diff options
Diffstat (limited to 'src/ocsptool.c')
-rw-r--r-- | src/ocsptool.c | 91 |
1 files changed, 45 insertions, 46 deletions
diff --git a/src/ocsptool.c b/src/ocsptool.c index 8e558dfb83..86df3331a7 100644 --- a/src/ocsptool.c +++ b/src/ocsptool.c @@ -31,7 +31,7 @@ #include <gnutls/x509.h> #include <gnutls/crypto.h> -#include <unistd.h> /* getpass */ +#include <unistd.h> /* getpass */ /* Gnulib portability files. */ #include <read-file.h> @@ -44,7 +44,7 @@ FILE *outfile; static unsigned int incert_format, outcert_format; -static const char *outfile_name = NULL; /* to delete on exit */ +static const char *outfile_name = NULL; /* to delete on exit */ FILE *infile; static unsigned int encoding; unsigned int verbose = 0; @@ -99,16 +99,15 @@ static void request_info(void) if (HAVE_OPT(LOAD_REQUEST)) dat.data = - (void *) read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size); + (void *)read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, 0, &size); + dat.data = (void *)fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading request\n"); app_exit(1); } dat.size = size; - ret = gnutls_ocsp_req_import(req, &dat); free(dat.data); if (ret < 0) { @@ -119,8 +118,7 @@ static void request_info(void) ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &dat); if (ret != 0) { - fprintf(stderr, "ocsp_req_print: %s\n", - gnutls_strerror(ret)); + fprintf(stderr, "ocsp_req_print: %s\n", gnutls_strerror(ret)); app_exit(1); } @@ -133,7 +131,8 @@ static void request_info(void) } if (outcert_format == GNUTLS_X509_FMT_PEM) { - fprintf(stderr, "Cannot export requests into PEM form\n"); + fprintf(stderr, + "Cannot export requests into PEM form\n"); app_exit(1); } else { fwrite(rbuf.data, 1, rbuf.size, outfile); @@ -162,8 +161,7 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print) ret = gnutls_ocsp_resp_init(&resp); if (ret < 0) { - fprintf(stderr, "ocsp_resp_init: %s\n", - gnutls_strerror(ret)); + fprintf(stderr, "ocsp_resp_init: %s\n", gnutls_strerror(ret)); app_exit(1); } @@ -181,15 +179,13 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print) if (ENABLED_OPT(VERBOSE)) ret = - gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, - &buf); + gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &buf); else ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT, &buf); if (ret != 0) { - fprintf(stderr, "ocsp_resp_print: %s\n", - gnutls_strerror(ret)); + fprintf(stderr, "ocsp_resp_print: %s\n", gnutls_strerror(ret)); app_exit(1); } @@ -212,7 +208,8 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print) } if (force_print || !HAVE_OPT(OUTFILE)) { - ret = gnutls_ocsp_resp_export2(resp, &rbuf, GNUTLS_X509_FMT_PEM); + ret = + gnutls_ocsp_resp_export2(resp, &rbuf, GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "error exporting response: %s\n", gnutls_strerror(ret)); @@ -235,9 +232,9 @@ static void response_info(void) if (HAVE_OPT(LOAD_RESPONSE)) dat.data = - (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size); + (void *)read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, 0, &size); + dat.data = (void *)fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading response\n"); app_exit(1); @@ -249,7 +246,7 @@ static void response_info(void) gnutls_free(dat.data); } -static void generate_request(gnutls_datum_t *nonce) +static void generate_request(gnutls_datum_t * nonce) { gnutls_datum_t dat; gnutls_x509_crt_t cert, issuer; @@ -284,9 +281,8 @@ static void generate_request(gnutls_datum_t *nonce) gnutls_free(dat.data); } - static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, - gnutls_x509_crt_t signer, unsigned print_resp) + gnutls_x509_crt_t signer, unsigned print_resp) { gnutls_ocsp_resp_t resp; int ret; @@ -299,8 +295,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, ret = gnutls_ocsp_resp_init(&resp); if (ret < 0) { - fprintf(stderr, "ocsp_resp_init: %s\n", - gnutls_strerror(ret)); + fprintf(stderr, "ocsp_resp_init: %s\n", gnutls_strerror(ret)); app_exit(1); } @@ -335,9 +330,10 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, app_exit(1); } - if (rnonce.size != nonce->size || memcmp(nonce->data, rnonce.data, - nonce->size) != 0) { - fprintf(stderr, "nonce in the response doesn't match\n"); + if (rnonce.size != nonce->size + || memcmp(nonce->data, rnonce.data, nonce->size) != 0) { + fprintf(stderr, + "nonce in the response doesn't match\n"); app_exit(1); } @@ -346,7 +342,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, if (HAVE_OPT(LOAD_TRUST)) { dat.data = - (void *) read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size); + (void *)read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size); if (dat.data == NULL) { fprintf(stderr, "error reading --load-trust: %s\n", OPT_ARG(LOAD_TRUST)); @@ -363,8 +359,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, ret = gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas, - &dat, GNUTLS_X509_FMT_PEM, - 0); + &dat, GNUTLS_X509_FMT_PEM, 0); if (ret < 0 || x509_ncas < 1) { fprintf(stderr, "error parsing CAs: %s\n", gnutls_strerror(ret)); @@ -388,8 +383,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, app_exit(1); } - printf("%d: %.*s\n", i, out.size, - out.data); + printf("%d: %.*s\n", i, out.size, out.data); gnutls_free(out.data); } printf("\n"); @@ -405,8 +399,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, } if (HAVE_OPT(VERBOSE)) - fprintf(stdout, "Loaded %d trust anchors\n", - x509_ncas); + fprintf(stdout, "Loaded %d trust anchors\n", x509_ncas); ret = gnutls_ocsp_resp_verify(resp, list, &verify, vflags); if (ret < 0) { @@ -480,7 +473,7 @@ unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE]) app_exit(1); } - for (i=0;i<list_size;i++) + for (i = 0; i < list_size; i++) chain[i] = list[i]; gnutls_free(list); return list_size; @@ -510,7 +503,7 @@ unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE]) } } -static void verify_response(gnutls_datum_t *nonce) +static void verify_response(gnutls_datum_t * nonce) { gnutls_datum_t dat; size_t size; @@ -522,9 +515,9 @@ static void verify_response(gnutls_datum_t *nonce) if (HAVE_OPT(LOAD_RESPONSE)) dat.data = - (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size); + (void *)read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, 0, &size); + dat.data = (void *)fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading response\n"); app_exit(1); @@ -545,7 +538,7 @@ static void verify_response(gnutls_datum_t *nonce) v = _verify_response(&dat, nonce, signer, 1); - for (i=0;i<chain_size;i++) + for (i = 0; i < chain_size; i++) gnutls_x509_crt_deinit(chain[i]); } else if (HAVE_OPT(LOAD_TRUST)) { v = _verify_response(&dat, nonce, NULL, 1); @@ -553,7 +546,8 @@ static void verify_response(gnutls_datum_t *nonce) memset(&info, 0, sizeof(info)); info.verbose = verbose; if (!HAVE_OPT(LOAD_SIGNER)) { - fprintf(stderr, "Missing option --load-signer or --load-chain\n"); + fprintf(stderr, + "Missing option --load-signer or --load-chain\n"); app_exit(1); } info.cert = OPT_ARG(LOAD_SIGNER); @@ -586,17 +580,19 @@ static void ask_server(const char *url) if (chain_size > 2 && HAVE_OPT(OUTFILE)) { if (outcert_format != GNUTLS_X509_FMT_PEM) { - fprintf(stderr, "error: You cannot combine --outfile when more than 2 certificates are found in a chain\n"); + fprintf(stderr, + "error: You cannot combine --outfile when more than 2 certificates are found in a chain\n"); fprintf(stderr, "Did you mean to use --outpem?\n"); app_exit(1); } } counter = chain_size; - while(counter > 1) { + while (counter > 1) { if (ENABLED_OPT(NONCE)) { ret = - gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size); + gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, + nonce.size); if (ret < 0) { fprintf(stderr, "gnutls_rnd: %s\n", gnutls_strerror(ret)); @@ -608,7 +604,8 @@ static void ask_server(const char *url) } ret = - send_ocsp_request(url, chain[idx], chain[idx+1], &resp_data, n); + send_ocsp_request(url, chain[idx], chain[idx + 1], + &resp_data, n); if (ret < 0) { fprintf(stderr, "Cannot send OCSP request\n"); app_exit(1); @@ -623,13 +620,14 @@ static void ask_server(const char *url) info.verbose = verbose; info.cert = OPT_ARG(LOAD_SIGNER); - v = _verify_response(&resp_data, n, load_cert(1, &info), 0); + v = _verify_response(&resp_data, n, load_cert(1, &info), + 0); } else { if (!HAVE_OPT(LOAD_CHAIN)) fprintf(stderr, "\nAssuming response's signer = issuer (use --load-signer to override).\n"); - v = _verify_response(&resp_data, n, chain[idx+1], 0); + v = _verify_response(&resp_data, n, chain[idx + 1], 0); } total_v += v; @@ -640,7 +638,7 @@ static void ask_server(const char *url) printf("\n"); } - for (idx = 0;idx<chain_size;idx++) { + for (idx = 0; idx < chain_size; idx++) { gnutls_x509_crt_deinit(chain[idx]); } @@ -709,7 +707,8 @@ int main(int argc, char **argv) verify_response(NULL); else if (HAVE_OPT(ASK)) { if ((!HAVE_OPT(LOAD_CERT)) && (!HAVE_OPT(LOAD_CHAIN))) { - fprintf(stderr, "This option required --load-chain or --load-cert\n"); + fprintf(stderr, + "This option required --load-chain or --load-cert\n"); app_exit(1); } ask_server(OPT_ARG(ASK)); |