summaryrefslogtreecommitdiffstats
path: root/src/tool/server.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/tool/server.cc')
-rw-r--r--src/tool/server.cc50
1 files changed, 50 insertions, 0 deletions
diff --git a/src/tool/server.cc b/src/tool/server.cc
index 164d6a5..abc71cf 100644
--- a/src/tool/server.cc
+++ b/src/tool/server.cc
@@ -35,10 +35,54 @@ static const struct argument kArguments[] = {
"Private-key file to use (default is server.pem)",
},
{
+ "-ocsp-response", kOptionalArgument,
+ "OCSP response file to send",
+ },
+ {
"", kOptionalArgument, "",
},
};
+static bool LoadOCSPResponse(SSL_CTX *ctx, const char *filename) {
+ void *data = NULL;
+ bool ret = false;
+ size_t bytes_read;
+ long length;
+
+ FILE *f = fopen(filename, "rb");
+
+ if (f == NULL ||
+ fseek(f, 0, SEEK_END) != 0) {
+ goto out;
+ }
+
+ length = ftell(f);
+ if (length < 0) {
+ goto out;
+ }
+
+ data = malloc(length);
+ if (data == NULL) {
+ goto out;
+ }
+ rewind(f);
+
+ bytes_read = fread(data, 1, length, f);
+ if (ferror(f) != 0 ||
+ bytes_read != (size_t)length ||
+ !SSL_CTX_set_ocsp_response(ctx, (uint8_t*)data, bytes_read)) {
+ goto out;
+ }
+
+ ret = true;
+out:
+ if (f != NULL) {
+ fclose(f);
+ }
+ free(data);
+ return ret;
+}
+
bool Server(const std::vector<std::string> &args) {
if (!InitSocketLibrary()) {
return false;
@@ -74,6 +118,12 @@ bool Server(const std::vector<std::string> &args) {
return false;
}
+ if (args_map.count("-ocsp-response") != 0 &&
+ !LoadOCSPResponse(ctx, args_map["-ocsp-response"].c_str())) {
+ fprintf(stderr, "Failed to load OCSP response: %s\n", args_map["-ocsp-response"].c_str());
+ return false;
+ }
+
int sock = -1;
if (!Accept(&sock, args_map["-accept"])) {
return false;