summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cli-args.def6
-rw-r--r--src/cli.c12
-rw-r--r--src/serv-args.def8
-rw-r--r--src/serv.c25
4 files changed, 51 insertions, 0 deletions
diff --git a/src/cli-args.def b/src/cli-args.def
index b032ad0b87..c9a12bd81c 100644
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -49,6 +49,12 @@ flag = {
};
flag = {
+ name = status-request-ocsp;
+ descrip = "Request OCSP status request";
+ doc = "The client will indicate to the server in a TLS extension that it wants a OCSP status request.";
+};
+
+flag = {
name = starttls;
value = s;
descrip = "Connect, establish a plain session and start TLS.";
diff --git a/src/cli.c b/src/cli.c
index 1cdc1df173..43ae9313db 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -68,6 +68,7 @@ int resume, starttls, insecure, rehandshake, udp, mtu;
const char *hostname = NULL;
const char *service = NULL;
int record_max_size;
+int status_request_ocsp;
int fingerprint;
int crlf;
unsigned int verbose = 0;
@@ -711,6 +712,16 @@ init_tls_session (const char *hostname)
}
}
+ /* OCSP status-request TLS extension */
+ if (status_request_ocsp > 0 && disable_extensions == 0)
+ {
+ if (gnutls_status_request_ocsp_client (session, NULL, 0, NULL) < 0)
+ {
+ fprintf (stderr, "Cannot set OCSP status request information.\n");
+ exit (1);
+ }
+ }
+
#ifdef ENABLE_SESSION_TICKET
if (disable_extensions == 0 && !HAVE_OPT(NOTICKET)t)
gnutls_session_ticket_enable_client (session);
@@ -1169,6 +1180,7 @@ const char* rest = NULL;
}
record_max_size = OPT_VALUE_RECORDSIZE;
+ status_request_ocsp = HAVE_OPT(STATUS_REQUEST_OCSP);
fingerprint = HAVE_OPT(FINGERPRINT);
if (HAVE_OPT(X509FMTDER))
diff --git a/src/serv-args.def b/src/serv-args.def
index 9264d137cf..b4a9b49c08 100644
--- a/src/serv-args.def
+++ b/src/serv-args.def
@@ -221,6 +221,14 @@ flag = {
};
flag = {
+ name = status-response-ocsp;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "OCSP response to send to client";
+ doc = "If the client requested an OCSP response, return data from this file to the client.";
+};
+
+flag = {
name = port;
value = p;
arg-type = number;
diff --git a/src/serv.c b/src/serv.c
index 52fcddee0b..46287af060 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -81,6 +81,7 @@ const char *x509_cafile = NULL;
const char *dh_params_file = NULL;
const char *x509_crlfile = NULL;
const char * priorities = NULL;
+const char * status_response_ocsp = NULL;
gnutls_datum_t session_ticket_key;
static void tcp_server(const char* name, int port);
@@ -329,6 +330,14 @@ generate_rsa_params (void)
LIST_DECLARE_INIT (listener_list, listener_item, listener_free);
+static int
+ocsp_callback (gnutls_session_t session,
+ void *ptr,
+ gnutls_datum_t *ocsp_response)
+{
+ return GNUTLS_E_NO_CERTIFICATE_STATUS;
+}
+
gnutls_session_t initialize_session (int dtls)
{
gnutls_session_t session;
@@ -358,6 +367,19 @@ gnutls_session_t initialize_session (int dtls)
gnutls_session_ticket_enable_server (session, &session_ticket_key);
#endif
+ /* OCSP status-request TLS extension */
+ if (status_response_ocsp)
+ {
+ if (gnutls_status_request_ocsp_server (session, ocsp_callback, NULL) < 0)
+ {
+ fprintf (stderr, "Cannot set OCSP status request callback.\n");
+ exit (1);
+ }
+ }
+
+ if (noticket == 0)
+ gnutls_session_ticket_enable_server (session, &session_ticket_key);
+
if (gnutls_priority_set_direct (session, priorities, &err) < 0)
{
fprintf (stderr, "Syntax error at: %s\n", err);
@@ -1609,6 +1631,9 @@ static void cmd_parser (int argc, char **argv)
if (HAVE_OPT(PSKPASSWD))
psk_passwd = OPT_ARG(PSKPASSWD);
+ if (HAVE_OPT(STATUS_RESPONSE_OCSP))
+ status_response_ocsp = OPT_ARG(STATUS_RESPONSE_OCSP);
+
}
extern void serv_version (void);
View Lorry Controller Status