From 2e674fc611840fecf8bc9cfd34e0e56619354561 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 13 Jun 2002 12:54:52 +0000 Subject: [PATCH] Fix ext_dat.h extension ordering. Reinstate -reqout code. Avoid coredump in ocsp if setup_verify fails. Fix typo in ocsp usage message. --- apps/ocsp.c | 18 ++++++++++++++++-- crypto/x509v3/ext_dat.h | 4 ++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index c87edbc44..50af2a56f 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -553,8 +553,8 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-port num port to run responder on\n"); BIO_printf (bio_err, "-index file certificate status index file\n"); BIO_printf (bio_err, "-CA file CA certificate\n"); - BIO_printf (bio_err, "-rsigner file responder certificate to sign requests with\n"); - BIO_printf (bio_err, "-rkey file responder key to sign requests with\n"); + BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); + BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); BIO_printf (bio_err, "-rother file other certificates to include in response\n"); BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); @@ -676,6 +676,18 @@ int MAIN(int argc, char **argv) if (req_text && req) OCSP_REQUEST_print(out, req, 0); + if (reqout) + { + derbio = BIO_new_file(reqout, "wb"); + if(!derbio) + { + BIO_printf(bio_err, "Error opening file %s\n", reqout); + goto end; + } + i2d_OCSP_REQUEST_bio(derbio, req); + BIO_free(derbio); + } + if (ridx_filename && (!rkey || !rsigner || !rca_cert)) { BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); @@ -809,6 +821,8 @@ int MAIN(int argc, char **argv) if (!store) store = setup_verify(bio_err, CAfile, CApath); + if (!store) + goto end; if (verify_certfile) { verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 586f116db..2fb97d892 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -99,8 +99,8 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_ocsp_nocheck, &v3_ocsp_acutoff, &v3_ocsp_serviceloc, -&v3_crl_hold, -&v3_sinfo +&v3_sinfo, +&v3_crl_hold }; /* Number of standard extensions */