Hi,
It seems, that the engine support in ocsp is missing. Below is a simple
patch which adds that support:
diff -Nu --recursive openssl-0.9.7/apps/ocsp.c openssl-0.9.7-new/apps/ocsp.c
--- openssl-0.9.7/apps/ocsp.c Tue Dec 3 17:34:23 2002
+++ openssl-0.9.7-new/apps/ocsp.c Tue Feb 11 15:16:42 2003
@@ -105,7 +105,6 @@
int MAIN(int argc, char **argv)
{
- ENGINE *e = NULL;
char **args;
char *host = NULL, *port = NULL, *path = "/";
char *reqin = NULL, *respin = NULL;
@@ -144,6 +143,10 @@
TXT_DB *rdb = NULL;
int nmin = 0, ndays = -1;
+ ENGINE *e = NULL;
+ int rkeyform=FORMAT_PEM;
+ const char *engine = NULL;
+
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
@@ -505,6 +508,24 @@
}
else badarg = 1;
}
+ else if(!strcmp(*args, "-engine") )
+ {
+ if (args[1])
+ {
+ ++args;
+ engine = *args;
+ }
+ else badarg = 1;
+ }
+ else if(!strcmp(*args, "-rkeyform") )
+ {
+ if( args[1] )
+ {
+ ++args;
+ rkeyform=str2fmt(*args);
+ }
+ else badarg = 1;
+ }
else badarg = 1;
args++;
}
@@ -520,6 +541,8 @@
BIO_printf (bio_err, "-out file output filename\n");
BIO_printf (bio_err, "-issuer file issuer certificate\n");
BIO_printf (bio_err, "-cert file certificate to check\n");
+ BIO_printf (bio_err, "-engine e use engine e, possibly a
+hardware device.\n");
+ BIO_printf (bio_err, "-rkeyform arg private key file format (PEM
+or ENGINE).\n");
BIO_printf (bio_err, "-serial n serial number to check\n");
BIO_printf (bio_err, "-signer file certificate to sign OCSP
request with\n");
BIO_printf (bio_err, "-signkey file private key to sign OCSP
request with\n");
@@ -563,6 +586,8 @@
BIO_printf (bio_err, "-nrequest n number of requests to accept
(default unlimited)\n");
goto end;
}
+
+ e = setup_engine(bio_err, engine, 0);
if(outfile) out = BIO_new_file(outfile, "w");
else out = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ -617,7 +642,7 @@
NULL, e, "responder other certificates");
if (!rother) goto end;
}
- rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+ rkey = load_key(bio_err, rkeyfile, rkeyform, 0, NULL, e,
"responder private key");
if (!rkey)
goto end;
@@ -870,6 +895,7 @@
ret = 0;
end:
+ if(e) ENGINE_free(e);
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
@@ -1225,4 +1251,3 @@
BIO_flush(cbio);
return 1;
}
-
regards,
--
Wojtek Ślusarczyk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
