|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/configure.in openca-ocspd-1.9.0.new/configure.in
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/configure.in 2009-04-24 21:55:42.000000000 +0200
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/configure.in 2013-11-05 13:44:49.150167062 +0100
|
|
Patrick Monnerat |
f0797c6 |
@@ -3,7 +3,7 @@ dnl Process this file with autoconf to p
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl Autoconf boilerplate/
|
|
|
8e0d43e |
AC_INIT(src/ocspd.c)
|
|
|
8e0d43e |
-AC_PREREQ( 2.50)
|
|
|
8e0d43e |
+AC_PREREQ(2.50)
|
|
|
8e0d43e |
AC_CONFIG_AUX_DIR(build)
|
|
|
8e0d43e |
VERSION=`cat VERSION`
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
@@ -21,12 +21,12 @@ dnl AC_PROG_LIBTOOL
|
|
Patrick Monnerat |
f0797c6 |
dnl fi
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
dnl AC_CANONICAL_SYSTEM
|
|
|
8e0d43e |
-AM_INIT_AUTOMAKE( $PACKAGE_NAME, $PACKAGE_MAJOR )
|
|
|
8e0d43e |
+AM_INIT_AUTOMAKE($PACKAGE_NAME, $PACKAGE_MAJOR)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl Options.
|
|
Patrick Monnerat |
94d50ff |
-#AC_DISABLE_FAST_INSTALL
|
|
Patrick Monnerat |
94d50ff |
-#AC_DISABLE_SHARED
|
|
Patrick Monnerat |
94d50ff |
-#AM_MAINTAINER_MODE
|
|
Patrick Monnerat |
94d50ff |
+dnl AC_DISABLE_FAST_INSTALL
|
|
Patrick Monnerat |
94d50ff |
+dnl AC_DISABLE_SHARED
|
|
Patrick Monnerat |
94d50ff |
+dnl AM_MAINTAINER_MODE
|
|
Patrick Monnerat |
94d50ff |
|
|
Patrick Monnerat |
94d50ff |
dnl Select OS specific versions of source files.
|
|
Patrick Monnerat |
94d50ff |
case "${build_os}" in
|
|
Patrick Monnerat |
f0797c6 |
@@ -45,9 +45,9 @@ AM_CONDITIONAL(OCSPD_ARCH_OSX, test x$ar
|
|
|
8e0d43e |
AM_CONDITIONAL(OCSPD_ARCH_SOLARIS, test x$arch = xsolaris)
|
|
|
8e0d43e |
AM_CONDITIONAL(OCSPD_ARCH_HPUX, test x$arch = xhpux)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-AC_CHECK_LIB(pthread, pthread_create,
|
|
|
8e0d43e |
- [ AC_DEFINE(HAVE_LIBPTHREAD, 1, [PTHREAD Library])],
|
|
|
8e0d43e |
- [ AC_MSG_ERROR([pthread library is needed!]) ]
|
|
|
8e0d43e |
+AC_CHECK_LIB(pthread, pthread_create,
|
|
|
8e0d43e |
+ [AC_DEFINE(HAVE_LIBPTHREAD, 1, [PTHREAD Library])],
|
|
|
8e0d43e |
+ [AC_MSG_ERROR([pthread library is needed!])]
|
|
|
8e0d43e |
)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
if test x$arch = xlinux ; then
|
|
Patrick Monnerat |
f0797c6 |
@@ -106,13 +106,6 @@ fi
|
|
Patrick Monnerat |
f0797c6 |
|
|
Patrick Monnerat |
f0797c6 |
AC_SUBST(DIST_NAME)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-dnl Add libtool support.
|
|
|
8e0d43e |
-AM_PROG_LIBTOOL
|
|
|
8e0d43e |
-# AC_PROG_LIBTOOL
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
-dnl Automatically update the libtool script if it becomes out-of-date.
|
|
|
8e0d43e |
-AC_SUBST(LIBTOOL_DEPS)
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
dnl Setup dist stuff
|
|
|
8e0d43e |
AC_SUBST(ac_aux_dir)
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
@@ -208,7 +201,7 @@ else
|
|
|
8e0d43e |
AC_MSG_RESULT([openssl lib dir : $openssl_path (default)])
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-AM_CONDITIONAL(OPENSSL_PREFIX, test x$openssl_prefix != x )
|
|
|
8e0d43e |
+AM_CONDITIONAL(OPENSSL_PREFIX, test x$openssl_prefix != x)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
### Setup for OpenSSL build flags ###
|
|
|
8e0d43e |
dnl Now we like the version of openssl. Let's construct
|
|
Patrick Monnerat |
f0797c6 |
@@ -226,7 +219,7 @@ AM_CONDITIONAL(OPENSSL_PREFIX, test x$op
|
|
|
8e0d43e |
openssl_cflags=[-I${openssl_prefix}/include]
|
|
|
8e0d43e |
openssl_libs=["-L${openssl_prefix}/lib -L${openssl_prefix} -lssl -lcrypto "]
|
|
|
8e0d43e |
openssl_setup=yes
|
|
|
8e0d43e |
- dnl AC_MSG_RESULT( [User specified --with-openssl-prefix])
|
|
|
8e0d43e |
+ dnl AC_MSG_RESULT([User specified --with-openssl-prefix])
|
|
|
8e0d43e |
dnl Check if the developer has the pkg-config macros
|
|
|
8e0d43e |
dnl for the autotools on their system
|
|
|
8e0d43e |
ifdef([PKG_CHECK_MODULES],
|
|
Patrick Monnerat |
f0797c6 |
@@ -235,22 +228,20 @@ AM_CONDITIONAL(OPENSSL_PREFIX, test x$op
|
|
|
8e0d43e |
dnl If so, we can check if the target system has
|
|
|
8e0d43e |
dnl (1) pkg-config support installed as well, and
|
|
|
8e0d43e |
dnl (2) has openssl 0.9.7 or greater installed
|
|
|
8e0d43e |
- AC_CHECK_PROG( HAS_PKGCONF, pkg-config, yes, [] , $PATH)
|
|
|
8e0d43e |
- if [[ x${HAS_PKGCONF} != x ]]; then
|
|
|
8e0d43e |
- PKG_CHECK_MODULES( OPENSSL,openssl >= 0.9.7, [
|
|
|
8e0d43e |
- AC_MSG_RESULT(
|
|
|
8e0d43e |
- [openssl 0.9.7 or greater found via pkgconfig]
|
|
|
8e0d43e |
- )
|
|
|
8e0d43e |
+ AC_CHECK_PROG(HAS_PKGCONF, pkg-config, yes, [] , $PATH)
|
|
|
8e0d43e |
+ if [[ x${HAS_PKGCONF} != x ]]; then
|
|
|
8e0d43e |
+ PKG_CHECK_MODULES(OPENSSL,openssl >= 0.9.7, [
|
|
|
8e0d43e |
+ AC_MSG_RESULT([openssl 0.9.7 or greater found via pkgconfig])
|
|
|
8e0d43e |
openssl_cflags=$OPENSSL_CFLAGS
|
|
|
8e0d43e |
openssl_libs=$OPENSSL_LIBS
|
|
|
8e0d43e |
openssl_setup=yes
|
|
|
8e0d43e |
- fi
|
|
|
8e0d43e |
+ fi
|
|
|
8e0d43e |
],
|
|
|
8e0d43e |
- [
|
|
|
8e0d43e |
- AC_MSG_RESULT( [good openssl not found via pkgconfig])
|
|
|
8e0d43e |
+ [
|
|
|
8e0d43e |
+ AC_MSG_RESULT([good openssl not found via pkgconfig])
|
|
|
8e0d43e |
]
|
|
|
8e0d43e |
) dnl End of PKG_CHECK macro
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
],
|
|
|
8e0d43e |
[
|
|
|
8e0d43e |
## Skipping pkg-config macros...
|
|
Patrick Monnerat |
f0797c6 |
@@ -258,14 +249,14 @@ AM_CONDITIONAL(OPENSSL_PREFIX, test x$op
|
|
|
8e0d43e |
)dnl End of check using pkg-config...
|
|
|
8e0d43e |
|
|
|
8e0d43e |
fi dnl End of prefix block
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
|
|
|
8e0d43e |
if [[ x${openssl_setup} != xyes ]]; then
|
|
|
8e0d43e |
- AC_MSG_RESULT( [Assuming reasonable defaults for openssl...])
|
|
|
8e0d43e |
+ AC_MSG_RESULT([Assuming reasonable defaults for openssl...])
|
|
|
8e0d43e |
openssl_setup=yes
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
- dnl Export our openssl build settings
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+ dnl Export our openssl build settings
|
|
|
8e0d43e |
AC_SUBST(openssl_cflags)
|
|
|
8e0d43e |
AC_SUBST(openssl_libs)
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
@@ -275,28 +266,28 @@ dnl Let's check the presence of OCSP ext
|
|
|
8e0d43e |
dnl AC_OPENSSL_OCSP
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl Let's check the openssl version
|
|
|
8e0d43e |
-dnl AC_EGREP_HEADER( [m/OPENSSL/gm],
|
|
|
8e0d43e |
+dnl AC_EGREP_HEADER([m/OPENSSL/gm],
|
|
|
8e0d43e |
dnl [${openssl_prefix}/include/openssl/opensslv.h],
|
|
|
8e0d43e |
-dnl [openssl_ver="0.9.8+"],
|
|
|
8e0d43e |
+dnl [openssl_ver="0.9.8+"],
|
|
|
8e0d43e |
dnl [openssl_ver="0.9.7"])
|
|
|
8e0d43e |
-dnl
|
|
|
8e0d43e |
+dnl
|
|
|
8e0d43e |
dnl if [[ openssl_ver = "0.9.8+" ]] ; then
|
|
|
8e0d43e |
dnl AC_DEFINE(OPENSSL_VER_00908000)
|
|
|
8e0d43e |
dnl else
|
|
|
8e0d43e |
dnl AC_DEFINE(OPENSSL_VER_00907000)
|
|
|
8e0d43e |
dnl fi
|
|
|
8e0d43e |
-dnl
|
|
|
8e0d43e |
+dnl
|
|
|
8e0d43e |
dnl AC_MSG_RESULT([OpenSSL Detected Version: $openssl_ver]);
|
|
|
8e0d43e |
-dnl
|
|
|
8e0d43e |
+dnl
|
|
|
8e0d43e |
dnl CFLAGS=${openssl_flags}
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl AC_OPENSSL_VERSION
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-dnl AM_CONDITIONAL(OPENSSL_VER_00908000, if test "x$openssl_ver" = "x0.9.8+" )
|
|
|
8e0d43e |
+dnl AM_CONDITIONAL(OPENSSL_VER_00908000, if test "x$openssl_ver" = "x0.9.8+")
|
|
|
8e0d43e |
dnl AC_MSG_RESULT([OpenSSL Detected Version: $openssl_ver]);
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl Enable OPENLDAP Support
|
|
|
8e0d43e |
-AC_ARG_ENABLE( openldap,
|
|
|
8e0d43e |
+AC_ARG_ENABLE(openldap,
|
|
|
8e0d43e |
[ --enable-openldap enable openldap support (yes)],
|
|
|
8e0d43e |
[case "${enableval}" in
|
|
|
8e0d43e |
yes) openldap=true ;;
|
|
Patrick Monnerat |
f0797c6 |
@@ -310,16 +301,16 @@ AM_CONDITIONAL(HAVE_OPENLDAP, test x$ope
|
|
|
8e0d43e |
|
|
|
8e0d43e |
if [[ x$openldap = xtrue ]]; then
|
|
|
8e0d43e |
|
|
|
8e0d43e |
- AC_DEFINE(HAVE_OPENLDAP, [1], [OpenLDAP] )
|
|
|
8e0d43e |
+ AC_DEFINE(HAVE_OPENLDAP, [1], [OpenLDAP])
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl OpenLDAP prefix
|
|
|
8e0d43e |
- AC_ARG_WITH( openldap-prefix,
|
|
|
8e0d43e |
+ AC_ARG_WITH(openldap-prefix,
|
|
|
8e0d43e |
[ --with-openldap-prefix=DIR openldap prefix directory],
|
|
|
8e0d43e |
- [ openldap_prefix=$withval ] , [ openldap_prefix= ] )
|
|
|
8e0d43e |
+ [openldap_prefix=$withval], [openldap_prefix=])
|
|
|
8e0d43e |
|
|
|
8e0d43e |
AC_SUBST(openldap_prefix)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
- AC_MSG_RESULT([with openldap-prefix : $openldap_prefix ])
|
|
|
8e0d43e |
+ AC_MSG_RESULT([with openldap-prefix : $openldap_prefix])
|
|
|
8e0d43e |
if [[ x$openldap_prefix != x ]]; then
|
|
|
8e0d43e |
openldap_path=$openldap_prefix/lib
|
|
|
8e0d43e |
AC_MSG_RESULT([openldap lib dir : $openldap_path])
|
|
Patrick Monnerat |
f0797c6 |
@@ -352,31 +343,31 @@ if [[ x$openldap = xtrue ]]; then
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-AM_CONDITIONAL(OPENLDAP_PREFIX, test x$openldap_prefix != x )
|
|
|
8e0d43e |
+AM_CONDITIONAL(OPENLDAP_PREFIX, test x$openldap_prefix != x)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-dnl Export our OpenLDAP build settings
|
|
|
8e0d43e |
+dnl Export our OpenLDAP build settings
|
|
|
8e0d43e |
AC_SUBST(LDAP_LIBS)
|
|
|
8e0d43e |
AC_SUBST(openldap_cflags)
|
|
|
8e0d43e |
AC_SUBST(openldap_libs)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl OCSP daemon default user
|
|
|
8e0d43e |
-AC_ARG_WITH( ocspd-user,
|
|
|
8e0d43e |
+AC_ARG_WITH(ocspd-user,
|
|
|
8e0d43e |
[ --with-ocspd-user=ARG user to run processes as [ocspd]],
|
|
|
8e0d43e |
-[ user=$withval ] , [ user=ocspd ] )
|
|
|
8e0d43e |
+[user=$withval], [user=ocspd])
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-AC_MSG_RESULT([default ocspd user : $user ])
|
|
|
8e0d43e |
+AC_MSG_RESULT([default ocspd user : $user])
|
|
|
8e0d43e |
AC_SUBST(user)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl OCSP daemon default group
|
|
|
8e0d43e |
-AC_ARG_WITH( ocspd-group,
|
|
|
8e0d43e |
+AC_ARG_WITH(ocspd-group,
|
|
|
8e0d43e |
[ --with-ocspd-group=ARG group to run processes as [daemon]],
|
|
|
8e0d43e |
-[ group=$withval ] , [ group=daemon ] )
|
|
|
8e0d43e |
+[group=$withval], [group=daemon])
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-AC_MSG_RESULT([default ocspd group : $group ])
|
|
|
8e0d43e |
+AC_MSG_RESULT([default ocspd group : $group])
|
|
|
8e0d43e |
AC_SUBST(group)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl OpenSSL Engine Support
|
|
|
8e0d43e |
-AC_ARG_ENABLE( openssl-engine,
|
|
|
8e0d43e |
+AC_ARG_ENABLE(openssl-engine,
|
|
|
8e0d43e |
[ --enable-openssl-engine enable openssl engine support (no)],
|
|
|
8e0d43e |
[case "${enableval}" in
|
|
|
8e0d43e |
yes) engine=true ;;
|
|
Patrick Monnerat |
f0797c6 |
@@ -392,10 +383,10 @@ if [[ x$engine = xtrue ]] ; then
|
|
|
8e0d43e |
AC_DEFINE(HAVE_ENGINE, [1], [ENGINE support for OpenSSL])
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-dnl AC_MSG_RESULT([enable engine support : $engine ])
|
|
|
8e0d43e |
+dnl AC_MSG_RESULT([enable engine support : $engine])
|
|
|
8e0d43e |
|
|
|
8e0d43e |
dnl Semaphores vs Flock Support
|
|
|
8e0d43e |
-AC_ARG_ENABLE( semaphores,
|
|
|
8e0d43e |
+AC_ARG_ENABLE(semaphores,
|
|
|
8e0d43e |
[ --enable-semaphores use semaphores locking method (yes)],
|
|
|
8e0d43e |
[case "${enableval}" in
|
|
|
8e0d43e |
yes) sem=true ;;
|
|
Patrick Monnerat |
f0797c6 |
@@ -404,7 +395,7 @@ AC_ARG_ENABLE( semaphores,
|
|
|
8e0d43e |
esac], [sem=true])
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-AC_ARG_ENABLE( flock,
|
|
|
8e0d43e |
+AC_ARG_ENABLE(flock,
|
|
|
8e0d43e |
[ --enable-flock use semaphores locking method (no)],
|
|
|
8e0d43e |
[case "${enableval}" in
|
|
|
8e0d43e |
yes) flock=true && sem=false ;;
|
|
Patrick Monnerat |
f0797c6 |
@@ -427,10 +418,10 @@ AM_CONDITIONAL(HAVE_FLOCK, test x$flock
|
|
|
8e0d43e |
dnl Debug option
|
|
|
8e0d43e |
AC_ARG_ENABLE(debug,
|
|
|
8e0d43e |
[ --enable-debug enable debug messages.],
|
|
|
8e0d43e |
-[ case "${enableval}" in
|
|
|
8e0d43e |
- yes)
|
|
|
8e0d43e |
+[case "${enableval}" in
|
|
|
8e0d43e |
+ yes)
|
|
|
8e0d43e |
debug=true ;;
|
|
|
8e0d43e |
- no)
|
|
|
8e0d43e |
+ no)
|
|
|
8e0d43e |
debug=false ;;
|
|
|
8e0d43e |
*) AC_MSG_ERROR([bad value ${enableval} for --enable-debug]) ;;
|
|
|
8e0d43e |
esac], [debug=false])
|
|
Patrick Monnerat |
f0797c6 |
@@ -445,16 +436,26 @@ if [[ x${prefix} = xNONE ]]; then
|
|
|
8e0d43e |
prefix="/usr/local";
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
|
|
|
8e0d43e |
+dnl Be sure we know the effective directory pathes.
|
|
|
8e0d43e |
+sysconfdirvalue="`eval echo ${sysconfdir}`"
|
|
|
8e0d43e |
+AC_SUBST(sysconfdirvalue)
|
|
|
8e0d43e |
+sbindirvalue="`eval echo ${sbindir}`"
|
|
|
8e0d43e |
+AC_SUBST(sbindirvalue)
|
|
|
8e0d43e |
+localstatedirvalue="`eval echo ${localstatedir}`"
|
|
|
8e0d43e |
+AC_SUBST(localstatedirvalue)
|
|
|
8e0d43e |
+piddir="${piddir-${localstatedirvalue}/run}"
|
|
|
8e0d43e |
+AC_SUBST(piddir)
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
dnl OpenCA prefix
|
|
|
8e0d43e |
-AC_ARG_WITH( openca-prefix,
|
|
|
8e0d43e |
+AC_ARG_WITH(openca-prefix,
|
|
|
8e0d43e |
[ --with-openca-prefix=ARG OpenCA install prefix (PREFIX/OpenCA)],
|
|
|
8e0d43e |
-[ openca_prefix=$withval], [openca_prefix=${prefix}/OpenCA] )
|
|
|
8e0d43e |
+[openca_prefix=$withval], [openca_prefix=${prefix}/OpenCA])
|
|
|
8e0d43e |
|
|
|
8e0d43e |
if [[ x${openca_prefix} = x ]] ; then
|
|
|
8e0d43e |
AC_MSG_ERROR([bad value ${openca_prefix} for --with-openca-prefix])
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-AC_MSG_RESULT([with openca-prefix : $openca_prefix ])
|
|
|
8e0d43e |
+AC_MSG_RESULT([with openca-prefix : $openca_prefix])
|
|
Patrick Monnerat |
f0797c6 |
AC_SUBST(openca_prefix)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
AC_MSG_RESULT([install prefix : $prefix])
|
|
Patrick Monnerat |
f0797c6 |
@@ -467,7 +468,7 @@ AC_OUTPUT(
|
|
|
8e0d43e |
etc/Makefile
|
|
|
8e0d43e |
etc/ocspd
|
|
|
8e0d43e |
etc/ocspd.conf
|
|
|
8e0d43e |
+ etc/ocspd.sysconfig
|
|
Patrick Monnerat |
f0797c6 |
contrib/openca-ocspd.xml
|
|
Patrick Monnerat |
f0797c6 |
contrib/openca-ocspd-common.xml
|
|
|
8e0d43e |
)
|
|
|
8e0d43e |
-
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/docs/ocspd.conf.3.pod openca-ocspd-1.9.0.new/docs/ocspd.conf.3.pod
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/docs/ocspd.conf.3.pod 2008-02-15 00:24:15.000000000 +0100
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/docs/ocspd.conf.3.pod 2013-11-05 13:39:12.715332386 +0100
|
|
Patrick Monnerat |
f0797c6 |
@@ -68,11 +68,9 @@ Following is a sample configuration file
|
|
|
8e0d43e |
|
|
|
8e0d43e |
[ OCSPD_default ]
|
|
|
8e0d43e |
|
|
|
8e0d43e |
- dir = /usr/local/etc/ocspd
|
|
|
8e0d43e |
- db = $dir/index.txt
|
|
|
8e0d43e |
+ dir = /etc/ocspd
|
|
|
8e0d43e |
md = sha1
|
|
|
8e0d43e |
|
|
|
8e0d43e |
- ca_certificate = $dir/certs/cacert.pem
|
|
|
8e0d43e |
ocspd_certificate = $dir/certs/ocspd_cert.pem
|
|
|
8e0d43e |
ocspd_key = $dir/private/ocspd_key.pem
|
|
|
8e0d43e |
pidfile = $dir/ocspd.pid
|
|
Patrick Monnerat |
f0797c6 |
@@ -100,7 +98,7 @@ Following is a sample configuration file
|
|
|
8e0d43e |
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ ocsp_response ]
|
|
|
8e0d43e |
- dir = /usr/local/etc/ocspd
|
|
|
8e0d43e |
+ dir = /etc/ocspd
|
|
|
8e0d43e |
ocsp_add_response_certs = $dir/certs/chain_certs.pem
|
|
|
8e0d43e |
ocsp_add_response_keyid = yes
|
|
|
8e0d43e |
next_update_days = 0
|
|
Patrick Monnerat |
f0797c6 |
@@ -127,7 +125,7 @@ Following is a sample configuration file
|
|
|
8e0d43e |
# http is used)
|
|
|
8e0d43e |
#
|
|
|
8e0d43e |
# You can have the CRLs/CA certificates on a simple file
|
|
|
8e0d43e |
- # crl_url = file:///usr/local/etc/ocspd/crl.pem
|
|
|
8e0d43e |
+ # crl_url = file:///etc/ocspd/crl.pem
|
|
|
8e0d43e |
#
|
|
|
8e0d43e |
# You can retrieve the CRLs/CA certificates from a web server
|
|
|
8e0d43e |
# crl_urt = http://server/ca/cacert.der
|
|
Patrick Monnerat |
f0797c6 |
@@ -151,7 +149,7 @@ Following is a sample configuration file
|
|
|
8e0d43e |
[ dbms_file ]
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# You can have the CRL on a simple file in PEM format
|
|
|
8e0d43e |
- crl_url = file:///usr/local/etc/ocspd/crl.pem
|
|
|
8e0d43e |
+ crl_url = file:///etc/ocspd/crl.pem
|
|
|
8e0d43e |
|
|
|
8e0d43e |
[ HSM ]
|
|
|
8e0d43e |
# Hardware accelerators support via the ENGINE interface
|
|
Patrick Monnerat |
f0797c6 |
@@ -173,21 +171,10 @@ line options too ( see L<ocspd(3)>).
|
|
|
8e0d43e |
|
|
|
8e0d43e |
specifies the directory where everything is kept.
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-=item B<db>
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
-specifies the db where info about issued certificates are kept. Right
|
|
|
8e0d43e |
-now the only supported file format is the one from B<L<openssl(1)>>.
|
|
|
8e0d43e |
-To reload the certificate's db simply send a SIGHUP to the main process
|
|
|
8e0d43e |
-( kill -s SIGHUP pid ).
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
=item B<md>
|
|
|
8e0d43e |
|
|
|
8e0d43e |
specifies the digest to be used. Default is sha1.
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-=item B<ca_certificate>
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
-path to the CA's certificate.
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
=item B<ocspd_certificate>
|
|
|
8e0d43e |
|
|
|
8e0d43e |
path to the certificate to be used by the responder.
|
|
Patrick Monnerat |
f0797c6 |
@@ -234,6 +221,13 @@ From version 1.5+ the server is not pre-
|
|
|
8e0d43e |
a pre-threaded one. In order to run the server needs support
|
|
|
8e0d43e |
for POSIX1.c as found in most modern UNiX systems.
|
|
|
8e0d43e |
|
|
|
8e0d43e |
+=item B<max_client_num>
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+Size of the system socket queue: when all service threads are busy,
|
|
|
8e0d43e |
+up to this number of unserved requests are accepted in queue and
|
|
|
8e0d43e |
+will be processed as soon as a thread becomes available; additional
|
|
|
8e0d43e |
+connection requests will be denied. Default: 30.
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
=item B<chroot_dir>
|
|
|
8e0d43e |
|
|
|
8e0d43e |
Chroot the application into the specified directory, watch
|
|
Patrick Monnerat |
f0797c6 |
@@ -296,7 +290,7 @@ the days+mins.
|
|
|
8e0d43e |
specifies the URI where the CA certificate (which identifies the
|
|
|
8e0d43e |
single CA) is located. Three different protocols are implemented
|
|
|
8e0d43e |
( file:// http:// or ldap:// ). If file is chosen, then the parameter
|
|
|
8e0d43e |
-should carry the path to the CA file (i.e. file:///usr/local/etc/ca.pem).
|
|
|
8e0d43e |
+should carry the path to the CA file (i.e. file:///etc/ocspd/certs/ca.pem).
|
|
|
8e0d43e |
If ldap or http is chosen, you can specify the address, and the port
|
|
|
8e0d43e |
of the server where to connect to (i.e. ldap://server.addr:port).
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
@@ -306,7 +300,7 @@ specifies the URI where the CRL (list of
|
|
|
8e0d43e |
actually used for building responses) is located. Three different
|
|
|
8e0d43e |
protocols are actually implemented ( file:// http:// or ldap:// ).
|
|
|
8e0d43e |
If file is chosen, then the parameter should have the path to the
|
|
|
8e0d43e |
-crl file (i.e. file:///usr/local/etc/cacrl.pem). If ldap or http
|
|
|
8e0d43e |
+crl file (i.e. file:///etc/ocspd/crls/cacrl.pem). If ldap or http
|
|
|
8e0d43e |
is chosen, you can specify the address, and the port of the
|
|
|
8e0d43e |
server where to connect to (i.e. ldap://server.addr:port).
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/etc/Makefile.am openca-ocspd-1.9.0.new/etc/Makefile.am
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/etc/Makefile.am 2008-02-15 00:24:15.000000000 +0100
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/etc/Makefile.am 2013-11-05 13:39:12.715332386 +0100
|
|
|
8e0d43e |
@@ -2,20 +2,23 @@
|
|
|
8e0d43e |
|
|
|
8e0d43e |
CHMOD = @CHMOD@
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-EXTRA_DIST = ocspd.conf.in ocspd.in
|
|
|
8e0d43e |
+EXTRA_DIST = ocspd.conf.in ocspd.in ocspd.sysconfig.in
|
|
|
8e0d43e |
|
|
|
8e0d43e |
install-data-local:
|
|
|
8e0d43e |
@$(NORMAL_INSTALL)
|
|
|
8e0d43e |
- $(mkinstalldirs) $(sysconfdir); \
|
|
|
8e0d43e |
- $(mkinstalldirs) $(sysconfdir)/init.d; \
|
|
|
8e0d43e |
- $(mkinstalldirs) $(sysconfdir)/ocspd; \
|
|
|
8e0d43e |
- $(mkinstalldirs) $(sysconfdir)/ocspd/certs; \
|
|
|
8e0d43e |
- $(mkinstalldirs) $(sysconfdir)/ocspd/private; \
|
|
|
8e0d43e |
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir); \
|
|
|
8e0d43e |
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/rc.d; \
|
|
|
8e0d43e |
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/rc.d/init.d; \
|
|
|
8e0d43e |
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/sysconfig; \
|
|
|
8e0d43e |
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/ocspd; \
|
|
|
8e0d43e |
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/ocspd/certs; \
|
|
|
8e0d43e |
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/ocspd/crls; \
|
|
|
8e0d43e |
+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/ocspd/private; \
|
|
|
8e0d43e |
for file in *.conf ; do \
|
|
|
8e0d43e |
if test -f $$file; then \
|
|
|
8e0d43e |
- $(INSTALL_DATA) $$file $(sysconfdir)/ocspd; \
|
|
|
8e0d43e |
+ $(INSTALL_DATA) $$file $(DESTDIR)$(sysconfdir)/ocspd; \
|
|
|
8e0d43e |
fi \
|
|
|
8e0d43e |
done ; \
|
|
|
8e0d43e |
- $(INSTALL_DATA) ocspd $(sysconfdir)/init.d ; \
|
|
|
8e0d43e |
- $(CHMOD) +x $(sysconfdir)/init.d/ocspd
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
+ $(INSTALL_DATA) ocspd $(DESTDIR)$(sysconfdir)/rc.d/init.d ; \
|
|
|
8e0d43e |
+ $(CHMOD) +x $(DESTDIR)$(sysconfdir)/rc.d/init.d/ocspd; \
|
|
|
8e0d43e |
+ $(INSTALL_DATA) ocspd.sysconfig $(DESTDIR)$(sysconfdir)/sysconfig/ocspd
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/etc/ocspd.conf.in openca-ocspd-1.9.0.new/etc/ocspd.conf.in
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/etc/ocspd.conf.in 2008-02-15 00:24:15.000000000 +0100
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/etc/ocspd.conf.in 2013-11-05 13:39:12.715332386 +0100
|
|
Patrick Monnerat |
f0797c6 |
@@ -8,14 +8,12 @@ default_ocspd = OCSPD_default # The def
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ OCSPD_default ]
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-dir = @prefix@/etc/ocspd # Where everything is kept
|
|
|
8e0d43e |
-db = $dir/index.txt # database index file.
|
|
|
8e0d43e |
+dir = @sysconfdirvalue@/ocspd # Where everything is kept
|
|
|
8e0d43e |
md = sha1
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-ca_certificate = $dir/certs/cacert.pem # The CA certificate
|
|
|
8e0d43e |
ocspd_certificate = $dir/certs/ocspd_cert.pem # The OCSP server cert
|
|
|
8e0d43e |
ocspd_key = $dir/private/ocspd_key.pem # The OCSP server key
|
|
|
8e0d43e |
-pidfile = $dir/ocspd.pid # Main process pid
|
|
|
8e0d43e |
+pidfile = @piddir@/ocspd.pid # Main process pid
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# User and Group the server will run as. It is a good idea
|
|
|
8e0d43e |
# not having servers running as root: in case of errors in
|
|
Patrick Monnerat |
f0797c6 |
@@ -41,6 +39,10 @@ max_req_size = 8192
|
|
|
8e0d43e |
# and processors.
|
|
|
8e0d43e |
threads_num = 150
|
|
|
8e0d43e |
|
|
|
8e0d43e |
+# Size of the system listen() queue. This allows buffering connection
|
|
|
8e0d43e |
+# requests for later processing when all threads are already busy.
|
|
|
8e0d43e |
+#max_client_num = 30
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
# Max timeout for request receiving. If a request is not received
|
|
|
8e0d43e |
# within the specified number of seconds then the socket is closed
|
|
|
8e0d43e |
# in order to free unused threads. If not set, the default value
|
|
Patrick Monnerat |
f0797c6 |
@@ -61,7 +63,7 @@ http_proto = 1.1
|
|
|
8e0d43e |
# error will be written in the logfile, but the server will
|
|
|
8e0d43e |
# continue to run assuming the chroot() is sufficiently isolated
|
|
|
8e0d43e |
# to prevent abuse of the machine.
|
|
|
8e0d43e |
-# chdir = @prefix@
|
|
|
8e0d43e |
+#chroot_dir = @prefix@
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# Auto Reload interval of CRL (if set to 0 or not present, to
|
|
|
8e0d43e |
# reload the CRL you'll need to send a SIGHUP (kill -1 <pid>)
|
|
Patrick Monnerat |
f0797c6 |
@@ -80,7 +82,7 @@ crl_check_validity = 600
|
|
|
8e0d43e |
# Reload CRL if the one loaded is expired. Set this parameter
|
|
|
8e0d43e |
# only if you are sure that the new CRL will be issued and put
|
|
|
8e0d43e |
# in the crl_url.
|
|
|
8e0d43e |
-crl_reload_expired = yes
|
|
|
8e0d43e |
+#crl_reload_expired = yes
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# Specifies the response section to load the server options
|
|
|
8e0d43e |
# from
|
|
Patrick Monnerat |
f0797c6 |
@@ -89,10 +91,10 @@ response = ocsp_response
|
|
|
8e0d43e |
# It specifies the section to be used where options about where
|
|
|
8e0d43e |
# CRL and certificates are kept.
|
|
|
8e0d43e |
#
|
|
|
8e0d43e |
-# Example section using LDAP for data retrival
|
|
|
8e0d43e |
+# Example section using LDAP for data retrieval
|
|
|
8e0d43e |
# dbms = dbms_ldap
|
|
|
8e0d43e |
#
|
|
|
8e0d43e |
-# Example section using FILES for data retrival
|
|
|
8e0d43e |
+# Example section using FILES for data retrieval
|
|
|
8e0d43e |
dbms = dbms_file
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# Enables the ENGINE interface for the server. If set to off then
|
|
Patrick Monnerat |
f0797c6 |
@@ -108,7 +110,7 @@ dbms = dbms_file
|
|
|
8e0d43e |
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ ocsp_response ]
|
|
|
8e0d43e |
-dir = @prefix@/etc/ocspd
|
|
|
8e0d43e |
+dir = @sysconfdirvalue@/ocspd
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# It is possible to include additional certificates in given
|
|
|
8e0d43e |
# responses. Put all the certificates you want to include in
|
|
Patrick Monnerat |
f0797c6 |
@@ -145,7 +147,7 @@ next_update_mins = 5
|
|
|
8e0d43e |
|
|
|
8e0d43e |
[ ldap_ca_1 ]
|
|
|
8e0d43e |
# You can have the CRL on a simple file
|
|
|
8e0d43e |
-# crl_url = file:///usr/local/etc/ocspd/crl.pem
|
|
|
8e0d43e |
+# crl_url = file://@sysconfdirvalue@/ocspd/crls/crl.pem
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# You can have the CRL retrieved from an HTTP server
|
|
|
8e0d43e |
# crl_url = http://[user[:pwd]@]server[:port]/path_to_crl
|
|
Patrick Monnerat |
f0797c6 |
@@ -189,7 +191,7 @@ crl_entry_attribute = "certificateRevoca
|
|
Patrick Monnerat |
94d50ff |
ca_entry_dn = "o=Organisation, c=IT"
|
|
Patrick Monnerat |
94d50ff |
|
|
Patrick Monnerat |
94d50ff |
# Server Certificate to attach to the response
|
|
Patrick Monnerat |
94d50ff |
-server_cert = file:///@prefix@/etc/ocspd/certs/ocspd_cert.pem
|
|
Patrick Monnerat |
94d50ff |
+server_cert = file://@sysconfdirvalue@/ocspd/certs/ocspd_cert.pem
|
|
Patrick Monnerat |
94d50ff |
|
|
Patrick Monnerat |
94d50ff |
####################################################################
|
|
Patrick Monnerat |
94d50ff |
[ dbms_file ]
|
|
Patrick Monnerat |
f0797c6 |
@@ -203,25 +205,25 @@ server_cert = file:///@prefix@/etc/ocspd
|
|
|
8e0d43e |
[ first_ca ]
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# You can have the CRL on a simple file in PEM format
|
|
|
8e0d43e |
-crl_url = file:///@prefix@/etc/ocspd/crls/crl_01.pem
|
|
|
8e0d43e |
+crl_url = file://@sysconfdirvalue@/ocspd/crls/crl_01.pem
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# We need the CA certificate for every supported CRL
|
|
|
8e0d43e |
-ca_url = file:///@prefix@/etc/ocspd/certs/1st_cacert.pem
|
|
|
8e0d43e |
+ca_url = file://@sysconfdirvalue@/ocspd/certs/1st_cacert.pem
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
94d50ff |
# Server Certificate to attach to the response
|
|
Patrick Monnerat |
94d50ff |
-server_cert = file:///@prefix@/etc/ocspd/certs/ocspd_cert.pem
|
|
Patrick Monnerat |
94d50ff |
+server_cert = file://@sysconfdirvalue@/ocspd/certs/ocspd_cert.pem
|
|
Patrick Monnerat |
94d50ff |
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ second_ca ]
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# You can have the CRL on a simple file in PEM format
|
|
|
8e0d43e |
-crl_url = file:///@prefix@/etc/ocspd/crls/crl_02.pem
|
|
|
8e0d43e |
+crl_url = file://@sysconfdirvalue@/ocspd/crls/crl_02.pem
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# We need the CA certificate for every supported CRL
|
|
|
8e0d43e |
-ca_url = file:///@prefix@/etc/ocspd/certs/2nd_cacert.pem
|
|
|
8e0d43e |
+ca_url = file://@sysconfdirvalue@/ocspd/certs/2nd_cacert.pem
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
94d50ff |
# Server Certificate to attach to the response
|
|
Patrick Monnerat |
94d50ff |
-server_cert = file:///@prefix@/etc/ocspd/certs/ocspd_cert.pem
|
|
Patrick Monnerat |
94d50ff |
+server_cert = file://@sysconfdirvalue@/ocspd/certs/ocspd_cert.pem
|
|
Patrick Monnerat |
94d50ff |
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ HSM ]
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/etc/ocspd.in openca-ocspd-1.9.0.new/etc/ocspd.in
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/etc/ocspd.in 2008-02-15 00:24:15.000000000 +0100
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/etc/ocspd.in 2013-11-05 13:39:12.716332395 +0100
|
|
|
8e0d43e |
@@ -1,90 +1,94 @@
|
|
|
8e0d43e |
#!/bin/sh
|
|
|
8e0d43e |
#
|
|
|
8e0d43e |
-# Startup script for the OCSPD responder
|
|
|
8e0d43e |
+# ocspd Startup script for the OCSPD responder
|
|
|
8e0d43e |
#
|
|
|
8e0d43e |
-# chkconfig: 345 85 15
|
|
|
8e0d43e |
+# chkconfig: - 85 15
|
|
|
8e0d43e |
# description: OpenCA OCSP Responder
|
|
|
8e0d43e |
-# processname: openca-ocspd
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
-prefix="@prefix@";
|
|
|
8e0d43e |
-sbin="${prefix}/sbin";
|
|
|
8e0d43e |
-etc="${prefix}/etc/ocspd"
|
|
|
8e0d43e |
+# processname: ocspd
|
|
|
8e0d43e |
+# pidfile: @piddir@/ocspd.pid
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# Source function library.
|
|
|
8e0d43e |
-# . /etc/rc.d/init.d/functions
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
-ocspd="${sbin}/ocspd";
|
|
|
8e0d43e |
-conf="${etc}/ocspd.conf";
|
|
|
8e0d43e |
+. /etc/rc.d/init.d/functions
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-# Take a look in your apache config and set it as it is set there.
|
|
|
8e0d43e |
-pidfile="${etc}/ocspd.pid";
|
|
|
8e0d43e |
+if [ -f /etc/sysconfig/network ]; then
|
|
|
8e0d43e |
+ . /etc/sysconfig/network
|
|
|
8e0d43e |
+fi
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+if [ -f /etc/sysconfig/ocspd ]; then
|
|
|
8e0d43e |
+ . /etc/sysconfig/ocspd
|
|
|
8e0d43e |
+fi
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+prog=ocspd
|
|
|
8e0d43e |
+exec="@sbindirvalue@/${prog}";
|
|
|
8e0d43e |
+config="@sysconfdirvalue@/${prog}/${prog}.conf"
|
|
|
8e0d43e |
+pidfile="@piddir@/${prog}.pid"
|
|
|
8e0d43e |
+lockfile="@localstatedirvalue@/lock/subsys/${prog}"
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+# Check that we are root ... so non-root users stop here
|
|
|
8e0d43e |
+[ `id -u` = 0 ] || exit 1
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+# Check that networking is up.
|
|
|
8e0d43e |
+[ "${NETWORKING}" = "yes" ] || exit 0
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+RETVAL=0
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+start()
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+{
|
|
|
8e0d43e |
+ [ -x "${exec}" ] || exit 5
|
|
|
8e0d43e |
+ [ -f "${config}" ] || exit 6
|
|
|
8e0d43e |
+ echo -n $"Starting ${prog}: "
|
|
|
8e0d43e |
+ daemon --pidfile "${pidfile}" "${exec}" -d -c "${config}" \
|
|
|
8e0d43e |
+ ${OPTIONS} ${1}
|
|
|
8e0d43e |
+ RETVAL=$?
|
|
|
8e0d43e |
+ echo
|
|
|
8e0d43e |
+ [ "${RETVAL}" -eq "0" ] && touch "${lockfile}"
|
|
|
8e0d43e |
+ return $RETVAL
|
|
|
8e0d43e |
+}
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# See how we were called.
|
|
|
8e0d43e |
-case "$1" in
|
|
|
8e0d43e |
+case "${1}" in
|
|
|
8e0d43e |
start)
|
|
|
8e0d43e |
- echo -n "Starting OCSP Responder: "
|
|
|
8e0d43e |
- ${ocspd} -c "${conf}" -d
|
|
|
8e0d43e |
- echo "Done."
|
|
|
8e0d43e |
+ start
|
|
|
8e0d43e |
+ RETVAL=$?
|
|
|
8e0d43e |
;;
|
|
|
8e0d43e |
start-verbose)
|
|
|
8e0d43e |
- echo -n "Starting OCSP Responder: "
|
|
|
8e0d43e |
- ${ocspd} -c "${conf}" -d -v
|
|
|
8e0d43e |
- echo "Done."
|
|
|
8e0d43e |
+ start -v
|
|
|
8e0d43e |
+ RETVAL=$?
|
|
|
8e0d43e |
;;
|
|
|
8e0d43e |
start-debug)
|
|
|
8e0d43e |
- echo -n "Starting OCSP Responder: "
|
|
|
8e0d43e |
- ${ocspd} -c "${conf}" -d -v -debug
|
|
|
8e0d43e |
- echo "Done."
|
|
|
8e0d43e |
+ start "-v -debug"
|
|
|
8e0d43e |
+ RETVAL=$?
|
|
|
8e0d43e |
;;
|
|
|
8e0d43e |
stop)
|
|
|
8e0d43e |
- echo -n "Shutting down OCSP Responder: "
|
|
|
8e0d43e |
- if [ -f "$pidfile" ] ; then
|
|
|
8e0d43e |
- pid=`cat $pidfile`;
|
|
|
8e0d43e |
- # if [ "x$pid" = "x" ] ; then
|
|
|
8e0d43e |
- # killall -15 ocspd
|
|
|
8e0d43e |
- # else
|
|
|
8e0d43e |
- kill -15 ${pid}
|
|
|
8e0d43e |
- # fi
|
|
|
8e0d43e |
- rm -f "$pidfile"
|
|
|
8e0d43e |
- else
|
|
|
8e0d43e |
- echo "Missing pidfile (already stopped?)"
|
|
|
8e0d43e |
- fi
|
|
|
8e0d43e |
- echo "Done."
|
|
|
8e0d43e |
+ echo -n $"Shutting down ${prog}: "
|
|
|
8e0d43e |
+ killproc -p "${pidfile}" "${prog}"
|
|
|
8e0d43e |
+ RETVAL=$?
|
|
|
8e0d43e |
+ echo
|
|
|
8e0d43e |
+ [ "${RETVAL}" -eq "0" ] && rm -f "${lockfile}"
|
|
|
8e0d43e |
;;
|
|
|
8e0d43e |
status)
|
|
|
8e0d43e |
- echo -n "OCSP Responder is "
|
|
|
8e0d43e |
- if ! [ -f "$pidfile" ] ; then
|
|
|
8e0d43e |
- echo "stopped."
|
|
|
8e0d43e |
- else
|
|
|
8e0d43e |
- pid=`cat $pidfile`;
|
|
|
8e0d43e |
- if test `ps -p ${pid}` ; then
|
|
|
8e0d43e |
- echo "running ( $pid ) ... "
|
|
|
8e0d43e |
- else
|
|
|
8e0d43e |
- echo "stopped."
|
|
|
8e0d43e |
- fi
|
|
|
8e0d43e |
- fi
|
|
|
8e0d43e |
- ;;
|
|
|
8e0d43e |
- reload-crl)
|
|
|
8e0d43e |
- echo -n "Sending Reload CRL Signal to OCSP ... "
|
|
|
8e0d43e |
- if ! [ -f "$pidfile" ] ; then
|
|
|
8e0d43e |
- echo "stopped."
|
|
|
8e0d43e |
- else
|
|
|
8e0d43e |
- pid=`cat $pidfile`;
|
|
|
8e0d43e |
- if test `kill -HUP ${pid}` ; then
|
|
|
8e0d43e |
- echo "error."
|
|
|
8e0d43e |
- else
|
|
|
8e0d43e |
- echo "Ok."
|
|
|
8e0d43e |
- fi
|
|
|
8e0d43e |
- fi
|
|
|
8e0d43e |
+ status "${prog}"
|
|
|
8e0d43e |
+ RETVAL=$?
|
|
|
8e0d43e |
;;
|
|
|
8e0d43e |
- restart)
|
|
|
8e0d43e |
- $0 stop
|
|
|
8e0d43e |
+ reload)
|
|
|
8e0d43e |
+ echo -n $"Reloading CRLs: "
|
|
|
8e0d43e |
+ killproc -p "${pidfile}" "${prog}" -HUP
|
|
|
8e0d43e |
+ RETVAL=$?
|
|
|
8e0d43e |
+ echo
|
|
|
8e0d43e |
+ ;;
|
|
|
8e0d43e |
+ restart|force-reload)
|
|
|
8e0d43e |
+ "${0}" stop
|
|
|
8e0d43e |
sleep 2
|
|
|
8e0d43e |
- $0 start
|
|
|
8e0d43e |
+ "${0}" start
|
|
|
8e0d43e |
+ ;;
|
|
|
8e0d43e |
+ condrestart|try-restart)
|
|
|
8e0d43e |
+ [ -e "${lockfile}" ] && "${0}" restart
|
|
|
8e0d43e |
;;
|
|
|
8e0d43e |
*)
|
|
|
8e0d43e |
- echo "Usage: $0 {start|stop|status|reload-crl|restart}"
|
|
|
8e0d43e |
- exit 1
|
|
|
8e0d43e |
+ echo "Usage: ${0} {start|start-verbose|start-debug|stop|status|"
|
|
|
8e0d43e |
+ echo " reload|force-reload|restart|condrestart|try-restart}"
|
|
|
8e0d43e |
+ RETVAL=2
|
|
|
8e0d43e |
esac
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-exit 0
|
|
|
8e0d43e |
+exit $RETVAL
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/etc/ocspd.sysconfig.in openca-ocspd-1.9.0.new/etc/ocspd.sysconfig.in
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/etc/ocspd.sysconfig.in 1970-01-01 01:00:00.000000000 +0100
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/etc/ocspd.sysconfig.in 2013-11-05 13:39:12.716332395 +0100
|
|
|
8e0d43e |
@@ -0,0 +1,8 @@
|
|
|
8e0d43e |
+# Name of daemon program.
|
|
|
8e0d43e |
+#OCSPD=@sbindirvalue@/ocspd
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+# Configuration file.
|
|
|
8e0d43e |
+#CONF=@sysconfdirvalue@/ocspd/ocspd.conf
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+# Additional command line options.
|
|
|
8e0d43e |
+#OPTIONS=""
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/examples/index.txt openca-ocspd-1.9.0.new/examples/index.txt
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/examples/index.txt 2008-02-15 00:24:15.000000000 +0100
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/examples/index.txt 1970-01-01 01:00:00.000000000 +0100
|
|
|
8e0d43e |
@@ -1 +0,0 @@
|
|
|
8e0d43e |
-V 020610093819Z 01 unknown /Email=chiarap@excite.com/CN=Chiara Ponz de Leon/OU=Building A/O=OpenCA/C=IT
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/examples/ocspd.conf openca-ocspd-1.9.0.new/examples/ocspd.conf
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/examples/ocspd.conf 2008-02-15 00:24:15.000000000 +0100
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/examples/ocspd.conf 2013-11-05 13:39:12.716332395 +0100
|
|
Patrick Monnerat |
f0797c6 |
@@ -8,11 +8,9 @@ default_ocspd = OCSPD_default # The def
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ OCSPD_default ]
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-dir = /usr/local/ocspd/etc/ocspd # Where everything is kept
|
|
|
8e0d43e |
-db = $dir/index.txt # database index file.
|
|
|
8e0d43e |
+dir = /etc/ocspd # Where everything is kept
|
|
|
8e0d43e |
md = sha1
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-ca_certificate = $dir/certs/cacert.pem # The CA certificate
|
|
|
8e0d43e |
ocspd_certificate = $dir/certs/ocspd_cert_2.pem # The OCSP server cert
|
|
|
8e0d43e |
ocspd_key = $dir/private/ocspd_key.pem # The OCSP server key
|
|
|
8e0d43e |
pidfile = $dir/ocspd.pid # Main process pid
|
|
Patrick Monnerat |
f0797c6 |
@@ -81,7 +79,7 @@ dbms = dbms_file
|
|
|
8e0d43e |
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ ocsp_response ]
|
|
|
8e0d43e |
-dir = /usr/local/ocspd/etc/ocspd
|
|
|
8e0d43e |
+dir = /etc/ocspd
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# It is possible to include additional certificates in given
|
|
|
8e0d43e |
# responses. Put all the certificates you want to include in
|
|
Patrick Monnerat |
f0797c6 |
@@ -113,7 +111,7 @@ next_update_mins = 5
|
|
|
8e0d43e |
|
|
|
8e0d43e |
[ ldap_ca_1 ]
|
|
|
8e0d43e |
# You can have the CRL on a simple file
|
|
|
8e0d43e |
-# crl_url = file:///usr/local/etc/ocspd/crl.pem
|
|
|
8e0d43e |
+# crl_url = file:///etc/ocspd/crls/crl.pem
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# You can store the CRL into an LDAP server, simply
|
|
|
8e0d43e |
# store it in certificateRevocationList;binary attribute
|
|
Patrick Monnerat |
f0797c6 |
@@ -166,20 +164,20 @@ ca_entry_dn = "o=Organisation, c=IT"
|
|
|
8e0d43e |
[ first_ca ]
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# You can have the CRL on a simple file in PEM format
|
|
|
8e0d43e |
-crl_url = file:////usr/local/ocspd/etc/ocspd/crls/crl_07.crl
|
|
|
8e0d43e |
+crl_url = file:///etc/ocspd/crls/crl_07.crl
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# We need the CA certificate for every supported CRL
|
|
|
8e0d43e |
-# ca_url = file:////usr/local/ocspd/etc/ocspd/certs/1st_cacert.pem
|
|
|
8e0d43e |
-ca_url = file:////usr/local/ocspd/etc/ocspd/certs/cacert.pem
|
|
|
8e0d43e |
+# ca_url = file:///etc/ocspd/certs/1st_cacert.pem
|
|
|
8e0d43e |
+ca_url = file:///etc/ocspd/certs/cacert.pem
|
|
|
8e0d43e |
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ second_ca ]
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# You can have the CRL on a simple file in PEM format
|
|
|
8e0d43e |
-crl_url = file:////usr/local/ocspd/etc/ocspd/crls/crl_01.crl
|
|
|
8e0d43e |
+crl_url = file:///etc/ocspd/crls/crl_01.crl
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# We need the CA certificate for every supported CRL
|
|
|
8e0d43e |
-ca_url = file:////usr/local/ocspd/etc/ocspd/certs/2nd_cacert.pem
|
|
|
8e0d43e |
+ca_url = file:///etc/ocspd/certs/2nd_cacert.pem
|
|
|
8e0d43e |
|
|
|
8e0d43e |
####################################################################
|
|
|
8e0d43e |
[ HSM ]
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/src/core.c openca-ocspd-1.9.0.new/src/core.c
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/src/core.c 2009-06-08 19:24:05.000000000 +0200
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/src/core.c 2013-11-05 13:39:12.716332395 +0100
|
|
Patrick Monnerat |
f0797c6 |
@@ -36,8 +36,8 @@ void handle_sigabrt ( int i );
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
94d50ff |
/* Function Bodies */
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-int start_threaded_server ( char * bind_s, char * port_s, int nthreads,
|
|
|
8e0d43e |
- OCSPD_CONFIG * ocspd_conf ) {
|
|
|
8e0d43e |
+int start_threaded_server ( char * bind_s, char * port_s, int queue_len,
|
|
|
8e0d43e |
+ int nthreads, OCSPD_CONFIG * ocspd_conf ) {
|
|
|
8e0d43e |
int i;
|
|
Patrick Monnerat |
94d50ff |
int cycle = -1;
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
@@ -55,7 +55,8 @@ int start_threaded_server ( char * bind_
|
|
|
8e0d43e |
exit(68);
|
|
|
8e0d43e |
}
|
|
|
8e0d43e |
|
|
|
8e0d43e |
- if( (ocspd_conf->listenfd = Listen( bind_s, atoi(port_s) )) == 0) {
|
|
|
8e0d43e |
+ if ((ocspd_conf->listenfd = Listen(bind_s, atoi(port_s),
|
|
|
8e0d43e |
+ queue_len)) == 0) {
|
|
|
8e0d43e |
syslog(LOG_ERR, "ERROR::BIND::Can not bind to [%s],[%d]",
|
|
|
8e0d43e |
bind_s, atoi(port_s));
|
|
|
8e0d43e |
exit(101);
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/src/core.h openca-ocspd-1.9.0.new/src/core.h
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/src/core.h 2009-06-08 19:24:05.000000000 +0200
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/src/core.h 2013-11-05 13:39:12.716332395 +0100
|
|
|
8e0d43e |
@@ -16,8 +16,8 @@
|
|
|
8e0d43e |
#include "general.h"
|
|
|
8e0d43e |
#include "ocsp_request.h"
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-int start_threaded_server ( char * bind_s, char * port_s, int nthreads,
|
|
|
8e0d43e |
- OCSPD_CONFIG * ocspd_conf );
|
|
|
8e0d43e |
+int start_threaded_server ( char * bind_s, char * port_s, int queue_len,
|
|
|
8e0d43e |
+ int nthreads, OCSPD_CONFIG * ocspd_conf );
|
|
|
8e0d43e |
int set_alrm_handler( void );
|
|
|
8e0d43e |
void close_server ( void );
|
|
|
8e0d43e |
void handle_sigterm ( int i );
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/src/general.h openca-ocspd-1.9.0.new/src/general.h
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/src/general.h 2009-06-08 19:25:19.000000000 +0200
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/src/general.h 2013-11-05 13:39:12.716332395 +0100
|
|
Patrick Monnerat |
f0797c6 |
@@ -85,24 +85,14 @@ char *strchr (), *strrchr ();
|
|
|
8e0d43e |
|
|
|
8e0d43e |
#include <openssl/ocsp.h>
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-#define HTTP_POST 0
|
|
|
8e0d43e |
-#define HTTP_GET 1
|
|
|
8e0d43e |
-#define HTTP_POST_METHOD "POST"
|
|
|
8e0d43e |
-#define HTTP_GET_METHOD "GET"
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
-#define OCSP_REQ_TYPE "application/ocsp-request"
|
|
|
8e0d43e |
-#define OCSP_RESP_TYPE "application/ocsp-response"
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
#define BASE_SECTION "ocspd"
|
|
|
8e0d43e |
#define CONFIG_FILE "ocspd.conf"
|
|
|
8e0d43e |
#define ENV_SECTION "conf_section"
|
|
|
8e0d43e |
|
|
|
8e0d43e |
#define ENV_DEFAULT_OCSPD "default_ocspd"
|
|
|
8e0d43e |
-#define ENV_DATABASE "db"
|
|
|
8e0d43e |
#define ENV_OCSPD_DBMS "dbms"
|
|
|
8e0d43e |
#define ENV_PRIVATE_KEY "ocspd_key"
|
|
|
8e0d43e |
#define ENV_CERTIFICATE "ocspd_certificate"
|
|
|
8e0d43e |
-#define ENV_CA_CERTIFICATE "ca_certificate"
|
|
|
8e0d43e |
#define ENV_OCSPD_PORT "port"
|
|
|
8e0d43e |
#define ENV_OCSPD_BIND "bind"
|
|
|
8e0d43e |
#define ENV_OCSPD_CHILD "threads_num"
|
|
Patrick Monnerat |
f0797c6 |
@@ -146,20 +136,6 @@ char *strchr (), *strrchr ();
|
|
|
8e0d43e |
#define OCSP_REQ_CONTENT_TYPE "application/ocsp-request"
|
|
|
8e0d43e |
#define OCSP_RESP_CONTENT_TYPE "application/ocsp-response"
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-#define DB_type 0
|
|
|
8e0d43e |
-#define DB_exp_date 1
|
|
|
8e0d43e |
-#define DB_rev_date 2
|
|
|
8e0d43e |
-#define DB_serial 3 /* index - unique */
|
|
|
8e0d43e |
-#define DB_file 4
|
|
|
8e0d43e |
-#define DB_name 5 /* index - unique for active */
|
|
|
8e0d43e |
-#define DB_NUMBER 6
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
-#define DB_TYPE_REV 'R'
|
|
|
8e0d43e |
-#define DB_TYPE_EXP 'E'
|
|
|
8e0d43e |
-#define DB_TYPE_VAL 'V'
|
|
|
8e0d43e |
-#define DB_TYPE_SUS 'S'
|
|
|
8e0d43e |
-#define DB_TYPE_UNK 'U'
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
#define FORMAT_UNDEF 0
|
|
|
8e0d43e |
#define FORMAT_ASN1 1
|
|
|
8e0d43e |
#define FORMAT_TEXT 2
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/src/ocspd.c openca-ocspd-1.9.0.new/src/ocspd.c
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/src/ocspd.c 2009-06-08 19:24:05.000000000 +0200
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/src/ocspd.c 2013-11-05 13:39:12.717332408 +0100
|
|
Patrick Monnerat |
f0797c6 |
@@ -72,7 +72,8 @@ static char *ocspd_usage[] = {
|
|
|
8e0d43e |
NULL
|
|
|
8e0d43e |
};
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-/* Staic variables */
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
+/* Static variables */
|
|
|
8e0d43e |
char *prgname = "ocspd";
|
|
|
8e0d43e |
char *version = VERSION;
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
@@ -94,6 +95,7 @@ int main ( int argc, char *argv[] ) {
|
|
|
8e0d43e |
char *max_timeout_s = NULL;
|
|
|
8e0d43e |
|
|
|
8e0d43e |
int child_num = 5;
|
|
|
8e0d43e |
+ int queue_len = 30;
|
|
|
8e0d43e |
int verbose = 0;
|
|
|
8e0d43e |
int debug = 0;
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
@@ -106,7 +108,6 @@ int main ( int argc, char *argv[] ) {
|
|
Patrick Monnerat |
94d50ff |
// char *keyfile = NULL;
|
|
|
8e0d43e |
char *configfile = NULL;
|
|
|
8e0d43e |
char *cert = NULL;
|
|
|
8e0d43e |
- char *cacert = NULL;
|
|
|
8e0d43e |
char **pp = NULL;
|
|
|
8e0d43e |
char *key = NULL;
|
|
|
8e0d43e |
char *passargin = NULL;
|
|
Patrick Monnerat |
f0797c6 |
@@ -448,36 +449,6 @@ bad:
|
|
|
8e0d43e |
}
|
|
|
8e0d43e |
|
|
|
8e0d43e |
/*****************************************************************/
|
|
|
8e0d43e |
- /* Load the CA certificate file */
|
|
|
8e0d43e |
- if ((cacert == NULL) && ((cacert=NCONF_get_string(ocspd_conf->conf,
|
|
|
8e0d43e |
- section,ENV_CA_CERTIFICATE)) == NULL))
|
|
|
8e0d43e |
- {
|
|
|
8e0d43e |
- lookup_fail(section,ENV_CA_CERTIFICATE);
|
|
|
8e0d43e |
- goto err;
|
|
|
8e0d43e |
- }
|
|
|
8e0d43e |
- if ( cacert ) {
|
|
|
8e0d43e |
- if( verbose )
|
|
|
8e0d43e |
- syslog(LOG_INFO,"reading CA certificate file.\n");
|
|
|
8e0d43e |
- if ((certf=BIO_new_file( cacert, "r")) == NULL) {
|
|
|
8e0d43e |
- syslog(LOG_ERR,"unable to open CA certificate file.\n");
|
|
|
8e0d43e |
- goto err;
|
|
|
8e0d43e |
- }
|
|
|
8e0d43e |
- if ((ocspd_conf->cacert = PEM_read_bio_X509(certf,NULL,NULL,NULL))
|
|
|
8e0d43e |
- ==NULL) {
|
|
|
8e0d43e |
- syslog(LOG_ERR,"cannot load CA certificate.\n");
|
|
|
8e0d43e |
- goto err;
|
|
|
8e0d43e |
- }
|
|
|
8e0d43e |
- BIO_free( certf );
|
|
|
8e0d43e |
- }
|
|
|
8e0d43e |
- if (ocspd_conf->cacert == NULL) {
|
|
|
8e0d43e |
- syslog(LOG_ERR,"unable to load CA certificate\n");
|
|
|
8e0d43e |
- goto err;
|
|
|
8e0d43e |
- }
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
- if(verbose)
|
|
|
8e0d43e |
- syslog(LOG_INFO,"OCSP Daemon setup completed");
|
|
|
8e0d43e |
-
|
|
|
8e0d43e |
- /*****************************************************************/
|
|
|
8e0d43e |
/* Let's get the digest */
|
|
|
8e0d43e |
if ((ocsp_digest_name == NULL) &&
|
|
|
8e0d43e |
((ocsp_digest_name=NCONF_get_string(ocspd_conf->conf,section,
|
|
Patrick Monnerat |
f0797c6 |
@@ -513,6 +484,15 @@ bad:
|
|
|
8e0d43e |
bind_s = "0.0.0.0";
|
|
|
8e0d43e |
}
|
|
|
8e0d43e |
|
|
|
8e0d43e |
+ /* Listen queue size */
|
|
|
8e0d43e |
+ if ((tmp_s = NCONF_get_string(ocspd_conf->conf,
|
|
|
8e0d43e |
+ section, ENV_OCSPD_QUEUE)) == NULL) {
|
|
|
8e0d43e |
+ if( verbose )
|
|
|
8e0d43e |
+ lookup_fail(section,ENV_OCSPD_QUEUE);
|
|
|
8e0d43e |
+ } else {
|
|
|
8e0d43e |
+ queue_len = atoi(tmp_s);
|
|
|
8e0d43e |
+ }
|
|
|
8e0d43e |
+
|
|
|
8e0d43e |
/* Number of child threads to be spawned */
|
|
|
8e0d43e |
if ((child_s == NULL) && ((child_s = NCONF_get_string(ocspd_conf->conf,
|
|
|
8e0d43e |
section, ENV_OCSPD_CHILD)) == NULL)) {
|
|
Patrick Monnerat |
f0797c6 |
@@ -751,7 +731,7 @@ bad:
|
|
Patrick Monnerat |
94d50ff |
writePid( ppid, pidfile );
|
|
|
8e0d43e |
}
|
|
|
8e0d43e |
|
|
|
8e0d43e |
- start_threaded_server( bind_s, port_s, child_num, ocspd_conf );
|
|
|
8e0d43e |
+ start_threaded_server(bind_s, port_s, queue_len, child_num, ocspd_conf);
|
|
|
8e0d43e |
|
|
|
8e0d43e |
goto end;
|
|
|
8e0d43e |
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/src/sock.c openca-ocspd-1.9.0.new/src/sock.c
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/src/sock.c 2009-06-08 19:24:05.000000000 +0200
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/src/sock.c 2013-11-05 13:39:12.717332408 +0100
|
|
Patrick Monnerat |
94d50ff |
@@ -20,12 +20,11 @@
|
|
|
8e0d43e |
#include "sock.h"
|
|
|
8e0d43e |
|
|
|
8e0d43e |
#define SERV_PORT 4567
|
|
|
8e0d43e |
-#define LISTENQ 30
|
|
|
8e0d43e |
|
|
|
8e0d43e |
extern int h_errno;
|
|
|
8e0d43e |
extern OCSPD_CONFIG *ocspd_conf;
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-int Listen (char *hostname, int port) {
|
|
|
8e0d43e |
+int Listen (char *hostname, int port, int queue_len) {
|
|
|
8e0d43e |
int fd, reuse_addr;
|
|
|
8e0d43e |
struct sockaddr_in servaddr;
|
|
|
8e0d43e |
struct hostent *ht = NULL;
|
|
Patrick Monnerat |
f0797c6 |
@@ -81,7 +80,7 @@ int Listen (char *hostname, int port) {
|
|
|
8e0d43e |
return(0);
|
|
|
8e0d43e |
};
|
|
|
8e0d43e |
|
|
|
8e0d43e |
- if( listen( fd, LISTENQ ) == -1 ) {
|
|
|
8e0d43e |
+ if (listen(fd, queue_len) == -1) {
|
|
|
8e0d43e |
syslog(LOG_ERR, "FATAL ERROR::Listen::%s",
|
|
|
8e0d43e |
strerror( errno ));
|
|
|
8e0d43e |
return(0);
|
|
Patrick Monnerat |
f0797c6 |
diff -Naurp openca-ocspd-1.9.0.orig/src/sock.h openca-ocspd-1.9.0.new/src/sock.h
|
|
Patrick Monnerat |
f0797c6 |
--- openca-ocspd-1.9.0.orig/src/sock.h 2009-06-08 19:24:05.000000000 +0200
|
|
Patrick Monnerat |
f0797c6 |
+++ openca-ocspd-1.9.0.new/src/sock.h 2013-11-05 13:39:12.717332408 +0100
|
|
|
8e0d43e |
@@ -8,7 +8,7 @@
|
|
|
8e0d43e |
|
|
|
8e0d43e |
/* Socket Wrapping functions */
|
|
|
8e0d43e |
|
|
|
8e0d43e |
-int Listen (char *hostname, int port);
|
|
|
8e0d43e |
+int Listen (char *hostname, int port, int queue_len);
|
|
|
8e0d43e |
// int Accept (int sock, int *c_sock);
|
|
|
8e0d43e |
int Accept (int listen_sockfd, SA *cliaddr, socklen_t *addrlenp);
|
|
|
8e0d43e |
ssize_t Read (int fd, void *bufptr, size_t nbytes);
|