
@@ -989,7 +989,6 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req 
    *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);



 end:

    if (mctx != NULL)

    EVP_MD_CTX_free(mctx);

    ASN1_TIME_free(thisupd);

    ASN1_TIME_free(nextupd);

crypto/ocsp/ocsp_srv.c

+3 −2
Original line number Diff line number Diff line
@@ -175,8 +175,9 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, 
    int i;

    OCSP_RESPID *rid;



    if (!ctx || !EVP_MD_CTX_pkey_ctx(ctx) || !EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)) ||

        !X509_check_private_key(signer, EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)))) {

    if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL

        || EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)) == NULL

        || !X509_check_private_key(signer, EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)))) {

        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,

                OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

        goto err;

doc/man1/ocsp.pod

+6 −0
Original line number Diff line number Diff line
@@ -81,6 +81,7 @@ B<openssl> B<ocsp> 
[B<-rsigner file>]

[B<-rkey file>]

[B<-rother file>]

[B<-rsigopt nm:v>]

[B<-resp_no_certs>]

[B<-nmin n>]

[B<-ndays n>]
@@ -340,6 +341,11 @@ subject name. 
The private key to sign OCSP responses with: if not present the file

specified in the B<rsigner> option is used.



=item B<-rsigopt nm:v>



Pass options to the signature algorithm when signing OCSP responses.

Names and values of these options are algorithm-specific.



=item B<-port portnum>



Port to listen for OCSP requests on. The port may also be specified