112
113
BIO *acbio = NULL, *cbio = NULL;
113
114
BIO *derbio = NULL;
116
int req_timeout = -1;
115
117
int req_text = 0, resp_text = 0;
116
118
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
117
119
char *CAfile = NULL, *CApath = NULL;
118
120
X509_STORE *store = NULL;
120
121
STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
121
122
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
122
123
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
705
722
#ifndef OPENSSL_NO_SOCK
706
cbio = BIO_new_connect(host);
723
resp = process_responder(bio_err, req, host, path,
724
port, use_ssl, req_timeout);
708
728
BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
713
BIO_printf(bio_err, "Error creating connect BIO\n");
716
if (port) BIO_set_conn_port(cbio, port);
720
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
721
ctx = SSL_CTX_new(SSLv23_client_method());
722
#elif !defined(OPENSSL_NO_SSL3)
723
ctx = SSL_CTX_new(SSLv3_client_method());
724
#elif !defined(OPENSSL_NO_SSL2)
725
ctx = SSL_CTX_new(SSLv2_client_method());
727
BIO_printf(bio_err, "SSL is disabled\n");
732
BIO_printf(bio_err, "Error creating SSL context.\n");
735
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
736
sbio = BIO_new_ssl(ctx, 1);
737
cbio = BIO_push(sbio, cbio);
739
if (BIO_do_connect(cbio) <= 0)
741
BIO_printf(bio_err, "Error connecting BIO\n");
744
resp = OCSP_sendreq_bio(cbio, path, req);
749
BIO_printf(bio_err, "Error querying OCSP responsder\n");
1213
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
1214
OCSP_REQUEST *req, int req_timeout)
1218
OCSP_REQ_CTX *ctx = NULL;
1219
OCSP_RESPONSE *rsp = NULL;
1223
if (req_timeout != -1)
1224
BIO_set_nbio(cbio, 1);
1226
rv = BIO_do_connect(cbio);
1228
if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
1230
BIO_puts(err, "Error connecting BIO\n");
1234
if (req_timeout == -1)
1235
return OCSP_sendreq_bio(cbio, path, req);
1237
if (BIO_get_fd(cbio, &fd) <= 0)
1239
BIO_puts(err, "Can't get connection fd\n");
1246
openssl_fdset(fd, &confds);
1248
tv.tv_sec = req_timeout;
1249
rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
1252
BIO_puts(err, "Timeout on connect\n");
1258
ctx = OCSP_sendreq_new(cbio, path, req, -1);
1264
rv = OCSP_sendreq_nbio(&rsp, ctx);
1268
openssl_fdset(fd, &confds);
1270
tv.tv_sec = req_timeout;
1271
if (BIO_should_read(cbio))
1272
rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
1273
else if (BIO_should_write(cbio))
1274
rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
1277
BIO_puts(err, "Unexpected retry condition\n");
1282
BIO_puts(err, "Timeout on request\n");
1287
BIO_puts(err, "Select error\n");
1294
OCSP_REQ_CTX_free(ctx);
1299
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
1300
char *host, char *path, char *port, int use_ssl,
1304
SSL_CTX *ctx = NULL;
1305
OCSP_RESPONSE *resp = NULL;
1306
cbio = BIO_new_connect(host);
1309
BIO_printf(err, "Error creating connect BIO\n");
1312
if (port) BIO_set_conn_port(cbio, port);
1316
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
1317
ctx = SSL_CTX_new(SSLv23_client_method());
1318
#elif !defined(OPENSSL_NO_SSL3)
1319
ctx = SSL_CTX_new(SSLv3_client_method());
1320
#elif !defined(OPENSSL_NO_SSL2)
1321
ctx = SSL_CTX_new(SSLv2_client_method());
1323
BIO_printf(err, "SSL is disabled\n");
1328
BIO_printf(err, "Error creating SSL context.\n");
1331
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
1332
sbio = BIO_new_ssl(ctx, 1);
1333
cbio = BIO_push(sbio, cbio);
1335
resp = query_responder(err, cbio, path, req, req_timeout);
1337
BIO_printf(bio_err, "Error querying OCSP responsder\n");