mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make editorial changes suggested by Rich Salz and add the -rsigopt option to the man page for the ocsp command.

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4190)
This commit is contained in:
David Cooper 2017-12-12 16:01:22 -05:00 committed by Matt Caswell
parent b4dd21a7b8
commit 89623f8429
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/ocsp.c
View File

@ -719,8 +719,7 @@ redo_accept:
X509_free(signer);
X509_STORE_free(store);
X509_VERIFY_PARAM_free(vpm);
if (rsign_sigopts != NULL)
sk_OPENSSL_STRING_free(rsign_sigopts);
sk_OPENSSL_STRING_free(rsign_sigopts);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
X509_free(cert);
@ -971,6 +970,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
}
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
BIO_printf(err, "parameter error \"%s\"\n", sigopt);
ERR_print_errors(bio_err);
@ -989,8 +989,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
end:
if (mctx != NULL)
EVP_MD_CTX_free(mctx);
EVP_MD_CTX_free(mctx);
ASN1_TIME_free(thisupd);
ASN1_TIME_free(nextupd);
OCSP_BASICRESP_free(bs);

5
crypto/ocsp/ocsp_srv.c
View File

@ -175,8 +175,9 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
int i;
OCSP_RESPID *rid;
if (!ctx || !EVP_MD_CTX_pkey_ctx(ctx) || !EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)) ||
!X509_check_private_key(signer, EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)))) {
if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL
|| EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)) == NULL
|| !X509_check_private_key(signer, EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)))) {
OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,
OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
goto err;

6
doc/man1/ocsp.pod
View File

@ -81,6 +81,7 @@ B<openssl> B<ocsp>
[B<-rsigner file>]
[B<-rkey file>]
[B<-rother file>]
[B<-rsigopt nm:v>]
[B<-resp_no_certs>]
[B<-nmin n>]
[B<-ndays n>]
@ -340,6 +341,11 @@ subject name.
The private key to sign OCSP responses with: if not present the file
specified in the B<rsigner> option is used.
=item B<-rsigopt nm:v>
Pass options to the signature algorithm when signing OCSP responses.
Names and values of these options are algorithm-specific.
=item B<-port portnum>
Port to listen for OCSP requests on. The port may also be specified