summaryrefslogtreecommitdiff
path: root/src/ocsptool.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/ocsptool.c')
-rw-r--r--src/ocsptool.c91
1 files changed, 45 insertions, 46 deletions
diff --git a/src/ocsptool.c b/src/ocsptool.c
index 8e558dfb83..86df3331a7 100644
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -31,7 +31,7 @@
#include <gnutls/x509.h>
#include <gnutls/crypto.h>
-#include <unistd.h> /* getpass */
+#include <unistd.h> /* getpass */
/* Gnulib portability files. */
#include <read-file.h>
@@ -44,7 +44,7 @@
FILE *outfile;
static unsigned int incert_format, outcert_format;
-static const char *outfile_name = NULL; /* to delete on exit */
+static const char *outfile_name = NULL; /* to delete on exit */
FILE *infile;
static unsigned int encoding;
unsigned int verbose = 0;
@@ -99,16 +99,15 @@ static void request_info(void)
if (HAVE_OPT(LOAD_REQUEST))
dat.data =
- (void *) read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size);
+ (void *)read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size);
else
- dat.data = (void *) fread_file(infile, 0, &size);
+ dat.data = (void *)fread_file(infile, 0, &size);
if (dat.data == NULL) {
fprintf(stderr, "error reading request\n");
app_exit(1);
}
dat.size = size;
-
ret = gnutls_ocsp_req_import(req, &dat);
free(dat.data);
if (ret < 0) {
@@ -119,8 +118,7 @@ static void request_info(void)
ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &dat);
if (ret != 0) {
- fprintf(stderr, "ocsp_req_print: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "ocsp_req_print: %s\n", gnutls_strerror(ret));
app_exit(1);
}
@@ -133,7 +131,8 @@ static void request_info(void)
}
if (outcert_format == GNUTLS_X509_FMT_PEM) {
- fprintf(stderr, "Cannot export requests into PEM form\n");
+ fprintf(stderr,
+ "Cannot export requests into PEM form\n");
app_exit(1);
} else {
fwrite(rbuf.data, 1, rbuf.size, outfile);
@@ -162,8 +161,7 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print)
ret = gnutls_ocsp_resp_init(&resp);
if (ret < 0) {
- fprintf(stderr, "ocsp_resp_init: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "ocsp_resp_init: %s\n", gnutls_strerror(ret));
app_exit(1);
}
@@ -181,15 +179,13 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print)
if (ENABLED_OPT(VERBOSE))
ret =
- gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL,
- &buf);
+ gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &buf);
else
ret =
gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT,
&buf);
if (ret != 0) {
- fprintf(stderr, "ocsp_resp_print: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "ocsp_resp_print: %s\n", gnutls_strerror(ret));
app_exit(1);
}
@@ -212,7 +208,8 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print)
}
if (force_print || !HAVE_OPT(OUTFILE)) {
- ret = gnutls_ocsp_resp_export2(resp, &rbuf, GNUTLS_X509_FMT_PEM);
+ ret =
+ gnutls_ocsp_resp_export2(resp, &rbuf, GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fprintf(stderr, "error exporting response: %s\n",
gnutls_strerror(ret));
@@ -235,9 +232,9 @@ static void response_info(void)
if (HAVE_OPT(LOAD_RESPONSE))
dat.data =
- (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
+ (void *)read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
else
- dat.data = (void *) fread_file(infile, 0, &size);
+ dat.data = (void *)fread_file(infile, 0, &size);
if (dat.data == NULL) {
fprintf(stderr, "error reading response\n");
app_exit(1);
@@ -249,7 +246,7 @@ static void response_info(void)
gnutls_free(dat.data);
}
-static void generate_request(gnutls_datum_t *nonce)
+static void generate_request(gnutls_datum_t * nonce)
{
gnutls_datum_t dat;
gnutls_x509_crt_t cert, issuer;
@@ -284,9 +281,8 @@ static void generate_request(gnutls_datum_t *nonce)
gnutls_free(dat.data);
}
-
static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
- gnutls_x509_crt_t signer, unsigned print_resp)
+ gnutls_x509_crt_t signer, unsigned print_resp)
{
gnutls_ocsp_resp_t resp;
int ret;
@@ -299,8 +295,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
ret = gnutls_ocsp_resp_init(&resp);
if (ret < 0) {
- fprintf(stderr, "ocsp_resp_init: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "ocsp_resp_init: %s\n", gnutls_strerror(ret));
app_exit(1);
}
@@ -335,9 +330,10 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
app_exit(1);
}
- if (rnonce.size != nonce->size || memcmp(nonce->data, rnonce.data,
- nonce->size) != 0) {
- fprintf(stderr, "nonce in the response doesn't match\n");
+ if (rnonce.size != nonce->size
+ || memcmp(nonce->data, rnonce.data, nonce->size) != 0) {
+ fprintf(stderr,
+ "nonce in the response doesn't match\n");
app_exit(1);
}
@@ -346,7 +342,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
if (HAVE_OPT(LOAD_TRUST)) {
dat.data =
- (void *) read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size);
+ (void *)read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size);
if (dat.data == NULL) {
fprintf(stderr, "error reading --load-trust: %s\n",
OPT_ARG(LOAD_TRUST));
@@ -363,8 +359,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
ret =
gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
- &dat, GNUTLS_X509_FMT_PEM,
- 0);
+ &dat, GNUTLS_X509_FMT_PEM, 0);
if (ret < 0 || x509_ncas < 1) {
fprintf(stderr, "error parsing CAs: %s\n",
gnutls_strerror(ret));
@@ -388,8 +383,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
app_exit(1);
}
- printf("%d: %.*s\n", i, out.size,
- out.data);
+ printf("%d: %.*s\n", i, out.size, out.data);
gnutls_free(out.data);
}
printf("\n");
@@ -405,8 +399,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
}
if (HAVE_OPT(VERBOSE))
- fprintf(stdout, "Loaded %d trust anchors\n",
- x509_ncas);
+ fprintf(stdout, "Loaded %d trust anchors\n", x509_ncas);
ret = gnutls_ocsp_resp_verify(resp, list, &verify, vflags);
if (ret < 0) {
@@ -480,7 +473,7 @@ unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE])
app_exit(1);
}
- for (i=0;i<list_size;i++)
+ for (i = 0; i < list_size; i++)
chain[i] = list[i];
gnutls_free(list);
return list_size;
@@ -510,7 +503,7 @@ unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE])
}
}
-static void verify_response(gnutls_datum_t *nonce)
+static void verify_response(gnutls_datum_t * nonce)
{
gnutls_datum_t dat;
size_t size;
@@ -522,9 +515,9 @@ static void verify_response(gnutls_datum_t *nonce)
if (HAVE_OPT(LOAD_RESPONSE))
dat.data =
- (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
+ (void *)read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
else
- dat.data = (void *) fread_file(infile, 0, &size);
+ dat.data = (void *)fread_file(infile, 0, &size);
if (dat.data == NULL) {
fprintf(stderr, "error reading response\n");
app_exit(1);
@@ -545,7 +538,7 @@ static void verify_response(gnutls_datum_t *nonce)
v = _verify_response(&dat, nonce, signer, 1);
- for (i=0;i<chain_size;i++)
+ for (i = 0; i < chain_size; i++)
gnutls_x509_crt_deinit(chain[i]);
} else if (HAVE_OPT(LOAD_TRUST)) {
v = _verify_response(&dat, nonce, NULL, 1);
@@ -553,7 +546,8 @@ static void verify_response(gnutls_datum_t *nonce)
memset(&info, 0, sizeof(info));
info.verbose = verbose;
if (!HAVE_OPT(LOAD_SIGNER)) {
- fprintf(stderr, "Missing option --load-signer or --load-chain\n");
+ fprintf(stderr,
+ "Missing option --load-signer or --load-chain\n");
app_exit(1);
}
info.cert = OPT_ARG(LOAD_SIGNER);
@@ -586,17 +580,19 @@ static void ask_server(const char *url)
if (chain_size > 2 && HAVE_OPT(OUTFILE)) {
if (outcert_format != GNUTLS_X509_FMT_PEM) {
- fprintf(stderr, "error: You cannot combine --outfile when more than 2 certificates are found in a chain\n");
+ fprintf(stderr,
+ "error: You cannot combine --outfile when more than 2 certificates are found in a chain\n");
fprintf(stderr, "Did you mean to use --outpem?\n");
app_exit(1);
}
}
counter = chain_size;
- while(counter > 1) {
+ while (counter > 1) {
if (ENABLED_OPT(NONCE)) {
ret =
- gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size);
+ gnutls_rnd(GNUTLS_RND_NONCE, nonce.data,
+ nonce.size);
if (ret < 0) {
fprintf(stderr, "gnutls_rnd: %s\n",
gnutls_strerror(ret));
@@ -608,7 +604,8 @@ static void ask_server(const char *url)
}
ret =
- send_ocsp_request(url, chain[idx], chain[idx+1], &resp_data, n);
+ send_ocsp_request(url, chain[idx], chain[idx + 1],
+ &resp_data, n);
if (ret < 0) {
fprintf(stderr, "Cannot send OCSP request\n");
app_exit(1);
@@ -623,13 +620,14 @@ static void ask_server(const char *url)
info.verbose = verbose;
info.cert = OPT_ARG(LOAD_SIGNER);
- v = _verify_response(&resp_data, n, load_cert(1, &info), 0);
+ v = _verify_response(&resp_data, n, load_cert(1, &info),
+ 0);
} else {
if (!HAVE_OPT(LOAD_CHAIN))
fprintf(stderr,
"\nAssuming response's signer = issuer (use --load-signer to override).\n");
- v = _verify_response(&resp_data, n, chain[idx+1], 0);
+ v = _verify_response(&resp_data, n, chain[idx + 1], 0);
}
total_v += v;
@@ -640,7 +638,7 @@ static void ask_server(const char *url)
printf("\n");
}
- for (idx = 0;idx<chain_size;idx++) {
+ for (idx = 0; idx < chain_size; idx++) {
gnutls_x509_crt_deinit(chain[idx]);
}
@@ -709,7 +707,8 @@ int main(int argc, char **argv)
verify_response(NULL);
else if (HAVE_OPT(ASK)) {
if ((!HAVE_OPT(LOAD_CERT)) && (!HAVE_OPT(LOAD_CHAIN))) {
- fprintf(stderr, "This option required --load-chain or --load-cert\n");
+ fprintf(stderr,
+ "This option required --load-chain or --load-cert\n");
app_exit(1);
}
ask_server(OPT_ARG(ASK));
View Lorry Controller Status