Hi, It seems, that the engine support in ocsp is missing. Below is a simple patch which adds that support:
diff -Nu --recursive openssl-0.9.7/apps/ocsp.c openssl-0.9.7-new/apps/ocsp.c --- openssl-0.9.7/apps/ocsp.c Tue Dec 3 17:34:23 2002 +++ openssl-0.9.7-new/apps/ocsp.c Tue Feb 11 15:16:42 2003 @@ -105,7 +105,6 @@ int MAIN(int argc, char **argv) { - ENGINE *e = NULL; char **args; char *host = NULL, *port = NULL, *path = "/"; char *reqin = NULL, *respin = NULL; @@ -144,6 +143,10 @@ TXT_DB *rdb = NULL; int nmin = 0, ndays = -1; + ENGINE *e = NULL; + int rkeyform=FORMAT_PEM; + const char *engine = NULL; + if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) @@ -505,6 +508,24 @@ } else badarg = 1; } + else if(!strcmp(*args, "-engine") ) + { + if (args[1]) + { + ++args; + engine = *args; + } + else badarg = 1; + } + else if(!strcmp(*args, "-rkeyform") ) + { + if( args[1] ) + { + ++args; + rkeyform=str2fmt(*args); + } + else badarg = 1; + } else badarg = 1; args++; } @@ -520,6 +541,8 @@ BIO_printf (bio_err, "-out file output filename\n"); BIO_printf (bio_err, "-issuer file issuer certificate\n"); BIO_printf (bio_err, "-cert file certificate to check\n"); + BIO_printf (bio_err, "-engine e use engine e, possibly a +hardware device.\n"); + BIO_printf (bio_err, "-rkeyform arg private key file format (PEM +or ENGINE).\n"); BIO_printf (bio_err, "-serial n serial number to check\n"); BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n"); BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n"); @@ -563,6 +586,8 @@ BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); goto end; } + + e = setup_engine(bio_err, engine, 0); if(outfile) out = BIO_new_file(outfile, "w"); else out = BIO_new_fp(stdout, BIO_NOCLOSE); @@ -617,7 +642,7 @@ NULL, e, "responder other certificates"); if (!rother) goto end; } - rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, + rkey = load_key(bio_err, rkeyfile, rkeyform, 0, NULL, e, "responder private key"); if (!rkey) goto end; @@ -870,6 +895,7 @@ ret = 0; end: + if(e) ENGINE_free(e); ERR_print_errors(bio_err); X509_free(signer); X509_STORE_free(store); @@ -1225,4 +1251,3 @@ BIO_flush(cbio); return 1; } - regards, -- Wojtek Ślusarczyk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]