std::string serialPath;
std::string crlPrefix;
std::string crtPrefix;
+std::string ocspPath;
std::shared_ptr<std::unordered_map<std::string, std::string>> parseConf( std::string path ) {
auto map = std::make_shared<std::unordered_map<std::string, std::string>>();
crlPrefix = masterConf->at( "crlPrefix" );
crtPrefix = masterConf->at( "crtPrefix" );
+ auto ocspPathEntry = masterConf->find( "ocsp.path" );
+
+ if( ocspPathEntry == masterConf->end() ) {
+ ocspPath = "";
+ } else {
+ ocspPath = ocspPathEntry->second;
+ }
+
if( keyDir == "" ) {
logger::error( "Missing config property key.directory" );
return -1;
throw std::runtime_error( "memerr" );
}
+extern std::string ocspPath;
+
void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::shared_ptr<SAN>>& sans, Profile& prof, std::string crlURL, std::string crtURL ) {
add_ext( caCert, target, NID_basic_constraints, "critical,CA:FALSE" );
add_ext( caCert, target, NID_subject_key_identifier, "hash" );
std::string ku = std::string( "critical," ) + prof.ku;
add_ext( caCert, target, NID_key_usage, ku.c_str() );
add_ext( caCert, target, NID_ext_key_usage, prof.eku.c_str() );
- add_ext( caCert, target, NID_info_access, ( "OCSP;URI:http://ocsp.cacert.org,caIssuers;URI:" + crtURL ).c_str() );
+ add_ext( caCert, target, NID_info_access, ( ( ocspPath.empty() ? "" : "OCSP;URI:" + ocspPath + "," ) + "caIssuers;URI:" + crtURL ).c_str() );
add_ext( caCert, target, NID_crl_distribution_points, ( "URI:" + crlURL ).c_str() );
if( sans.empty() ) {
projects / cassiopeia.git / commitdiff