[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Mon Jan 6 16:12:23 UTC 2020
The branch master has been updated
via 1cf20ca31bed31c0bd16c6ed1eeaa1b9580939b7 (commit)
from c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4 (commit)
- Log -----------------------------------------------------------------
commit 1cf20ca31bed31c0bd16c6ed1eeaa1b9580939b7
Author: kaysond <github at aram.nubmail.ca>
Date: Wed Dec 25 20:20:46 2019 -0800
Add `-passin` arg to `ocsp`
Fix #10682
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10718)
-----------------------------------------------------------------------
Summary of changes:
apps/ocsp.c | 12 +++++++++++-
doc/man1/openssl-ocsp.pod.in | 6 ++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 56d29b7221..dc1b7601bb 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -140,6 +140,7 @@ typedef enum OPTION_choice {
OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL,
OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER,
OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER,
+ OPT_PASSIN,
OPT_RCID,
OPT_V_ENUM,
OPT_MD,
@@ -186,6 +187,7 @@ const OPTIONS ocsp_options[] = {
{"rsigner", OPT_RSIGNER, '<',
"Responder certificate to sign responses with"},
{"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
+ {"passin", OPT_PASSIN, 's', "Responder key pass phrase source"},
{"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
{"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
{"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"},
@@ -266,6 +268,7 @@ int ocsp_main(int argc, char **argv)
char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
char *rsignfile = NULL, *rkeyfile = NULL;
+ char *passinarg = NULL, *passin = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
char *signfile = NULL, *keyfile = NULL;
char *thost = NULL, *tport = NULL, *tpath = NULL;
@@ -495,6 +498,9 @@ int ocsp_main(int argc, char **argv)
case OPT_RKEY:
rkeyfile = opt_arg();
break;
+ case OPT_PASSIN:
+ passinarg = opt_arg();
+ break;
case OPT_ROTHER:
rcertfile = opt_arg();
break;
@@ -597,7 +603,11 @@ int ocsp_main(int argc, char **argv)
"responder other certificates"))
goto end;
}
- rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+ if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+ rkey = load_key(rkeyfile, FORMAT_PEM, 0, passin, NULL,
"responder private key");
if (rkey == NULL)
goto end;
diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in
index 88e0a3916d..fb32ffef71 100644
--- a/doc/man1/openssl-ocsp.pod.in
+++ b/doc/man1/openssl-ocsp.pod.in
@@ -77,6 +77,7 @@ B<openssl> B<ocsp>
[B<-CA> I<file>]
[B<-rsigner> I<file>]
[B<-rkey> I<file>]
+[B<-passin> I<arg>]
[B<-rother> I<file>]
[B<-rsigopt> I<nm>:I<v>]
[B<-resp_no_certs>]
@@ -353,6 +354,11 @@ subject name.
The private key to sign OCSP responses with: if not present the file
specified in the B<-rsigner> option is used.
+=item B<-passin> I<arg>
+
+The private key password source. For more information about the format of I<arg>
+see L<openssl(1)/Pass Phrase Options>.
+
=item B<-rsigopt> I<nm>:I<v>
Pass options to the signature algorithm when signing OCSP responses.
More information about the openssl-commits
mailing list