← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openssl/lucid-proposed

« back to all changes in this revision

Viewing changes to apps/ocsp.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2009-06-13 18:15:46 UTC
  • mto: (11.1.5 squeeze)
  • mto: This revision was merged to the branch mainline in revision 34.
  • Revision ID: james.westby@ubuntu.com-20090613181546-vbfntai3b009dl1u
Tags: upstream-0.9.8k
ImportĀ upstreamĀ versionĀ 0.9.8k

Show diffs side-by-side

added added

removed removed

Lines of Context:
apps/ocsp.c
1
1
/* ocsp.c */
2
 
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
3
 * project 2000.
4
4
 */
5
5
/* ====================================================================
56
56
 *
57
57
 */
58
58
#ifndef OPENSSL_NO_OCSP
59
 
 
 
59
#define USE_SOCKETS
60
60
#include <stdio.h>
 
61
#include <stdlib.h>
61
62
#include <string.h>
62
 
#include "apps.h"
63
 
#include <openssl/pem.h>
64
 
#include <openssl/ocsp.h>
 
63
#include "apps.h" /* needs to be included before the openssl headers! */
 
64
#include <openssl/e_os2.h>
 
65
#include <openssl/ssl.h>
65
66
#include <openssl/err.h>
66
 
#include <openssl/ssl.h>
67
 
#include <openssl/bn.h>
68
67
 
69
68
/* Maximum leeway in validity period: default 5 minutes */
70
69
#define MAX_VALIDITY_PERIOD     (5 * 60)
86
85
static BIO *init_responder(char *port);
87
86
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
88
87
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
 
88
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
 
89
                                OCSP_REQUEST *req, int req_timeout);
89
90
 
90
91
#undef PROG
91
92
#define PROG ocsp_main
112
113
        BIO *acbio = NULL, *cbio = NULL;
113
114
        BIO *derbio = NULL;
114
115
        BIO *out = NULL;
 
116
        int req_timeout = -1;
115
117
        int req_text = 0, resp_text = 0;
116
118
        long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
117
119
        char *CAfile = NULL, *CApath = NULL;
118
120
        X509_STORE *store = NULL;
119
 
        SSL_CTX *ctx = NULL;
120
121
        STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
121
122
        char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
122
123
        unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
154
155
                                }
155
156
                        else badarg = 1;
156
157
                        }
 
158
                else if (!strcmp(*args, "-timeout"))
 
159
                        {
 
160
                        if (args[1])
 
161
                                {
 
162
                                args++;
 
163
                                req_timeout = atol(*args);
 
164
                                if (req_timeout < 0)
 
165
                                        {
 
166
                                        BIO_printf(bio_err,
 
167
                                                "Illegal timeout value %s\n",
 
168
                                                *args);
 
169
                                        badarg = 1;
 
170
                                        }
 
171
                                }
 
172
                        else badarg = 1;
 
173
                        }
157
174
                else if (!strcmp(*args, "-url"))
158
175
                        {
159
176
                        if (args[1])
703
720
        else if (host)
704
721
                {
705
722
#ifndef OPENSSL_NO_SOCK
706
 
                cbio = BIO_new_connect(host);
 
723
                resp = process_responder(bio_err, req, host, path,
 
724
                                                port, use_ssl, req_timeout);
 
725
                if (!resp)
 
726
                        goto end;
707
727
#else
708
728
                BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
709
729
                goto end;
710
730
#endif
711
 
                if (!cbio)
712
 
                        {
713
 
                        BIO_printf(bio_err, "Error creating connect BIO\n");
714
 
                        goto end;
715
 
                        }
716
 
                if (port) BIO_set_conn_port(cbio, port);
717
 
                if (use_ssl == 1)
718
 
                        {
719
 
                        BIO *sbio;
720
 
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
721
 
                        ctx = SSL_CTX_new(SSLv23_client_method());
722
 
#elif !defined(OPENSSL_NO_SSL3)
723
 
                        ctx = SSL_CTX_new(SSLv3_client_method());
724
 
#elif !defined(OPENSSL_NO_SSL2)
725
 
                        ctx = SSL_CTX_new(SSLv2_client_method());
726
 
#else
727
 
                        BIO_printf(bio_err, "SSL is disabled\n");
728
 
                        goto end;
729
 
#endif
730
 
                        if (ctx == NULL)
731
 
                                {
732
 
                                BIO_printf(bio_err, "Error creating SSL context.\n");
733
 
                                goto end;
734
 
                                }
735
 
                        SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
736
 
                        sbio = BIO_new_ssl(ctx, 1);
737
 
                        cbio = BIO_push(sbio, cbio);
738
 
                        }
739
 
                if (BIO_do_connect(cbio) <= 0)
740
 
                        {
741
 
                        BIO_printf(bio_err, "Error connecting BIO\n");
742
 
                        goto end;
743
 
                        }
744
 
                resp = OCSP_sendreq_bio(cbio, path, req);
745
 
                BIO_free_all(cbio);
746
 
                cbio = NULL;
747
 
                if (!resp)
748
 
                        {
749
 
                        BIO_printf(bio_err, "Error querying OCSP responsder\n");
750
 
                        goto end;
751
 
                        }
752
731
                }
753
732
        else if (respin)
754
733
                {
897
876
                OPENSSL_free(host);
898
877
                OPENSSL_free(port);
899
878
                OPENSSL_free(path);
900
 
                SSL_CTX_free(ctx);
901
879
                }
902
880
 
903
881
        OPENSSL_EXIT(ret);
1121
1099
        char *itmp, *row[DB_NUMBER],**rrow;
1122
1100
        for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
1123
1101
        bn = ASN1_INTEGER_to_BN(ser,NULL);
 
1102
        OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
1124
1103
        if (BN_is_zero(bn))
1125
1104
                itmp = BUF_strdup("00");
1126
1105
        else
1231
1210
        return 1;
1232
1211
        }
1233
1212
 
 
1213
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
 
1214
                                OCSP_REQUEST *req, int req_timeout)
 
1215
        {
 
1216
        int fd;
 
1217
        int rv;
 
1218
        OCSP_REQ_CTX *ctx = NULL;
 
1219
        OCSP_RESPONSE *rsp = NULL;
 
1220
        fd_set confds;
 
1221
        struct timeval tv;
 
1222
 
 
1223
        if (req_timeout != -1)
 
1224
                BIO_set_nbio(cbio, 1);
 
1225
 
 
1226
        rv = BIO_do_connect(cbio);
 
1227
 
 
1228
        if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
 
1229
                {
 
1230
                BIO_puts(err, "Error connecting BIO\n");
 
1231
                return NULL;
 
1232
                }
 
1233
 
 
1234
        if (req_timeout == -1)
 
1235
                return OCSP_sendreq_bio(cbio, path, req);
 
1236
 
 
1237
        if (BIO_get_fd(cbio, &fd) <= 0)
 
1238
                {
 
1239
                BIO_puts(err, "Can't get connection fd\n");
 
1240
                goto err;
 
1241
                }
 
1242
 
 
1243
        if (rv <= 0)
 
1244
                {
 
1245
                FD_ZERO(&confds);
 
1246
                openssl_fdset(fd, &confds);
 
1247
                tv.tv_usec = 0;
 
1248
                tv.tv_sec = req_timeout;
 
1249
                rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
 
1250
                if (rv == 0)
 
1251
                        {
 
1252
                        BIO_puts(err, "Timeout on connect\n");
 
1253
                        return NULL;
 
1254
                        }
 
1255
                }
 
1256
 
 
1257
 
 
1258
        ctx = OCSP_sendreq_new(cbio, path, req, -1);
 
1259
        if (!ctx)
 
1260
                return NULL;
 
1261
        
 
1262
        for (;;)
 
1263
                {
 
1264
                rv = OCSP_sendreq_nbio(&rsp, ctx);
 
1265
                if (rv != -1)
 
1266
                        break;
 
1267
                FD_ZERO(&confds);
 
1268
                openssl_fdset(fd, &confds);
 
1269
                tv.tv_usec = 0;
 
1270
                tv.tv_sec = req_timeout;
 
1271
                if (BIO_should_read(cbio))
 
1272
                        rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
 
1273
                else if (BIO_should_write(cbio))
 
1274
                        rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
 
1275
                else
 
1276
                        {
 
1277
                        BIO_puts(err, "Unexpected retry condition\n");
 
1278
                        goto err;
 
1279
                        }
 
1280
                if (rv == 0)
 
1281
                        {
 
1282
                        BIO_puts(err, "Timeout on request\n");
 
1283
                        break;
 
1284
                        }
 
1285
                if (rv == -1)
 
1286
                        {
 
1287
                        BIO_puts(err, "Select error\n");
 
1288
                        break;
 
1289
                        }
 
1290
                        
 
1291
                }
 
1292
        err:
 
1293
        if (ctx)
 
1294
                OCSP_REQ_CTX_free(ctx);
 
1295
 
 
1296
        return rsp;
 
1297
        }
 
1298
 
 
1299
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
 
1300
                        char *host, char *path, char *port, int use_ssl,
 
1301
                        int req_timeout)
 
1302
        {
 
1303
        BIO *cbio = NULL;
 
1304
        SSL_CTX *ctx = NULL;
 
1305
        OCSP_RESPONSE *resp = NULL;
 
1306
        cbio = BIO_new_connect(host);
 
1307
        if (!cbio)
 
1308
                {
 
1309
                BIO_printf(err, "Error creating connect BIO\n");
 
1310
                goto end;
 
1311
                }
 
1312
        if (port) BIO_set_conn_port(cbio, port);
 
1313
        if (use_ssl == 1)
 
1314
                {
 
1315
                BIO *sbio;
 
1316
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 
1317
                ctx = SSL_CTX_new(SSLv23_client_method());
 
1318
#elif !defined(OPENSSL_NO_SSL3)
 
1319
                ctx = SSL_CTX_new(SSLv3_client_method());
 
1320
#elif !defined(OPENSSL_NO_SSL2)
 
1321
                ctx = SSL_CTX_new(SSLv2_client_method());
 
1322
#else
 
1323
                BIO_printf(err, "SSL is disabled\n");
 
1324
                        goto end;
 
1325
#endif
 
1326
                if (ctx == NULL)
 
1327
                        {
 
1328
                        BIO_printf(err, "Error creating SSL context.\n");
 
1329
                        goto end;
 
1330
                        }
 
1331
                SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 
1332
                sbio = BIO_new_ssl(ctx, 1);
 
1333
                cbio = BIO_push(sbio, cbio);
 
1334
                }
 
1335
        resp = query_responder(err, cbio, path, req, req_timeout);
 
1336
        if (!resp)
 
1337
                BIO_printf(bio_err, "Error querying OCSP responsder\n");
 
1338
        end:
 
1339
        if (ctx)
 
1340
                SSL_CTX_free(ctx);
 
1341
        if (cbio)
 
1342
                BIO_free_all(cbio);
 
1343
        return resp;
 
1344
        }
 
1345
 
1234
1346
#endif