Created first Git repository for OpenCA's OCSPD

openca · Jul 28, 2014 · f5a9256 · f5a9256
commit f5a9256
Show file tree

Hide file tree

Showing 87 changed files with 52,513 additions and 0 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -0,0 +1,17 @@
+Project Author(s):
+	Massimiliano Pala <madwolf@openca.org>
+
+Project Contributor(s):
+	Many thanks go to the people of the OpenSSL project from where
+	some of the used code comes from. Many thanks to all of them,
+	now and forever.
+
+	Additional contribution (in no particular order) from:
+	* Sergei Vyshenski
+	* Julia Dubenskaya
+	* David A. Cooper
+
+Project Alpha and Beta Tester(s) (in no particular order):
+	* Maselli Giovanni Francesco
+	* Guillaume Tamboise
+	* Apu Kapadia
diff --git a/COPYING b/COPYING
@@ -0,0 +1,59 @@
+====================================================================
+            OpenCA OCSPD daemon - Open Source Project
+        (c) 1999-2009 by OpenCA Labs and Massimilian Pala
+                      All Rights Reserved
+====================================================================
+
+ This software have been released under an Apache-style licence.
+
+ This software consists of voluntary contributions made by many
+ individuals on behalf of the OpenCA Labs. For more information
+ on the OpenCA Team and the OpenCA Project please refer to
+ <http://www.OpenCA.org/>.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer. 
+
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+
+ 3. All advertising materials mentioning features or use of this
+    software must display the following acknowledgment:
+    "This product includes software developed by the OpenCA Labs
+    for use in the OpenCA project (http://www.OpenCA.org/)."
+
+ 4. The names "OpenCA" and "OpenCA Labs" must not be used to
+    endorse or promote products derived from this software without
+    prior written permission. For written permission, please contact
+    madwolf@openca.org.
+
+ 5. Products derived from this software may not be called "OpenCA"
+    nor may "OpenCA" appear in their names without prior written
+    permission of the OpenCA Labs.
+
+ 6. Redistributions of any form whatsoever must retain the following
+    acknowledgment:
+
+       "This product includes software developed by Massimiliano
+        Pala and the OpenCA Labs for use in the OpenCA project
+        (http://www.openca.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY THE OPENCA TEAM ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OPENCA TEAM OR
+ ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/ChangeLog b/ChangeLog
@@ -0,0 +1,198 @@
+* May 10 2014 Massimiliano Pala <madwolf@openca.org>
+- Fixed issue with generating responses with hardware tokens
+- Updated support for LibPKI 0.8.5+
+
+* Oct 07 2013 Massimiliano Pala <madwolf@openca.org>
+- Fixed ocsp-genreq.sh script to correctly handle signing algorithm
+
+* Oct 07 2013 Massimiliano Pala <madwolf@openca.org>
+- Updated support for libpki 0.8.2
+- Added extra checks option for the configure (--enable-extra-checks)
+- Fixed all reported warnings
+
+* Sep 24 2013 Massimiliano Pala <madwolf@openca.org>
+- Fixed using ca-specific OCSPD server certificate (option was ignored)
+- Updated support for libpki 0.8.2 to fix HTTP GET method support
+- Updated configure.in to configure.ac script
+
+* Aug 07 2013 Massimiliano Pala <madwolf@openca.org>
+- Updated API for using OCSPD with libpki 0.8.0
+- Added signatureDigestAlgorithm option in ocspd.xml config file to force signing digest algoritm
+
+* Jun 13 2013 Massimiliano Pala <madwolf@openca.org>
+- Updated API for using OCSPD with libpki 0.7.0+
+- Improved logging for startup sequence (better report of errors during token loading)
+
+* Jul 21 2011 Massimiliano Pala <madwolf@openca.org>
+-Fixed a memory issue related to inappropriate usage of syslog() instead of
+PKI_log()
+
+* Mar 15 2011 Massimiliano Pala <madwolf@openca.org>
+-Added '-testmode' switch to set the OCSP as a test responder: all signatures are invalidated by flipping the first bit in the signature
+
+* Feb 10 2011 Massimiliano Pala <madwolf@openca.org>
+-Updated default configuration files (default passin set to none)
+-Enhanced support for ECDSA support
+
+* Feb  9 2011 Massimiliano Pala <madwolf@openca.org>
+-Updated thread management with builtin support from LibPKI 0.6.3
+-Fixed start/stop script
+-Added new method for token configuration passin -> none to avoid password
+promptin at startup
+
+* Feb  9 2011 Massimiliano Pala <madwolf@openca.org>
+-Fixed a memory error in config.c causing segfault on CRL reload
+-Set new requirements for libpki (0.6.3+)
+
+* Jan 22 2011 Massimiliano Pala <madwolf@openca.org>
+-Deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer)
+
+* Jan 14 2011 Massimiliano Pala <madwolf@openca.org>
+-Fixed an error in return code check for PKI_NET_listen.
+-Due to bug fixing in Libpki, new Requirements for libpki is v0.6.2+
+-Fixed error in config parsing when no bind address is provided
+
+* Nov 17 2010 Massimiliano Pala <madwolf@openca.org>
+-Small bug fixing
+-Tested with libpki v0.6.0
+
+* Oct 23 2010 Massimiliano Pala <madwolf@openca.org>
+-Fixed support for libpki 0.5.1
+-Fixed some errors in init scripts and default configuration files
+
+* Jun 22 2010 Massimiliano Pala <madwolf@openca.org>
+-Fixed support for LibPKI 0.5.0
+-Fixed thread-scheduling issues
+-Finished support for HTTP GET method
+-Initial support for server-side SSL support
+-Fixed certificate request script
+-Fixed default configuration options and startup script
+
+* Sep  7 2009 Massimiliano Pala <madwolf@openca.org>
+- Full support for LibPKI (4.0+)
+- Updated configuration files to XML format
+- Started to add support for GET HTTP method
+
+* Sep 03 2009 Massimiliano Pala <madwolf@openca.org>
+- Initial support for LibPKI
+- Changed configuration files (added token.d/ hsm.d/ private/ dirs)
+- Added ocspd.xml config file
+- Added separate configuration files for different CAs (in ca.d/ dir)
+
+* Dec 17 2008 Massimiliano Pala <madwolf@openca.org>
+- Fixed thread problem with OpenSSL
+- Fixed compatibilities with Java 1.6.0
+
+* Dec  3 2006 Massimiliano Pala <madwolf@openca.org>
+-Added exit message on stderr when server aborts during startup (useful
+for interactive startup of the server)
+-Added support for HTTP/1.1 "Host: <addr>" header when making HTTP
+requests in order to get data via HTTP protocol
+
+* Sun Oct 15 2006 Massimiliano Pala <madwolf@openca.org>
+-Fixed HTTP HEADERS parsing problem
+-Tested behind an Apache Proxy
+-Added '-debug' startup option to output the HTTP head and additional
+informations to be pushed to stderr
+
+* Fri Oct 13 2006 Massimiliano Pala <madwolf@openca.org>
+-Completely changed the codebase in order to use threads instead
+of fork().
+-Fixed compilation under Solaris (SunOS 5.11)
+-Added chroot() capabilities
+-Added options to set the number of threads to be pre-spawned
+-Fixed Socket creation under Solaris (Accept)
+-Moved from BIO_* interface to pure socket implementation for
+better Network options management
+
+* Tue Jul 18 2006 Massimiliano Pala <madwolf@openca.org>
+-Removed required index file option in the configuration file (was not
+used)
+
+* Mon Apr 24 2006 Massimiliano Pala <madwolf@openca.org>
+-Fixed invalidity date problem (no more empty ext added to responses)
+-Added log reporting of returned status about a response when the
+verbose switch is used (before it was enabled only in DEBUG mode)
+
+* Mon Dec 19 2005 Massimiliano Pala <madwolf@openca.org>
+-Added chroot facility to enhance server security
+
+* Thu Nov  3 2005 Massimiliano Pala <madwolf@openca.org>
+-Fixed compile against OpenSSL 0.9.8a
+-Fixed HTTP downloading routines for CRLs and CA certs
+-Fixed Solaris Port for Signal Handling on CRLs check and reloading
+
+* Thu Oct 20 2005 Massimiliano Pala <madwolf@openca.org>
+-Added extra checking on initialization of variables to avoid errors
+for ldap/http address parsing and usage
+
+* Thu Oct  6 2005 Massimiliano Pala <madwolf@openca.org>
+-Fixed variables init (for Solaris) and code cleanup
+
+* Mon Aug 29 2005 Massimiliano Pala <madwolf@openca.org>
+-Added 3rd header in response to solve a CiscoIOS problem
+
+* Wed Jun  1 2005 Massimiliano Pala <madwolf@openca.org>
+-Modified the privilege management to allow for the server to run on
+ports < 1024 under not privileged user/group
+-Fixed some Solaris signal-handling definitions
+
+* Thu Apr 28 2005 Massimiliano Pala <madwolf@openca.org>
+-Fixed RPM installation of man pages
+
+* Tue Apr 19 2005 Massimiliano Pala <madwolf@openca.org>
+-Spec file updated
+-Man pages updated with new configuration options
+-Fixed child re-spawning when HSM is active
+-Added support for CA/CRL downloading via HTTP
+
+* Fri Jan 28 2005 Massimiliano Pala <madwolf@openca.org>
+-Fixed SIGHUP problem when auto_crl_reload was enabled
+-Fixed Solaris include for flock usage instead of semaphores
+-Added --enable-flock and --enable-semaphores in configure script
+
+* Tue Jan 18 2005 Massimiliano Pala <madwolf@openca.org>
+-Fixed bug for nextUpdate and lastUpdate fields setting when reloading
+CRLs.
+-Added CA certificate loading from LDAP.
+-Added multiple CA certificate from the same cACertificate entry in LDAP.
+-Fixed Solaris putenv issues in configure.c
+-Added OS architecture specific targes in makefiles
+
+* Wed May 19 2004 Massimiliano Pala <madwolf@openca.org>
+-First support for new data structure for CRL lookup and multi CAs
+support (not working now)
+-Fixed configure.in for correct generation of config.h
+-Fixed configure.in for openldap ld options (for non-standard directories)
+
+* Mon May 17 2004 Massimiliano Pala <madwolf@openca.org>
+-Fixed compilation problems on Solaris
+-Added support for exclusion of ldap usage (--disable-openldap)
+-Added support for openldap directory specification
+-Fixed signal handling and correct children death
+-Added pre-spawning of processes()
+
+* Thu May 13 2004 Massimiliano Pala <madwolf@openca.org>
+-Fixed miscreation of responses when certificate is revoked
+-Fixed crl loading checking (segmentation fault on loading fixed)
+
+* Fri Jan 17 2003 Massimiliano Pala <madwolf@openca.org>
+-Correclty lookup using loaded CRL
+-Added extensions management from CRL to OCSP response
+
+* Mon Jan 13 2003 Massimiliano Pala <madwolf@openca.org>
+-Updated the sample (contrib/) configuration file
+-Added CRL retrivial from LDAP server
+-Added LDAP support (needs OpenLDAP libraries)
+-Added CRL retrivial from file
+
+* Oct 16 2002 Massimiliano Pala <madwolf@openca.org>
+-Added multi child spawning (max_childs_num)
+-Fixed zombi child presence
+
+* Feb 25 2002 Massimiliano Pala <madwolf@openca.org>
+-Fixed response generation
+-Added verbose information to syslog
+-Support for the index.txt db file
+-Addedd response generation related keywords in the configuration
+file