New -ignore_err option in ocsp application to stop the server

exiting on the first error in a request.

2 files changed, 9 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index 421d41fd72..dd23a4ee2b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -549,6 +549,10 @@
 
  Changes between 0.9.7b and 0.9.7c  [xx XXX 2003]
 
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
+
   *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
      extra data after the compression methods not only for TLS 1.0
      but also for SSL 3.0 (as required by the specification).
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 0cf4aad3f8..9c8e20d35a 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -123,6 +123,7 @@ int MAIN(int argc, char **argv)
 	int accept_count = -1;
 	int badarg = 0;
 	int i;
+	int ignore_err = 0;
 	STACK *reqnames = NULL;
 	STACK_OF(OCSP_CERTID) *ids = NULL;
 
@@ -182,6 +183,8 @@ int MAIN(int argc, char **argv)
 				}
 			else badarg = 1;
 			}
+		else if (!strcmp(*args, "-ignore_err"))
+			ignore_err = 1;
 		else if (!strcmp(*args, "-noverify"))
 			noverify = 1;
 		else if (!strcmp(*args, "-nonce"))
@@ -783,6 +786,8 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(out, "Responder Error: %s (%d)\n",
 				OCSP_response_status_str(i), i);
+		if (ignore_err)
+			goto redo_accept;
 		ret = 0;
 		goto end;
 		}