|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2011-2014 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
* Copyright (C) 2016-2017 Red Hat, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* GnuTLS is free software: you can redistribute it and/or modify it
|
|
Packit Service |
4684c1 |
* under the terms of the GNU General Public License as published by
|
|
Packit Service |
4684c1 |
* the Free Software Foundation, either version 3 of the License, or
|
|
Packit Service |
4684c1 |
* (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see
|
|
Packit Service |
4684c1 |
* <https://www.gnu.org/licenses/>.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <config.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <stdio.h>
|
|
Packit Service |
4684c1 |
#include <stdlib.h>
|
|
Packit Service |
4684c1 |
#include <string.h>
|
|
Packit Service |
4684c1 |
#include <errno.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <gnutls/gnutls.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/ocsp.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/x509.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/crypto.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <unistd.h> /* getpass */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Gnulib portability files. */
|
|
Packit Service |
4684c1 |
#include <read-file.h>
|
|
Packit Service |
4684c1 |
#include <socket.h>
|
|
Packit Service |
4684c1 |
#include <minmax.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <ocsptool-common.h>
|
|
Packit Service |
4684c1 |
#include <ocsptool-args.h>
|
|
Packit Service |
4684c1 |
#include "certtool-common.h"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
FILE *outfile;
|
|
Packit Service |
4684c1 |
static unsigned int incert_format, outcert_format;
|
|
Packit Service |
4684c1 |
static const char *outfile_name = NULL; /* to delete on exit */
|
|
Packit Service |
4684c1 |
FILE *infile;
|
|
Packit Service |
4684c1 |
static unsigned int encoding;
|
|
Packit Service |
4684c1 |
unsigned int verbose = 0;
|
|
Packit Service |
4684c1 |
static unsigned int vflags = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
const char *get_pass(void)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return getpass("Enter password: ");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
const char *get_confirmed_pass(bool ign)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return getpass("Enter password: ");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
void app_exit(int val)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (val != 0) {
|
|
Packit Service |
4684c1 |
if (outfile_name)
|
|
Packit Service |
4684c1 |
(void)remove(outfile_name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
exit(val);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void tls_log_func(int level, const char *str)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
fprintf(stderr, "|<%d>| %s", level, str);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_session_t init_tls_session(const char *host)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return NULL;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int do_handshake(socket_st * socket)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return -1;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void request_info(void)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_ocsp_req_t req;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_datum_t dat, rbuf;
|
|
Packit Service |
4684c1 |
size_t size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_req_init(&req;;
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "ocsp_req_init: %s\n", gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(LOAD_REQUEST))
|
|
Packit Service |
4684c1 |
dat.data =
|
|
Packit Service |
4684c1 |
(void *) read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
dat.data = (void *) fread_file(infile, 0, &size);
|
|
Packit Service |
4684c1 |
if (dat.data == NULL) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error reading request\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
dat.size = size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_req_import(req, &dat;;
|
|
Packit Service |
4684c1 |
free(dat.data);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error importing request: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &dat;;
|
|
Packit Service |
4684c1 |
if (ret != 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "ocsp_req_print: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(OUTFILE)) {
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_req_export(req, &rbuf);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error exporting request: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (outcert_format == GNUTLS_X509_FMT_PEM) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Cannot export requests into PEM form\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
fwrite(rbuf.data, 1, rbuf.size, outfile);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(rbuf.data);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
printf("%.*s", dat.size, dat.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(dat.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_ocsp_req_deinit(req);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void _response_info(const gnutls_datum_t * data, unsigned force_print)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_ocsp_resp_t resp;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_datum_t buf, rbuf;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (data->size == 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Received empty response\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_resp_init(&resp);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "ocsp_resp_init: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_resp_import2(resp, data, incert_format);
|
|
Packit Service |
4684c1 |
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
|
|
Packit Service |
4684c1 |
int ret2 = gnutls_ocsp_resp_import(resp, data);
|
|
Packit Service |
4684c1 |
if (ret2 >= 0)
|
|
Packit Service |
4684c1 |
ret = ret2;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error importing response: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ENABLED_OPT(VERBOSE))
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL,
|
|
Packit Service |
4684c1 |
&buf;;
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT,
|
|
Packit Service |
4684c1 |
&buf;;
|
|
Packit Service |
4684c1 |
if (ret != 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "ocsp_resp_print: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(OUTFILE)) {
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_resp_export2(resp, &rbuf, outcert_format);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error exporting response: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (outcert_format == GNUTLS_X509_FMT_PEM)
|
|
Packit Service |
4684c1 |
fprintf(outfile, "%.*s\n", buf.size, buf.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
fwrite(rbuf.data, 1, rbuf.size, outfile);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (outcert_format == GNUTLS_X509_FMT_PEM)
|
|
Packit Service |
4684c1 |
fprintf(outfile, "\n");
|
|
Packit Service |
4684c1 |
gnutls_free(rbuf.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (force_print || !HAVE_OPT(OUTFILE)) {
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_resp_export2(resp, &rbuf, GNUTLS_X509_FMT_PEM);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error exporting response: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
fprintf(stdout, "%.*s\n", buf.size, buf.data);
|
|
Packit Service |
4684c1 |
fwrite(rbuf.data, 1, rbuf.size, stdout);
|
|
Packit Service |
4684c1 |
gnutls_free(rbuf.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
gnutls_free(buf.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_ocsp_resp_deinit(resp);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void response_info(void)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dat;
|
|
Packit Service |
4684c1 |
size_t size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(LOAD_RESPONSE))
|
|
Packit Service |
4684c1 |
dat.data =
|
|
Packit Service |
4684c1 |
(void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
dat.data = (void *) fread_file(infile, 0, &size);
|
|
Packit Service |
4684c1 |
if (dat.data == NULL) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error reading response\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
dat.size = size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_response_info(&dat, 0);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(dat.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void generate_request(gnutls_datum_t *nonce)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dat;
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_t cert, issuer;
|
|
Packit Service |
4684c1 |
common_info_st info;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(&info, 0, sizeof(info));
|
|
Packit Service |
4684c1 |
info.verbose = verbose;
|
|
Packit Service |
4684c1 |
if (!HAVE_OPT(LOAD_CERT)) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Missing option --load-cert\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
info.cert = OPT_ARG(LOAD_CERT);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cert = load_cert(1, &info;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(&info, 0, sizeof(info));
|
|
Packit Service |
4684c1 |
info.verbose = verbose;
|
|
Packit Service |
4684c1 |
if (!HAVE_OPT(LOAD_ISSUER)) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Missing option --load-issuer\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
info.cert = OPT_ARG(LOAD_ISSUER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
issuer = load_cert(1, &info;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_generate_request(cert, issuer, &dat, nonce);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_deinit(cert);
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_deinit(issuer);
|
|
Packit Service |
4684c1 |
fwrite(dat.data, 1, dat.size, outfile);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(dat.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_t signer, unsigned print_resp)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_ocsp_resp_t resp;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
size_t size;
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_t *x509_ca_list = NULL;
|
|
Packit Service |
4684c1 |
gnutls_x509_trust_list_t list;
|
|
Packit Service |
4684c1 |
unsigned int x509_ncas = 0;
|
|
Packit Service |
4684c1 |
unsigned verify;
|
|
Packit Service |
4684c1 |
gnutls_datum_t dat;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_resp_init(&resp);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "ocsp_resp_init: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_resp_import(resp, data);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "importing response: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (print_resp) {
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT,
|
|
Packit Service |
4684c1 |
&dat;;
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "ocsp_resp_print: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
printf("%s\n", dat.data);
|
|
Packit Service |
4684c1 |
gnutls_free(dat.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (nonce) {
|
|
Packit Service |
4684c1 |
gnutls_datum_t rnonce;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "could not read response's nonce: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (rnonce.size != nonce->size || memcmp(nonce->data, rnonce.data,
|
|
Packit Service |
4684c1 |
nonce->size) != 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "nonce in the response doesn't match\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(rnonce.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(LOAD_TRUST)) {
|
|
Packit Service |
4684c1 |
dat.data =
|
|
Packit Service |
4684c1 |
(void *) read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size);
|
|
Packit Service |
4684c1 |
if (dat.data == NULL) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error reading --load-trust: %s\n",
|
|
Packit Service |
4684c1 |
OPT_ARG(LOAD_TRUST));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
dat.size = size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_trust_list_init(&list, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "gnutls_x509_trust_list_init: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
|
|
Packit Service |
4684c1 |
&dat, GNUTLS_X509_FMT_PEM,
|
|
Packit Service |
4684c1 |
0);
|
|
Packit Service |
4684c1 |
if (ret < 0 || x509_ncas < 1) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error parsing CAs: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(VERBOSE)) {
|
|
Packit Service |
4684c1 |
unsigned int i;
|
|
Packit Service |
4684c1 |
printf("Trust anchors:\n");
|
|
Packit Service |
4684c1 |
for (i = 0; i < x509_ncas; i++) {
|
|
Packit Service |
4684c1 |
gnutls_datum_t out;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_print(x509_ca_list[i],
|
|
Packit Service |
4684c1 |
GNUTLS_CRT_PRINT_ONELINE,
|
|
Packit Service |
4684c1 |
&out;;
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr,
|
|
Packit Service |
4684c1 |
"gnutls_x509_crt_print: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
printf("%d: %.*s\n", i, out.size,
|
|
Packit Service |
4684c1 |
out.data);
|
|
Packit Service |
4684c1 |
gnutls_free(out.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
printf("\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_x509_trust_list_add_cas(list, x509_ca_list,
|
|
Packit Service |
4684c1 |
x509_ncas, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "gnutls_x509_trust_add_cas: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(VERBOSE))
|
|
Packit Service |
4684c1 |
fprintf(stdout, "Loaded %d trust anchors\n",
|
|
Packit Service |
4684c1 |
x509_ncas);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_ocsp_resp_verify(resp, list, &verify, vflags);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "gnutls_ocsp_resp_verify: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else if (signer) {
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(VERBOSE)) {
|
|
Packit Service |
4684c1 |
gnutls_datum_t out;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_print(signer,
|
|
Packit Service |
4684c1 |
GNUTLS_CRT_PRINT_ONELINE,
|
|
Packit Service |
4684c1 |
&out;;
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr,
|
|
Packit Service |
4684c1 |
"gnutls_x509_crt_print: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
printf("Signer: %.*s\n", out.size, out.data);
|
|
Packit Service |
4684c1 |
gnutls_free(out.data);
|
|
Packit Service |
4684c1 |
printf("\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_ocsp_resp_verify_direct(resp, signer, &verify,
|
|
Packit Service |
4684c1 |
vflags);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr,
|
|
Packit Service |
4684c1 |
"\nVerifying OCSP Response: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "missing --load-trust or --load-signer\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
printf("\nVerifying OCSP Response: ");
|
|
Packit Service |
4684c1 |
print_ocsp_verify_res(verify);
|
|
Packit Service |
4684c1 |
printf(".\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_ocsp_resp_deinit(resp);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return verify;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define MAX_CHAIN_SIZE 8
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static
|
|
Packit Service |
4684c1 |
unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE])
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(LOAD_CHAIN)) {
|
|
Packit Service |
4684c1 |
common_info_st info;
|
|
Packit Service |
4684c1 |
size_t list_size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(&info, 0, sizeof(info));
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_t *list;
|
|
Packit Service |
4684c1 |
unsigned i;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
info.verbose = verbose;
|
|
Packit Service |
4684c1 |
info.cert = OPT_ARG(LOAD_CHAIN);
|
|
Packit Service |
4684c1 |
info.sort_chain = 1;
|
|
Packit Service |
4684c1 |
list = load_cert_list(1, &list_size, &info;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (list_size > MAX_CHAIN_SIZE) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Too many certificates in chain\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i=0;i
|
|
Packit Service |
4684c1 |
chain[i] = list[i];
|
|
Packit Service |
4684c1 |
gnutls_free(list);
|
|
Packit Service |
4684c1 |
return list_size;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
common_info_st info;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(&info, 0, sizeof(info));
|
|
Packit Service |
4684c1 |
info.verbose = verbose;
|
|
Packit Service |
4684c1 |
if (!HAVE_OPT(LOAD_CERT)) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Missing option --load-cert\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
info.cert = OPT_ARG(LOAD_CERT);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
chain[0] = load_cert(1, &info;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(&info, 0, sizeof(info));
|
|
Packit Service |
4684c1 |
info.verbose = verbose;
|
|
Packit Service |
4684c1 |
if (!HAVE_OPT(LOAD_ISSUER)) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Missing option --load-issuer\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
info.cert = OPT_ARG(LOAD_ISSUER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
chain[1] = load_cert(1, &info;;
|
|
Packit Service |
4684c1 |
return 2;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void verify_response(gnutls_datum_t *nonce)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dat;
|
|
Packit Service |
4684c1 |
size_t size;
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_t signer;
|
|
Packit Service |
4684c1 |
common_info_st info;
|
|
Packit Service |
4684c1 |
int v;
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_t chain[MAX_CHAIN_SIZE];
|
|
Packit Service |
4684c1 |
unsigned chain_size = 0, i;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(LOAD_RESPONSE))
|
|
Packit Service |
4684c1 |
dat.data =
|
|
Packit Service |
4684c1 |
(void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
dat.data = (void *) fread_file(infile, 0, &size);
|
|
Packit Service |
4684c1 |
if (dat.data == NULL) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error reading response\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
dat.size = size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(LOAD_CHAIN)) {
|
|
Packit Service |
4684c1 |
chain_size = load_chain(chain);
|
|
Packit Service |
4684c1 |
if (chain_size < 1) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Empty chain found; cannot verify\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (chain_size == 1)
|
|
Packit Service |
4684c1 |
signer = chain[0];
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
signer = chain[1];
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
v = _verify_response(&dat, nonce, signer, 1);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i=0;i
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_deinit(chain[i]);
|
|
Packit Service |
4684c1 |
} else if (HAVE_OPT(LOAD_TRUST)) {
|
|
Packit Service |
4684c1 |
v = _verify_response(&dat, nonce, NULL, 1);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
memset(&info, 0, sizeof(info));
|
|
Packit Service |
4684c1 |
info.verbose = verbose;
|
|
Packit Service |
4684c1 |
if (!HAVE_OPT(LOAD_SIGNER)) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Missing option --load-signer or --load-chain\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
info.cert = OPT_ARG(LOAD_SIGNER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
signer = load_cert(1, &info;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
v = _verify_response(&dat, nonce, signer, 1);
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_deinit(signer);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
free(dat.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (v && !HAVE_OPT(IGNORE_ERRORS))
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void ask_server(const char *url)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t resp_data;
|
|
Packit Service |
4684c1 |
int ret, v = 0, total_v = 0;
|
|
Packit Service |
4684c1 |
unsigned char noncebuf[23];
|
|
Packit Service |
4684c1 |
gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) };
|
|
Packit Service |
4684c1 |
gnutls_datum_t *n;
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_t chain[MAX_CHAIN_SIZE];
|
|
Packit Service |
4684c1 |
unsigned chain_size, counter;
|
|
Packit Service |
4684c1 |
unsigned idx = 0;
|
|
Packit Service |
4684c1 |
common_info_st info;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
chain_size = load_chain(chain);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (chain_size > 2 && HAVE_OPT(OUTFILE)) {
|
|
Packit Service |
4684c1 |
if (outcert_format != GNUTLS_X509_FMT_PEM) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "error: You cannot combine --outfile when more than 2 certificates are found in a chain\n");
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Did you mean to use --outpem?\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
counter = chain_size;
|
|
Packit Service |
4684c1 |
while(counter > 1) {
|
|
Packit Service |
4684c1 |
if (ENABLED_OPT(NONCE)) {
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "gnutls_rnd: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
n = &nonce;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
n = NULL;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
send_ocsp_request(url, chain[idx], chain[idx+1], &resp_data, n);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "Cannot send OCSP request\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_response_info(&resp_data, 1);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(LOAD_TRUST)) {
|
|
Packit Service |
4684c1 |
v = _verify_response(&resp_data, n, NULL, 0);
|
|
Packit Service |
4684c1 |
} else if (HAVE_OPT(LOAD_SIGNER)) {
|
|
Packit Service |
4684c1 |
memset(&info, 0, sizeof(info));
|
|
Packit Service |
4684c1 |
info.verbose = verbose;
|
|
Packit Service |
4684c1 |
info.cert = OPT_ARG(LOAD_SIGNER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
v = _verify_response(&resp_data, n, load_cert(1, &info), 0);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
if (!HAVE_OPT(LOAD_CHAIN))
|
|
Packit Service |
4684c1 |
fprintf(stderr,
|
|
Packit Service |
4684c1 |
"\nAssuming response's signer = issuer (use --load-signer to override).\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
v = _verify_response(&resp_data, n, chain[idx+1], 0);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
total_v += v;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
free(resp_data.data);
|
|
Packit Service |
4684c1 |
idx++;
|
|
Packit Service |
4684c1 |
counter--;
|
|
Packit Service |
4684c1 |
printf("\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (idx = 0;idx
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_deinit(chain[idx]);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (total_v && !HAVE_OPT(IGNORE_ERRORS))
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int main(int argc, char **argv)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((ret = gnutls_global_init()) < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
optionProcess(&ocsptoolOptions, argc, argv);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_global_set_log_function(tls_log_func);
|
|
Packit Service |
4684c1 |
gnutls_global_set_log_level(OPT_VALUE_DEBUG);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ENABLED_OPT(INDER))
|
|
Packit Service |
4684c1 |
incert_format = GNUTLS_X509_FMT_DER;
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
incert_format = GNUTLS_X509_FMT_PEM;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(OUTPEM))
|
|
Packit Service |
4684c1 |
outcert_format = GNUTLS_X509_FMT_PEM;
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
outcert_format = GNUTLS_X509_FMT_DER;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(VERIFY_ALLOW_BROKEN))
|
|
Packit Service |
4684c1 |
vflags |= GNUTLS_VERIFY_ALLOW_BROKEN;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(OUTFILE)) {
|
|
Packit Service |
4684c1 |
outfile = fopen(OPT_ARG(OUTFILE), "wb");
|
|
Packit Service |
4684c1 |
if (outfile == NULL) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "%s\n", OPT_ARG(OUTFILE));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
outfile_name = OPT_ARG(OUTFILE);
|
|
Packit Service |
4684c1 |
} else
|
|
Packit Service |
4684c1 |
outfile = stdout;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(INFILE)) {
|
|
Packit Service |
4684c1 |
infile = fopen(OPT_ARG(INFILE), "rb");
|
|
Packit Service |
4684c1 |
if (infile == NULL) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "%s\n", OPT_ARG(INFILE));
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else
|
|
Packit Service |
4684c1 |
infile = stdin;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ENABLED_OPT(INDER))
|
|
Packit Service |
4684c1 |
encoding = GNUTLS_X509_FMT_DER;
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
encoding = GNUTLS_X509_FMT_PEM;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (HAVE_OPT(REQUEST_INFO))
|
|
Packit Service |
4684c1 |
request_info();
|
|
Packit Service |
4684c1 |
else if (HAVE_OPT(RESPONSE_INFO))
|
|
Packit Service |
4684c1 |
response_info();
|
|
Packit Service |
4684c1 |
else if (HAVE_OPT(GENERATE_REQUEST))
|
|
Packit Service |
4684c1 |
generate_request(NULL);
|
|
Packit Service |
4684c1 |
else if (HAVE_OPT(VERIFY_RESPONSE))
|
|
Packit Service |
4684c1 |
verify_response(NULL);
|
|
Packit Service |
4684c1 |
else if (HAVE_OPT(ASK)) {
|
|
Packit Service |
4684c1 |
if ((!HAVE_OPT(LOAD_CERT)) && (!HAVE_OPT(LOAD_CHAIN))) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "This option required --load-chain or --load-cert\n");
|
|
Packit Service |
4684c1 |
app_exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
ask_server(OPT_ARG(ASK));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
USAGE(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (infile != stdin)
|
|
Packit Service |
4684c1 |
fclose(infile);
|
|
Packit Service |
4684c1 |
gnutls_global_deinit();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|