2026-02-10 00:37:00 +08:00 · 2013-03-05 01:42:25 +01:00
parent 8ffe2f9d26
commit 6c54a37e69
6 changed files with 19 additions and 2 deletions
							
							
								
							
							
						
@@ -144,6 +144,7 @@ unsigned j;
	READ_NUMERIC("dpd", config->dpd, 0);
	READ_NUMERIC("rate-limit-ms", config->rate_limit_ms, 10);
	READ_STRING("ocsp-response", config->cert, 0);
	READ_STRING("server-cert", config->cert, 1);
	READ_STRING("server-key", config->key, 1);
	READ_STRING("pin-file", config->pin_file, 0);
							
								
							
							
								
							
							
						
@@ -326,6 +327,7 @@ unsigned i;
	DEL(config->xml_config_hash);
	DEL(config->cert_hash);
#endif
	DEL(config->ocsp_response);
	DEL(config->banner);
	DEL(config->name);
	DEL(config->cert);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -2,7 +2,7 @@
 *  
 *  DO NOT EDIT THIS FILE   (ocserv-args.c)
 *  
 *  It has been AutoGen-ed  March  4, 2013 at 08:45:35 PM by AutoGen 5.16
 *  It has been AutoGen-ed  March  5, 2013 at 01:41:50 AM by AutoGen 5.16
 *  From the definitions    ocserv-args.def
 *  and the template file   options
 *
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -118,6 +118,15 @@ try-mtu-discovery = false
server-cert = /path/to/cert.pem
server-key = /path/to/key.pem
# If you have a certificate from a CA that provides an OCSP
# service you may provide a fresh OCSP status response within
# the TLS handshake. That will prevent the client from connecting
# independently on the OCSP server.
# You can update this response periodically using:
# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
# Make sure that you replace the following file in an atomic way.
#ocsp-response = /path/to/ocsp.der
# In case PKCS #11 or TPM keys are used the PINs should be available
# in files. The srk-pin-file is applicable to TPM keys only, and is the 
# storage root key.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -2,7 +2,7 @@
 *  
 *  DO NOT EDIT THIS FILE   (ocserv-args.h)
 *  
 *  It has been AutoGen-ed  March  4, 2013 at 08:45:35 PM by AutoGen 5.16
 *  It has been AutoGen-ed  March  5, 2013 at 01:41:50 AM by AutoGen 5.16
 *  From the definitions    ocserv-args.def
 *  and the template file   options
 *
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -427,6 +427,11 @@ const char* perr;
		mslog(s, NULL, LOG_ERR, "error in TLS priority string: %s\n", perr);
	GNUTLS_FATAL_ERR(ret);
	
	if (s->config->ocsp_response != NULL) {
		ret = gnutls_certificate_set_ocsp_status_request_file(s->creds.xcred,
			s->config->ocsp_response, 0);
		GNUTLS_FATAL_ERR(ret);
	}
	
	return;
}
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -71,6 +71,7 @@ struct cfg_st {
	char *priorities;
	char *chroot_dir;	/* where the xml files are served from */
	char *banner;
	char *ocsp_response; /* file with the OCSP response */
	time_t cookie_validity;	/* in seconds */
	time_t min_reauth_time;	/* after a failed auth, how soon one can reauthenticate -> in seconds */
	unsigned auth_timeout; /* timeout of HTTP auth */