From 87998f80e7d05e0ad846bcf5152e4d5065dde49b Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 7 Mar 2020 13:26:56 +0200 Subject: [PATCH] HS 2.0 server: Allow OCSP responder to continue running after errors By default, 'openssl ocsp' exits upon receiving a malformed request. That's not really ideal for a server, so configure openssl to not do that and instead, continue running to process other requests. Signed-off-by: Jouni Malinen --- hs20/server/ca/ocsp-responder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hs20/server/ca/ocsp-responder.sh b/hs20/server/ca/ocsp-responder.sh index 8cebd7453..620947d01 100755 --- a/hs20/server/ca/ocsp-responder.sh +++ b/hs20/server/ca/ocsp-responder.sh @@ -1,3 +1,3 @@ #!/bin/sh -openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text +openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text -ignore_err