New function OCSP_parse_url() and -url option for ocsp utility.

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

  *) New function OCSP_parse_url(). This splits up a URL into its host,

     port and path components: primarily to parse OCSP URLs. New -url

     option to ocsp utility.

     [Steve Henson]

  *) New nonce behavior. The return value of OCSP_check_nonce() now 

     reflects the various checks performed. Applications can decide

     whether to tolerate certain situations such as an absent nonce

int MAIN(int argc, char **argv)

	{

	char **args;

	char *host = NULL, *path = "/";

	char *host = NULL, *port = NULL, *path = "/";

	char *reqin = NULL, *respin = NULL;

	char *reqout = NULL, *respout = NULL;

	char *signfile = NULL, *keyfile = NULL;

	char *outfile = NULL;

	int add_nonce = 1, noverify = 0;

	int add_nonce = 1, noverify = 0, use_ssl = -1;

	OCSP_REQUEST *req = NULL;

	OCSP_RESPONSE *resp = NULL;

	OCSP_BASICRESP *bs = NULL;

				}

			else badarg = 1;

			}

		else if (!strcmp(*args, "-url"))

			{

			if (args[1])

				{

				args++;

				if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))

					{

					BIO_printf(bio_err, "Error parsing URL\n");

					badarg = 1;

					}

				}

			else badarg = 1;

			}

		else if (!strcmp(*args, "-host"))

			{

			if (args[1])

		BIO_printf (bio_err, "-respin file       read DER encoded OCSP reponse from \"file\"\n");

		BIO_printf (bio_err, "-nonce             add OCSP nonce to request\n");

		BIO_printf (bio_err, "-no_nonce          don't add OCSP nonce to request\n");

		BIO_printf (bio_err, "-url URL           OCSP responder URL\n");

		BIO_printf (bio_err, "-host host:n       send OCSP request to host on port n\n");

		BIO_printf (bio_err, "-path              path to use in OCSP request\n");

		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");

			BIO_printf(bio_err, "Error creating connect BIO\n");

			goto end;

			}

		if (port) BIO_set_conn_port(cbio, port);

		if (BIO_do_connect(cbio) <= 0)

			{

			BIO_printf(bio_err, "Error connecting BIO\n");

	sk_X509_pop_free(sign_other, X509_free);

	sk_X509_pop_free(verify_other, X509_free);

	if (use_ssl != -1)

		{

		OPENSSL_free(host);

		OPENSSL_free(port);

		OPENSSL_free(path);

		}

	EXIT(ret);

}

int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey);

int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);

int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

#define OCSP_F_OCSP_CHECK_IDS				 107

#define OCSP_F_OCSP_CHECK_ISSUER			 108

#define OCSP_F_OCSP_MATCH_ISSUERID			 109

#define OCSP_F_OCSP_PARSE_URL				 114

#define OCSP_F_OCSP_REQUEST_SIGN			 110

#define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111

#define OCSP_F_OCSP_SENDREQ_BIO				 112

#define OCSP_R_BAD_DATA					 100

#define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101

#define OCSP_R_DIGEST_ERR				 102

#define OCSP_R_ERROR_PARSING_URL			 121

#define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103

#define OCSP_R_NOT_BASIC_RESPONSE			 104

#define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105

{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0),	"OCSP_CHECK_IDS"},

{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0),	"OCSP_CHECK_ISSUER"},

{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0),	"OCSP_MATCH_ISSUERID"},

{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0),	"OCSP_parse_url"},

{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0),	"OCSP_request_sign"},

{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0),	"OCSP_response_get1_basic"},

{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0),	"OCSP_sendreq_bio"},

{OCSP_R_BAD_DATA                         ,"bad data"},

{OCSP_R_CERTIFICATE_VERIFY_ERROR         ,"certificate verify error"},

{OCSP_R_DIGEST_ERR                       ,"digest err"},

{OCSP_R_ERROR_PARSING_URL                ,"error parsing url"},

{OCSP_R_MISSING_OCSPSIGNING_USAGE        ,"missing ocspsigning usage"},

{OCSP_R_NOT_BASIC_RESPONSE               ,"not basic response"},

{OCSP_R_NO_CERTIFICATES_IN_CHAIN         ,"no certificates in chain"},

		}

	return OCSP_REQUEST_verify(req, pkey);

        }

/* Parse a URL and split it up into host, port and path components and whether

 * it is SSL.

 */

int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)

	{

	char *p, *buf;

	char *host, *port;

	/* dup the buffer since we are going to mess with it */

	buf = BUF_strdup(url);

	if (!buf) goto mem_err;

	*phost = NULL;

	*pport = NULL;

	*ppath = NULL;

	/* Check for initial colon */

	p = strchr(buf, ':');

	if (!p) goto parse_err;

	*(p++) = '\0';

	if (!strcmp(buf, "http"))

		{

		*pssl = 0;

		port = "80";

		}

	else if (!strcmp(buf, "https"))

		{

		*pssl = 1;

		port = "443";

		}

	else

		goto parse_err;

	/* Check for double slash */

	if ((p[0] != '/') || (p[1] != '/'))

		goto parse_err;

	p += 2;

	host = p;

	/* Check for trailing part of path */

	p = strchr(p, '/');

	if (!p) 

		*ppath = BUF_strdup("/");

	else

		{

		*ppath = BUF_strdup(p);

		/* Set start of path to 0 so hostname is valid */

		*p = '\0';

		}

	if (!*ppath) goto mem_err;

	/* Look for optional ':' for port number */

	if ((p = strchr(host, ':')))

		{

		*p = 0;

		port = p + 1;

		}

	else

		{

		/* Not found: set default port */

		if (*pssl) port = "443";

		else port = "80";

		}

	*pport = BUF_strdup(port);

	if (!*pport) goto mem_err;

	*phost = BUF_strdup(host);

	if (!*phost) goto mem_err;

	OPENSSL_free(buf);

	return 1;

	mem_err:

	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);

	goto err;

	parse_err:

	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);

	err:

	if (*ppath) OPENSSL_free(*ppath);

	if (*pport) OPENSSL_free(*pport);

	if (*phost) OPENSSL_free(*phost);

	return 0;

	}