ret = gnutls_ocsp_req_init(&req);
if (ret < 0) {
- fprintf(stderr, "ocsp_req_init: %s", gnutls_strerror(ret));
+ fprintf(stderr, "ocsp_req_init: %s\n", gnutls_strerror(ret));
exit(1);
}
else
dat.data = (void *) fread_file(infile, &size);
if (dat.data == NULL) {
- fprintf(stderr, "reading request");
+ fprintf(stderr, "error reading request\n");
exit(1);
}
dat.size = size;
ret = gnutls_ocsp_req_import(req, &dat);
free(dat.data);
if (ret < 0) {
- fprintf(stderr, "importing request: %s",
+ fprintf(stderr, "error importing request: %s\n",
gnutls_strerror(ret));
exit(1);
}
ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &dat);
if (ret != 0) {
- fprintf(stderr, "ocsp_req_print: %s",
+ fprintf(stderr, "ocsp_req_print: %s\n",
gnutls_strerror(ret));
exit(1);
}
ret = gnutls_ocsp_resp_init(&resp);
if (ret < 0) {
- fprintf(stderr, "ocsp_resp_init: %s",
+ fprintf(stderr, "ocsp_resp_init: %s\n",
gnutls_strerror(ret));
exit(1);
}
ret = gnutls_ocsp_resp_import(resp, data);
if (ret < 0) {
- fprintf(stderr, "importing response: %s",
+ fprintf(stderr, "importing response: %s\n",
gnutls_strerror(ret));
exit(1);
}
gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT,
&buf);
if (ret != 0) {
- fprintf(stderr, "ocsp_resp_print: %s",
+ fprintf(stderr, "ocsp_resp_print: %s\n",
gnutls_strerror(ret));
exit(1);
}
else
dat.data = (void *) fread_file(infile, &size);
if (dat.data == NULL) {
- fprintf(stderr, "reading response");
+ fprintf(stderr, "error reading response\n");
exit(1);
}
dat.size = size;
size_t size;
if (!HAVE_OPT(LOAD_ISSUER)) {
- fprintf(stderr, "missing --load-issuer");
+ fprintf(stderr, "missing --load-issuer\n");
exit(1);
}
ret = gnutls_x509_crt_init(&crt);
if (ret < 0) {
- fprintf(stderr, "crt_init: %s", gnutls_strerror(ret));
+ fprintf(stderr, "crt_init: %s\n", gnutls_strerror(ret));
exit(1);
}
dat.size = size;
if (!dat.data) {
- fprintf(stderr, "reading --load-issuer: %s",
+ fprintf(stderr, "error reading --load-issuer: %s\n",
OPT_ARG(LOAD_ISSUER));
exit(1);
}
ret = gnutls_x509_crt_import(crt, &dat, encoding);
free(dat.data);
if (ret < 0) {
- fprintf(stderr, "importing --load-issuer: %s: %s",
+ fprintf(stderr, "error importing --load-issuer: %s: %s\n",
OPT_ARG(LOAD_ISSUER), gnutls_strerror(ret));
exit(1);
}
return crt;
}
+static gnutls_x509_crt_t load_signer(void)
+{
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!HAVE_OPT(LOAD_SIGNER)) {
+ fprintf(stderr, "missing --load-signer\n");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ fprintf(stderr, "crt_init: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) read_binary_file(OPT_ARG(LOAD_SIGNER), &size);
+ dat.size = size;
+
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-signer: %s\n",
+ OPT_ARG(LOAD_SIGNER));
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(crt, &dat, encoding);
+ free(dat.data);
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-signer: %s: %s\n",
+ OPT_ARG(LOAD_SIGNER), gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return crt;
+}
+
static gnutls_x509_crt_t load_cert(void)
{
gnutls_x509_crt_t crt;
size_t size;
if (!HAVE_OPT(LOAD_CERT)) {
- fprintf(stderr, "missing --load-cert");
+ fprintf(stderr, "missing --load-cert\n");
exit(1);
}
ret = gnutls_x509_crt_init(&crt);
if (ret < 0) {
- fprintf(stderr, "crt_init: %s", gnutls_strerror(ret));
+ fprintf(stderr, "crt_init: %s\n", gnutls_strerror(ret));
exit(1);
}
dat.size = size;
if (!dat.data) {
- fprintf(stderr, "reading --load-cert: %s",
+ fprintf(stderr, "reading --load-cert: %s\n",
OPT_ARG(LOAD_CERT));
exit(1);
}
ret = gnutls_x509_crt_import(crt, &dat, encoding);
free(dat.data);
if (ret < 0) {
- fprintf(stderr, "importing --load-cert: %s: %s",
+ fprintf(stderr, "importing --load-cert: %s: %s\n",
OPT_ARG(LOAD_CERT), gnutls_strerror(ret));
exit(1);
}
}
-static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce)
+static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
+ gnutls_x509_crt_t signer)
{
gnutls_ocsp_resp_t resp;
int ret;
size_t size;
gnutls_x509_crt_t *x509_ca_list = NULL;
- unsigned int x509_ncas = 0;
gnutls_x509_trust_list_t list;
- gnutls_x509_crt_t signer;
+ unsigned int x509_ncas = 0;
unsigned verify;
gnutls_datum_t dat;
ret = gnutls_ocsp_resp_init(&resp);
if (ret < 0) {
- fprintf(stderr, "ocsp_resp_init: %s",
+ fprintf(stderr, "ocsp_resp_init: %s\n",
gnutls_strerror(ret));
exit(1);
}
ret = gnutls_ocsp_resp_import(resp, data);
if (ret < 0) {
- fprintf(stderr, "importing response: %s",
+ fprintf(stderr, "importing response: %s\n",
gnutls_strerror(ret));
exit(1);
}
dat.data =
(void *) read_binary_file(OPT_ARG(LOAD_TRUST), &size);
if (dat.data == NULL) {
- fprintf(stderr, "reading --load-trust: %s",
+ fprintf(stderr, "reading --load-trust: %s\n",
OPT_ARG(LOAD_TRUST));
exit(1);
}
ret = gnutls_x509_trust_list_init(&list, 0);
if (ret < 0) {
- fprintf(stderr, "gnutls_x509_trust_list_init: %s",
+ fprintf(stderr, "gnutls_x509_trust_list_init: %s\n",
gnutls_strerror(ret));
exit(1);
}
&dat, GNUTLS_X509_FMT_PEM,
0);
if (ret < 0 || x509_ncas < 1) {
- fprintf(stderr, "error parsing CAs: %s",
+ fprintf(stderr, "error parsing CAs: %s\n",
gnutls_strerror(ret));
exit(1);
}
&out);
if (ret < 0) {
fprintf(stderr,
- "gnutls_x509_crt_print: %s",
+ "gnutls_x509_crt_print: %s\n",
gnutls_strerror(ret));
exit(1);
}
gnutls_x509_trust_list_add_cas(list, x509_ca_list,
x509_ncas, 0);
if (ret < 0) {
- fprintf(stderr, "gnutls_x509_trust_add_cas: %s",
+ fprintf(stderr, "gnutls_x509_trust_add_cas: %s\n",
gnutls_strerror(ret));
exit(1);
}
ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
if (ret < 0) {
- fprintf(stderr, "gnutls_ocsp_resp_verify: %s",
- gnutls_strerror(ret));
- exit(1);
- }
- } else if (HAVE_OPT(LOAD_SIGNER)) {
- ret = gnutls_x509_crt_init(&signer);
- if (ret < 0) {
- fprintf(stderr, "crt_init: %s",
+ fprintf(stderr, "gnutls_ocsp_resp_verify: %s\n",
gnutls_strerror(ret));
exit(1);
}
-
- dat.data =
- (void *) read_binary_file(OPT_ARG(LOAD_SIGNER), &size);
- if (dat.data == NULL) {
- fprintf(stderr, "reading --load-signer: %s",
- OPT_ARG(LOAD_SIGNER));
- exit(1);
- }
- dat.size = size;
-
- ret = gnutls_x509_crt_import(signer, &dat, encoding);
- free(dat.data);
- if (ret < 0) {
- fprintf(stderr, "importing --load-signer: %s: %s",
- OPT_ARG(LOAD_SIGNER),
- gnutls_strerror(ret));
- exit(1);
- }
-
+ } else if (signer) {
if (HAVE_OPT(VERBOSE)) {
gnutls_datum_t out;
&out);
if (ret < 0) {
fprintf(stderr,
- "gnutls_x509_crt_print: %s",
+ "gnutls_x509_crt_print: %s\n",
gnutls_strerror(ret));
exit(1);
}
0);
if (ret < 0) {
fprintf(stderr,
- "gnutls_ocsp_resp_verify_direct: %s",
+ "gnutls_ocsp_resp_verify_direct: %s\n",
gnutls_strerror(ret));
exit(1);
}
} else {
- fprintf(stderr, "missing --load-trust or --load-signer");
+ fprintf(stderr, "missing --load-trust or --load-signer\n");
exit(1);
}
{
gnutls_datum_t dat;
size_t size;
+ gnutls_x509_crt_t signer;
if (HAVE_OPT(LOAD_RESPONSE))
dat.data =
else
dat.data = (void *) fread_file(infile, &size);
if (dat.data == NULL) {
- fprintf(stderr, "reading response");
+ fprintf(stderr, "error reading response\n");
exit(1);
}
dat.size = size;
- _verify_response(&dat, nonce);
+ signer = load_signer();
+
+ _verify_response(&dat, nonce, signer);
}
static void ask_server(const char *url)
gnutls_x509_crt_t cert, issuer;
unsigned char noncebuf[23];
gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) };
+ gnutls_datum_t *n;
cert = load_cert();
issuer = load_issuer();
ret =
gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size);
if (ret < 0) {
- fprintf(stderr, "gnutls_rnd: %s",
+ fprintf(stderr, "gnutls_rnd: %s\n",
gnutls_strerror(ret));
exit(1);
}
+ n = &nonce;
- ret =
- send_ocsp_request(url, cert, issuer, &resp_data, &nonce);
} else {
- ret =
- send_ocsp_request(url, cert, issuer, &resp_data, NULL);
+ n = NULL;
}
+
+ ret =
+ send_ocsp_request(url, cert, issuer, &resp_data, n);
if (ret < 0) {
fprintf(stderr, "Cannot send OCSP request\n");
exit(1);
}
_response_info(&resp_data);
+ fprintf(outfile, "\n");
- if (HAVE_OPT(LOAD_SIGNER) || HAVE_OPT(LOAD_TRUST)) {
- fprintf(outfile, "\n");
- if (ENABLED_OPT(NONCE)) {
- v = _verify_response(&resp_data, &nonce);
- } else {
- v = _verify_response(&resp_data, NULL);
- }
+ if (HAVE_OPT(LOAD_TRUST)) {
+ v = _verify_response(&resp_data, n, NULL);
+ } else if (HAVE_OPT(LOAD_SIGNER)) {
+ v = _verify_response(&resp_data, n, load_signer());
} else {
fprintf(stderr,
- "\nResponse could not be verified (use --load-signer).\n");
- v = 0;
+ "\nAssuming response's signer = issuer (use --load-signer to override).\n");
+
+ v = _verify_response(&resp_data, n, issuer);
}
if (HAVE_OPT(OUTFILE) && v == 0) {
int ret;
if ((ret = gnutls_global_init()) < 0) {
- fprintf(stderr, "global_init: %s", gnutls_strerror(ret));
+ fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
exit(1);
}
if (HAVE_OPT(OUTFILE)) {
outfile = fopen(OPT_ARG(OUTFILE), "wb");
if (outfile == NULL) {
- fprintf(stderr, "%s", OPT_ARG(OUTFILE));
+ fprintf(stderr, "%s\n", OPT_ARG(OUTFILE));
exit(1);
}
} else
if (HAVE_OPT(INFILE)) {
infile = fopen(OPT_ARG(INFILE), "rb");
if (infile == NULL) {
- fprintf(stderr, "%s", OPT_ARG(INFILE));
+ fprintf(stderr, "%s\n", OPT_ARG(INFILE));
exit(1);
}
} else
projects / thirdparty / gnutls.git / commitdiff
