}
send( conn, head, RecordHeader::SignerCommand::SET_SIGNATURE_TYPE, cert->md );
- send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, cert->profile );
+
+ if( !cert->ocspCA.empty() ) {
+ send( conn, head, RecordHeader::SignerCommand::SET_OCSP_TARGET_CA, cert->ocspCA );
+ } else {
+ send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, cert->profile );
+ }
+
send( conn, head, RecordHeader::SignerCommand::SET_WISH_FROM, cert->wishFrom );
send( conn, head, RecordHeader::SignerCommand::SET_WISH_TO, cert->wishTo );
- for( auto &ava : cert->AVAs ) {
+ for( auto& ava : cert->AVAs ) {
if( ava->name.find( "," ) != std::string::npos ) {
// invalid ava
return nullptr;
send( conn, head, RecordHeader::SignerCommand::ADD_AVA, ava->name + "," + ava->value );
}
- for( auto &san : cert->SANs ) {
+ for( auto& san : cert->SANs ) {
if( san->type.find( "," ) != std::string::npos ) {
// invalid ava
return nullptr;
RecordHeader head;
std::string payload = parseCommandChunked( head, conn );
- switch( static_cast<RecordHeader::SignerResult>( head.command )) {
+ switch( static_cast<RecordHeader::SignerResult>( head.command ) ) {
case RecordHeader::SignerResult::CERTIFICATE:
result->certificate = payload;
break;
if( result ) {
std::shared_ptr<BIO> bios( BIO_new( BIO_s_mem() ), BIO_free );
- const char* buf = result->certificate.data();
+ const char *buf = result->certificate.data();
unsigned int len = result->certificate.size();
while( len > 0 ) {
int dlen = BIO_write( bios.get(), buf, len );
if( dlen <= 0 ) {
- throw std::runtime_error("Memory error.");
+ throw std::runtime_error( "Memory error." );
}
len -= dlen;
std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ), X509_free );
if( !pem ) {
- throw std::runtime_error("Pem was not readable");
+ throw std::runtime_error( "Pem was not readable" );
}
- std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber(pem.get()), NULL), BN_free );
- std::shared_ptr<char> serStr(
- BN_bn2hex( ser.get() ),
- []( char* p ) {
- OPENSSL_free( p );
- } ); // OPENSSL_free is a macro...
+ std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber( pem.get() ), NULL ), BN_free );
+ auto freeMem = []( char *p ) {
+ OPENSSL_free( p );
+ }; // OPENSSL_free is a macro...
+ std::shared_ptr<char> serStr( BN_bn2hex( ser.get() ), freeMem );
extractTimes( pem, result );
}
logger::note( "Closing SSL connection" );
+
if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
logger::warn( "SSL shutdown failed" );
}
+
logger::note( "SSL connection closed" );
return result;
head.flags = 0;
head.sessid = 13;
- for( auto &serial : serials ) {
+ for( auto& serial : serials ) {
send( conn, head, RecordHeader::SignerCommand::ADD_SERIAL, serial );
}
std::string date;
if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::REVOKED ) {
- throw std::runtime_error("Protocol violation");
+ throw std::runtime_error( "Protocol violation" );
}
- const unsigned char* buffer2 = reinterpret_cast<const unsigned char*>( payload.data() );
- const unsigned char* pos = buffer2;
- ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
+ const unsigned char *buffer2 = reinterpret_cast<const unsigned char *>( payload.data() );
+ const unsigned char *pos = buffer2;
+ ASN1_TIME *time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
ASN1_TIME_free( time );
date = payload.substr( 0, pos - buffer2 );
std::string rest = payload.substr( pos - buffer2 );
- for( std::string &serial : serials ) {
+ for( std::string& serial : serials ) {
crl->revoke( serial, date );
}
payload = parseCommandChunked( head, conn );
if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::FULL_CRL ) {
- throw std::runtime_error("Protocol violation");
+ throw std::runtime_error( "Protocol violation" );
}
std::string name_bak = ca->path + std::string( "/ca.crl.bak" );
crl = std::make_shared<CRL>( name_bak );
if( crl->verify( ca ) ) {
- if( rename( name_bak.c_str(), tgtName.c_str() ) != 0 ){
+ if( rename( name_bak.c_str(), tgtName.c_str() ) != 0 ) {
logger::warn( "Moving new CRL over old CRL failed" );
}
+
logger::note( "CRL is now valid again" );
} else {
logger::warn( "CRL is still broken... Please, help me" );
}
logger::note( "Closing SSL connection" );
+
if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
logger::warn( "SSL shutdown failed" );
}
+
logger::note( "SSL connection closed" );
return { crl, date };