Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
11e2957d
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
11e2957d
编写于
12月 14, 2012
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
apps/ocsp.c
上级
3a778a29
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
31 addition
and
5 deletion
+31
-5
apps/ocsp.c
apps/ocsp.c
+27
-4
demos/certs/ca.cnf
demos/certs/ca.cnf
+3
-0
demos/certs/mkcerts.sh
demos/certs/mkcerts.sh
+1
-1
未找到文件。
apps/ocsp.c
浏览文件 @
11e2957d
...
...
@@ -148,6 +148,7 @@ int MAIN(int argc, char **argv)
long
nsec
=
MAX_VALIDITY_PERIOD
,
maxage
=
-
1
;
char
*
CAfile
=
NULL
,
*
CApath
=
NULL
;
X509_STORE
*
store
=
NULL
;
X509_VERIFY_PARAM
*
vpm
=
NULL
;
STACK_OF
(
X509
)
*
sign_other
=
NULL
,
*
verify_other
=
NULL
,
*
rother
=
NULL
;
char
*
sign_certfile
=
NULL
,
*
verify_certfile
=
NULL
,
*
rcertfile
=
NULL
;
unsigned
long
sign_flags
=
0
,
verify_flags
=
0
,
rflags
=
0
;
...
...
@@ -356,6 +357,12 @@ int MAIN(int argc, char **argv)
}
else
badarg
=
1
;
}
else
if
(
args_verify
(
&
args
,
NULL
,
&
badarg
,
bio_err
,
&
vpm
))
{
if
(
badarg
)
goto
end
;
continue
;
}
else
if
(
!
strcmp
(
*
args
,
"-validity_period"
))
{
if
(
args
[
1
])
...
...
@@ -637,7 +644,10 @@ int MAIN(int argc, char **argv)
if
(
!
req
&&
reqin
)
{
derbio
=
BIO_new_file
(
reqin
,
"rb"
);
if
(
!
strcmp
(
reqin
,
"-"
))
derbio
=
BIO_new_fp
(
stdin
,
BIO_NOCLOSE
);
else
derbio
=
BIO_new_file
(
reqin
,
"rb"
);
if
(
!
derbio
)
{
BIO_printf
(
bio_err
,
"Error Opening OCSP request file
\n
"
);
...
...
@@ -739,7 +749,10 @@ int MAIN(int argc, char **argv)
if
(
reqout
)
{
derbio
=
BIO_new_file
(
reqout
,
"wb"
);
if
(
!
strcmp
(
respout
,
"-"
))
derbio
=
BIO_new_fp
(
stdout
,
BIO_NOCLOSE
);
else
derbio
=
BIO_new_file
(
reqout
,
"wb"
);
if
(
!
derbio
)
{
BIO_printf
(
bio_err
,
"Error opening file %s
\n
"
,
reqout
);
...
...
@@ -782,7 +795,10 @@ int MAIN(int argc, char **argv)
}
else
if
(
respin
)
{
derbio
=
BIO_new_file
(
respin
,
"rb"
);
if
(
!
strcmp
(
respin
,
"-"
))
derbio
=
BIO_new_fp
(
stdin
,
BIO_NOCLOSE
);
else
derbio
=
BIO_new_file
(
respin
,
"rb"
);
if
(
!
derbio
)
{
BIO_printf
(
bio_err
,
"Error Opening OCSP response file
\n
"
);
...
...
@@ -807,7 +823,10 @@ int MAIN(int argc, char **argv)
if
(
respout
)
{
derbio
=
BIO_new_file
(
respout
,
"wb"
);
if
(
!
strcmp
(
respout
,
"-"
))
derbio
=
BIO_new_fp
(
stdout
,
BIO_NOCLOSE
);
else
derbio
=
BIO_new_file
(
respout
,
"wb"
);
if
(
!
derbio
)
{
BIO_printf
(
bio_err
,
"Error opening file %s
\n
"
,
respout
);
...
...
@@ -854,6 +873,8 @@ int MAIN(int argc, char **argv)
store
=
setup_verify
(
bio_err
,
CAfile
,
CApath
);
if
(
!
store
)
goto
end
;
if
(
vpm
)
X509_STORE_set1_param
(
store
,
vpm
);
if
(
verify_certfile
)
{
verify_other
=
load_certs
(
bio_err
,
verify_certfile
,
FORMAT_PEM
,
...
...
@@ -904,6 +925,8 @@ end:
ERR_print_errors
(
bio_err
);
X509_free
(
signer
);
X509_STORE_free
(
store
);
if
(
vpm
)
X509_VERIFY_PARAM_free
(
vpm
);
EVP_PKEY_free
(
key
);
EVP_PKEY_free
(
rkey
);
X509_free
(
issuer
);
...
...
demos/certs/ca.cnf
浏览文件 @
11e2957d
...
...
@@ -35,6 +35,7 @@ commonName = $ENV::CN
basicConstraints=critical, CA:FALSE
keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
subjectAltName=DNS:crl.host.com
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
...
...
@@ -42,12 +43,14 @@ nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
authorityInfoAccess = OCSP;URI:http://ocsp.host.com:8080/cgi-bin/prinenv/some/ocsp/path
# OCSP responder certificate
[ ocsp_cert ]
basicConstraints=critical, CA:FALSE
keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
...
...
demos/certs/mkcerts.sh
浏览文件 @
11e2957d
...
...
@@ -15,7 +15,7 @@ $OPENSSL x509 -req -in intreq.pem -CA root.pem -days 3600 \
-extfile
ca.cnf
-extensions
v3_ca
-CAcreateserial
-out
intca.pem
# Server certificate: create request first
CN
=
"
Test Server Cert
"
$OPENSSL
req
-config
ca.cnf
-nodes
\
CN
=
"
crl.host.com
"
$OPENSSL
req
-config
ca.cnf
-nodes
\
-keyout
skey.pem
-out
req.pem
-newkey
rsa:1024
# Sign request: end entity extensions
$OPENSSL
x509
-req
-in
req.pem
-CA
intca.pem
-CAkey
intkey.pem
-days
3600
\
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录