HS 2.0 server: Allow OCSP responder to continue running after errors

By default, 'openssl ocsp' exits upon receiving a malformed request.
That's not really ideal for a server, so configure openssl to not do
that and instead, continue running to process other requests.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/hs20/server/ca/ocsp-responder.sh b/hs20/server/ca/ocsp-responder.sh
index 8cebd74533ad0f569180957f38972d44fa9d1134..620947d01af085ccaadaea9cae1293e3a7de27fe 100755 (executable)
--- a/hs20/server/ca/ocsp-responder.sh
+++ b/hs20/server/ca/ocsp-responder.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text
+openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text -ignore_err