|
@@ -68,7 +68,7 @@ typedef enum {
|
|
|
} cmp_cmd_t;
|
|
|
|
|
|
/* message transfer */
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
static char *opt_server = NULL;
|
|
|
static char *opt_proxy = NULL;
|
|
|
static char *opt_no_proxy = NULL;
|
|
@@ -141,7 +141,7 @@ static int opt_keyform = FORMAT_UNDEF;
|
|
|
static char *opt_otherpass = NULL;
|
|
|
static char *opt_engine = NULL;
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
/* TLS connection */
|
|
|
static int opt_tls_used = 0;
|
|
|
static char *opt_tls_cert = NULL;
|
|
@@ -164,7 +164,7 @@ static char *opt_rspout = NULL;
|
|
|
static int opt_use_mock_srv = 0;
|
|
|
|
|
|
/* mock server */
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
static char *opt_port = NULL;
|
|
|
static int opt_max_msgs = 0;
|
|
|
#endif
|
|
@@ -213,7 +213,7 @@ typedef enum OPTION_choice {
|
|
|
|
|
|
OPT_OLDCERT, OPT_REVREASON,
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
OPT_SERVER, OPT_PROXY, OPT_NO_PROXY,
|
|
|
#endif
|
|
|
OPT_RECIPIENT, OPT_PATH,
|
|
@@ -236,7 +236,7 @@ typedef enum OPTION_choice {
|
|
|
OPT_PROV_ENUM,
|
|
|
OPT_R_ENUM,
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY,
|
|
|
OPT_TLS_KEYPASS,
|
|
|
OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST,
|
|
@@ -246,7 +246,7 @@ typedef enum OPTION_choice {
|
|
|
OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT,
|
|
|
OPT_USE_MOCK_SRV,
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
OPT_PORT, OPT_MAX_MSGS,
|
|
|
#endif
|
|
|
OPT_SRV_REF, OPT_SRV_SECRET,
|
|
@@ -346,9 +346,9 @@ const OPTIONS cmp_options[] = {
|
|
|
"0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"},
|
|
|
|
|
|
OPT_SECTION("Message transfer"),
|
|
|
-#ifdef OPENSSL_NO_SOCK
|
|
|
+#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
|
|
|
{OPT_MORE_STR, 0, 0,
|
|
|
- "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"},
|
|
|
+ "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock/no-http build"},
|
|
|
#else
|
|
|
{"server", OPT_SERVER, 's',
|
|
|
"[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."},
|
|
@@ -441,9 +441,9 @@ const OPTIONS cmp_options[] = {
|
|
|
OPT_R_OPTIONS,
|
|
|
|
|
|
OPT_SECTION("TLS connection"),
|
|
|
-#ifdef OPENSSL_NO_SOCK
|
|
|
+#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
|
|
|
{OPT_MORE_STR, 0, 0,
|
|
|
- "NOTE: -tls_used and all other TLS options not supported due to no-sock build"},
|
|
|
+ "NOTE: -tls_used and all other TLS options not supported due to no-sock/no-http build"},
|
|
|
#else
|
|
|
{"tls_used", OPT_TLS_USED, '-',
|
|
|
"Enable using TLS (also when other TLS options are not set)"},
|
|
@@ -482,9 +482,9 @@ const OPTIONS cmp_options[] = {
|
|
|
"Use internal mock server at API level, bypassing socket-based HTTP"},
|
|
|
|
|
|
OPT_SECTION("Mock server"),
|
|
|
-#ifdef OPENSSL_NO_SOCK
|
|
|
+#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
|
|
|
{OPT_MORE_STR, 0, 0,
|
|
|
- "NOTE: -port and -max_msgs not supported due to no-sock build"},
|
|
|
+ "NOTE: -port and -max_msgs not supported due to no-sock/no-http build"},
|
|
|
#else
|
|
|
{"port", OPT_PORT, 's',
|
|
|
"Act as HTTP-based mock server listening on given port"},
|
|
@@ -571,7 +571,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
|
|
|
|
|
|
{&opt_oldcert}, {(char **)&opt_revreason},
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
{&opt_server}, {&opt_proxy}, {&opt_no_proxy},
|
|
|
#endif
|
|
|
{&opt_recipient}, {&opt_path}, {(char **)&opt_keep_alive},
|
|
@@ -593,7 +593,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
|
|
|
{&opt_engine},
|
|
|
#endif
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
{(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key},
|
|
|
{&opt_tls_keypass},
|
|
|
{&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host},
|
|
@@ -604,7 +604,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
|
|
|
{&opt_reqout}, {&opt_rspin}, {&opt_rspout},
|
|
|
|
|
|
{(char **)&opt_use_mock_srv},
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
{&opt_port}, {(char **)&opt_max_msgs},
|
|
|
#endif
|
|
|
{&opt_srv_ref}, {&opt_srv_secret},
|
|
@@ -807,7 +807,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
|
|
|
CMP_warn("too few -rspin filename arguments; resorting to using mock server");
|
|
|
res = OSSL_CMP_CTX_server_perform(ctx, actual_req);
|
|
|
} else {
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
if (opt_server == NULL) {
|
|
|
CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments");
|
|
|
goto err;
|
|
@@ -816,7 +816,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
|
|
|
CMP_warn("too few -rspin filename arguments; resorting to contacting server");
|
|
|
res = OSSL_CMP_MSG_http_perform(ctx, actual_req);
|
|
|
#else
|
|
|
- CMP_err("-server not supported on no-sock build; missing -use_mock_srv option or too few -rspin filename arguments");
|
|
|
+ CMP_err("-server not supported on no-sock/no-http build; missing -use_mock_srv option or too few -rspin filename arguments");
|
|
|
#endif
|
|
|
}
|
|
|
rspin_in_use = 0;
|
|
@@ -1232,7 +1232,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
|
|
|
return 1;
|
|
|
}
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
/*
|
|
|
* set up ssl_ctx for the OSSL_CMP_CTX based on options from config file/CLI.
|
|
|
* Returns pointer on success, NULL on error
|
|
@@ -1854,7 +1854,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|
|
{
|
|
|
int ret = 0;
|
|
|
char *host = NULL, *port = NULL, *path = NULL, *used_path = opt_path;
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
int portnum, use_ssl;
|
|
|
static char server_port[32] = { '\0' };
|
|
|
const char *proxy_host = NULL;
|
|
@@ -1863,7 +1863,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|
|
char proxy_buf[200] = "";
|
|
|
|
|
|
if (!opt_use_mock_srv && opt_rspin == NULL) { /* note: -port is not given */
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
if (opt_server == NULL) {
|
|
|
CMP_err("missing -server or -use_mock_srv or -rspin option");
|
|
|
goto err;
|
|
@@ -1873,7 +1873,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|
|
goto err;
|
|
|
#endif
|
|
|
}
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
if (opt_server == NULL) {
|
|
|
if (opt_proxy != NULL)
|
|
|
CMP_warn("ignoring -proxy option since -server is not given");
|
|
@@ -1967,7 +1967,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|
|
|| opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv)
|
|
|
(void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp);
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
if (opt_tls_used) {
|
|
|
APP_HTTP_TLS_INFO *info;
|
|
|
|
|
@@ -2404,7 +2404,7 @@ static int get_opts(int argc, char **argv)
|
|
|
if (!set_verbosity(opt_int_arg()))
|
|
|
goto opthelp;
|
|
|
break;
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
case OPT_SERVER:
|
|
|
opt_server = opt_str();
|
|
|
break;
|
|
@@ -2434,7 +2434,7 @@ static int get_opts(int argc, char **argv)
|
|
|
case OPT_TOTAL_TIMEOUT:
|
|
|
opt_total_timeout = opt_int_arg();
|
|
|
break;
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
case OPT_TLS_USED:
|
|
|
opt_tls_used = 1;
|
|
|
break;
|
|
@@ -2650,7 +2650,7 @@ static int get_opts(int argc, char **argv)
|
|
|
opt_use_mock_srv = 1;
|
|
|
break;
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
case OPT_PORT:
|
|
|
opt_port = opt_str();
|
|
|
break;
|
|
@@ -2739,7 +2739,7 @@ static int get_opts(int argc, char **argv)
|
|
|
return 1;
|
|
|
}
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx)
|
|
|
{
|
|
|
BIO *acbio;
|
|
@@ -2827,7 +2827,7 @@ static void print_status(void)
|
|
|
OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN);
|
|
|
const char *from = "", *server = "";
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
if (opt_server != NULL) {
|
|
|
from = " from ";
|
|
|
server = opt_server;
|
|
@@ -3006,7 +3006,7 @@ int cmp_main(int argc, char **argv)
|
|
|
goto err;
|
|
|
}
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
if (opt_tls_cert == NULL && opt_tls_key == NULL && opt_tls_keypass == NULL
|
|
|
&& opt_tls_extra == NULL && opt_tls_trusted == NULL
|
|
|
&& opt_tls_host == NULL) {
|
|
@@ -3040,7 +3040,7 @@ int cmp_main(int argc, char **argv)
|
|
|
#endif
|
|
|
|
|
|
if (opt_use_mock_srv
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
|| opt_port != NULL
|
|
|
#endif
|
|
|
) {
|
|
@@ -3057,7 +3057,7 @@ int cmp_main(int argc, char **argv)
|
|
|
OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
|
|
|
}
|
|
|
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
if (opt_tls_used && (opt_use_mock_srv || opt_server == NULL)) {
|
|
|
CMP_warn("ignoring -tls_used option since -use_mock_srv is given or -server is not given");
|
|
|
opt_tls_used = 0;
|
|
@@ -3145,7 +3145,7 @@ int cmp_main(int argc, char **argv)
|
|
|
cleanse(opt_keypass);
|
|
|
cleanse(opt_newkeypass);
|
|
|
cleanse(opt_otherpass);
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
cleanse(opt_tls_keypass);
|
|
|
#endif
|
|
|
cleanse(opt_secret);
|
|
@@ -3156,7 +3156,7 @@ int cmp_main(int argc, char **argv)
|
|
|
OSSL_CMP_CTX_print_errors(cmp_ctx);
|
|
|
|
|
|
if (cmp_ctx != NULL) {
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx);
|
|
|
|
|
|
(void)OSSL_CMP_CTX_set_http_cb_arg(cmp_ctx, NULL);
|
|
@@ -3165,7 +3165,7 @@ int cmp_main(int argc, char **argv)
|
|
|
X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx));
|
|
|
/* cannot free info already here, as it may be used indirectly by: */
|
|
|
OSSL_CMP_CTX_free(cmp_ctx);
|
|
|
-#ifndef OPENSSL_NO_SOCK
|
|
|
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
|
|
if (info != NULL) {
|
|
|
OPENSSL_free((char *)info->server);
|
|
|
OPENSSL_free((char *)info->port);
|