From: Jouni Malinen <j@w1.fi>
Date: Sat, 7 Mar 2020 11:26:56 +0000 (+0200)
Subject: HS 2.0 server: Allow OCSP responder to continue running after errors
X-Git-Tag: hostap_2_10~1669
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87998f80e7d05e0ad846bcf5152e4d5065dde49b;p=thirdparty%2Fhostap.git

HS 2.0 server: Allow OCSP responder to continue running after errors

By default, 'openssl ocsp' exits upon receiving a malformed request.
That's not really ideal for a server, so configure openssl to not do
that and instead, continue running to process other requests.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/hs20/server/ca/ocsp-responder.sh b/hs20/server/ca/ocsp-responder.sh
index 8cebd7453..620947d01 100755
--- a/hs20/server/ca/ocsp-responder.sh
+++ b/hs20/server/ca/ocsp-responder.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text
+openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text -ignore_err