xref: /third_party/openssl/apps/cmp.c

82 /* server authentication */
165 /* mock server */
349      "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"},
351     {"server", OPT_SERVER, 's',
352      "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."},
365      "HTTP path (aka CMP alias) at the CMP server. Default from -server, else \"/\""},
447      "Client's TLS certificate. May include chain to be provided to TLS server"},
453      "Extra certificates to provide to TLS server during TLS handshake"},
455      "Trusted certificates to use for verifying the TLS server certificate;"},
458      "Address to be checked (rather than -server) during TLS host name validation"},
467      "Take sequence of CMP requests to send to server from file(s)"},
473      "Process sequence of CMP responses provided in file(s), skipping server"},
478      "Use internal mock server at API level, bypassing socket-based HTTP"},
480     OPT_SECTION("Mock server"),
486      "Act as HTTP-based mock server listening on given port"},
488      "max number of messages handled by HTTP mock server. Default: 0 = unlimited"},
492      "Reference value to use as senderKID of server in case no -srv_cert is given"},
494      "Password source for server authentication with a pre-shared key (secret)"},
495     {"srv_cert", OPT_SRV_CERT, 's', "Certificate of the server"},
497      "Private key used by the server for signing messages"},
519      "PKIStatus to be included in server response. Possible values: 0..6"},
521      "A single failure info bit number to include in server response, 0..26"},
523      "Number representing failure bits to include in server response, 0..2^27 - 1"},
525      "Status string to be included in server response"},
527      "Force server to reply with error message"},
531      "In case of negative responses, server shall send unprotected error messages,"},
808          * In this case the server may complain "Transaction id already in use."
816          * Except for first request, need to satisfy recipNonce check by server.
830                 CMP_warn("too few -rspin filename arguments; resorting to using mock server");
835                 CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments");
839                 CMP_warn("too few -rspin filename arguments; resorting to contacting server");
842             CMP_err("-server not supported on no-sock build; missing -use_mock_srv option or too few -rspin filename arguments");
1022     OSSL_CMP_CTX *ctx; /* extra CMP (client) ctx partly used by server */
1033             CMP_err("must give -srv_ref for mock server if no -srv_cert given");
1044         char *pass_str = get_passwd(opt_srv_secret, "PBMAC secret of mock server");
1055         CMP_err("server credentials (-srv_secret or -srv_cert) must be given if -use_mock_srv or -port is used");
1058         CMP_warn("server will not be able to handle PBM-protected requests since -srv_secret is not given");
1068                                        "certificate of the mock server");
1079                                       engine, "private key for mock server cert");
1091             load_trusted(opt_srv_trusted, 0, "certs trusted by mock server");
1098         CMP_warn("mock server will not be able to handle signature-protected requests since -srv_trusted is not given");
1101                      "untrusted certificates for mock server", ctx,
1106         CMP_warn("no -rsp_cert given for mock server");
1109                                    "cert to be returned by the mock server");
1113         /* from server perspective the server is the client */
1121                      "CMP extra certificates for mock server", srv_ctx,
1124     if (!setup_certs(opt_rsp_capubs, "caPubs for mock server", srv_ctx,
1197                                     "directly trusted CMP server certificate");
1288          * the chain to be provided with the TLS client cert to the TLS server.
1382         /* enable and parameterize server hostname/IP address check */
1448         CMP_warn("will not authenticate server due to missing -secret, -trusted, or -srvcert");
1854     char server_buf[200] = "mock server";
1860             CMP_err("missing -server or -use_mock_srv or -rspin option");
1864         CMP_err("missing -use_mock_srv or -rspin option; -server option is not supported due to no-sock build");
1871             CMP_warn("ignoring -proxy option since -server is not given");
1873             CMP_warn("ignoring -no_proxy option since -server is not given");
1875             CMP_warn("ignoring -tls_used option since -server is not given");
1882         CMP_err1("cannot parse -server URL: %s", opt_server);
1886         CMP_err("missing -tls_used option since -server URL indicates https");
1975         info->server = host;
2764     const char *from = "", *server = "";
2769         server = opt_server;
2779               status == OSSL_CMP_PKISTATUS_rejection ? "server error" :
2781               : "warning", "received%s%s %s", from, server,
2903             CMP_err("The -port option excludes -server and -use_mock_srv");
2916         CMP_err("cannot use both -server and -use_mock_srv options");
2941         CMP_warn("ignoring -tls_used option since -use_mock_srv is given or -server is not given");
2945     if (opt_port != NULL) { /* act as very basic CMP HTTP server */
2950     /* act as CMP client, possibly using internal mock server */
2954             CMP_warn("-server option is not used if enough filenames given for -rspin");
3070             OPENSSL_free((char *)info->server);

Indexes created Thu Nov 07 10:32:03 CST 2024