--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openca-ocspd/patches/001-1114efa9e9ac249bcd73b4d541529eb9c03cfd2b.patch Wed Jul 06 18:46:13 2016 -0700
@@ -0,0 +1,1007 @@
+Patch taken directly from upstream GIT repository.
+Version 3.1.2 of openca-ocspd has not been released, yet.
+
+Solaris 12 Userland has the build infrastructure to fetch
+sources from SCM repository based on a particular changeset id.
+Solaris 11.3 lacks such infrastructure and allows to download only
+tarballs. This patch adds on the last released source tarball
+with version 3.1.1 to get the same functionality as present
+in Solaris 12.
+
+Once version 3.1.2 is released, simply delete this patch.
+
+
+
+From 1114efa9e9ac249bcd73b4d541529eb9c03cfd2b Mon Sep 17 00:00:00 2001
+From: "Dr. Massimiliano Pala" <[email protected]>
+Date: Wed, 25 Mar 2015 18:57:52 -0500
+Subject: [PATCH] Added responderIdType option for CA configs. Removed unused
+ addResponderId config options for the responder.
+
+---
+ Makefile.in | 15 ++-
+ aclocal.m4 | 154 +++++++++++++++++++-------
+ configure | 251 +++++++++++++++++++------------------------
+ configure.ac | 4 +-
+ docs/Makefile.in | 2 +-
+ etc/Makefile.in | 2 +-
+ etc/ca.d/collegeca.xml | 6 ++
+ etc/ca.d/self-certs.xml | 6 ++
+ etc/ocspd.xml.in | 3 -
+ src/Makefile.in | 2 +-
+ src/ocspd/Makefile.in | 6 +-
+ src/ocspd/config.c | 49 ++++++---
+ src/ocspd/includes/general.h | 67 ++++++------
+ src/ocspd/response.c | 14 ++-
+ 14 files changed, 340 insertions(+), 241 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index d85a181..a82f2f7 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -493,8 +493,8 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ $(am__aclocal_m4_deps):
+
+ src/ocspd/includes/config.h: src/ocspd/includes/stamp-h1
+- @if test ! -f $@; then rm -f src/ocspd/includes/stamp-h1; else :; fi
+- @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) src/ocspd/includes/stamp-h1; else :; fi
++ @test -f $@ || rm -f src/ocspd/includes/stamp-h1
++ @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) src/ocspd/includes/stamp-h1
+
+ src/ocspd/includes/stamp-h1: $(top_srcdir)/src/ocspd/includes/config.h.in $(top_builddir)/config.status
+ @rm -f src/ocspd/includes/stamp-h1
+@@ -773,10 +773,16 @@ dist-xz: distdir
+ $(am__post_remove_distdir)
+
+ dist-tarZ: distdir
++ @echo WARNING: "Support for shar distribution archives is" \
++ "deprecated." >&2
++ @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__post_remove_distdir)
+
+ dist-shar: distdir
++ @echo WARNING: "Support for distribution archives compressed with" \
++ "legacy program 'compress' is deprecated." >&2
++ @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__post_remove_distdir)
+
+@@ -818,9 +824,10 @@ distcheck: dist
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
+- && ../configure --srcdir=.. --prefix="$$dc_install_base" \
++ && ../configure \
+ $(AM_DISTCHECK_CONFIGURE_FLAGS) \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
++ --srcdir=.. --prefix="$$dc_install_base" \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+diff --git a/aclocal.m4 b/aclocal.m4
+index f5e37ea..0af6916 100644
+--- a/aclocal.m4
++++ b/aclocal.m4
+@@ -1,4 +1,4 @@
+-# generated automatically by aclocal 1.13.4 -*- Autoconf -*-
++# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
+
+ # Copyright (C) 1996-2013 Free Software Foundation, Inc.
+
+@@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
+ # generated from the m4 files accompanying Automake X.Y.
+ # (This private macro should not be called outside this file.)
+ AC_DEFUN([AM_AUTOMAKE_VERSION],
+-[am__api_version='1.13'
++[am__api_version='1.14'
+ dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+ dnl require some minimum version. Point them to the right macro.
+-m4_if([$1], [1.13.4], [],
++m4_if([$1], [1.14.1], [],
+ [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+ ])
+
+@@ -51,7 +51,7 @@ m4_define([_AM_AUTOCONF_VERSION], [])
+ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+ # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+ AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+-[AM_AUTOMAKE_VERSION([1.13.4])dnl
++[AM_AUTOMAKE_VERSION([1.14.1])dnl
+ m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+@@ -418,6 +418,12 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+ # This macro actually does too much. Some checks are only needed if
+ # your package does certain things. But this isn't really a big deal.
+
++dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O.
++m4_define([AC_PROG_CC],
++m4_defn([AC_PROG_CC])
++[_AM_PROG_CC_C_O
++])
++
+ # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+ # AM_INIT_AUTOMAKE([OPTIONS])
+ # -----------------------------------------------
+@@ -526,7 +532,48 @@ dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below.
+ AC_CONFIG_COMMANDS_PRE(dnl
+ [m4_provide_if([_AM_COMPILER_EXEEXT],
+ [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+-])
++
++# POSIX will say in a future version that running "rm -f" with no argument
++# is OK; and we want to be able to make that assumption in our Makefile
++# recipes. So use an aggressive probe to check that the usage we want is
++# actually supported "in the wild" to an acceptable degree.
++# See automake bug#10828.
++# To make any issue more visible, cause the running configure to be aborted
++# by default if the 'rm' program in use doesn't match our expectations; the
++# user can still override this though.
++if rm -f && rm -fr && rm -rf; then : OK; else
++ cat >&2 <<'END'
++Oops!
++
++Your 'rm' program seems unable to run without file operands specified
++on the command line, even when the '-f' option is present. This is contrary
++to the behaviour of most rm programs out there, and not conforming with
++the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
++
++Please tell [email protected] about your system, including the value
++of your $PATH and any error possibly output before this message. This
++can help us improve future automake versions.
++
++END
++ if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
++ echo 'Configuration will proceed anyway, since you have set the' >&2
++ echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
++ echo >&2
++ else
++ cat >&2 <<'END'
++Aborting the configuration process, to ensure you take notice of the issue.
++
++You can download and install GNU coreutils to get an 'rm' implementation
++that behaves properly: <http://www.gnu.org/software/coreutils/>.
++
++If you want to complete the configuration process using your problematic
++'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
++to "yes", and re-run configure.
++
++END
++ AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
++ fi
++fi])
+
+ dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
+ dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+@@ -534,7 +581,6 @@ dnl mangled by Autoconf and run in a shell conditional statement.
+ m4_define([_AC_COMPILER_EXEEXT],
+ m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+-
+ # When config.status generates a header, we must update the stamp-h file.
+ # This file resides in the same directory as the config header
+ # that is generated. The stamp files are numbered to have different names.
+@@ -682,38 +728,6 @@ AC_MSG_RESULT([$_am_result])
+ rm -f confinc confmf
+ ])
+
+-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+-#
+-# This file is free software; the Free Software Foundation
+-# gives unlimited permission to copy and/or distribute it,
+-# with or without modifications, as long as this notice is preserved.
+-
+-# AM_PROG_CC_C_O
+-# --------------
+-# Like AC_PROG_CC_C_O, but changed for automake.
+-AC_DEFUN([AM_PROG_CC_C_O],
+-[AC_REQUIRE([AC_PROG_CC_C_O])dnl
+-AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+-AC_REQUIRE_AUX_FILE([compile])dnl
+-# FIXME: we rely on the cache variable name because
+-# there is no other way.
+-set dummy $CC
+-am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
+-eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
+-if test "$am_t" != yes; then
+- # Losing compiler, so override with the script.
+- # FIXME: It is wrong to rewrite CC.
+- # But if we don't then we get into trouble of one sort or another.
+- # A longer-term fix would be to have automake use am__CC in this case,
+- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+- CC="$am_aux_dir/compile $CC"
+-fi
+-dnl Make sure AC_PROG_CC is never called again, or it will override our
+-dnl setting of CC.
+-m4_define([AC_PROG_CC],
+- [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])])
+-])
+-
+ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+ # Copyright (C) 1997-2013 Free Software Foundation, Inc.
+@@ -784,6 +798,70 @@ AC_DEFUN([_AM_SET_OPTIONS],
+ AC_DEFUN([_AM_IF_OPTION],
+ [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
++# Copyright (C) 1999-2013 Free Software Foundation, Inc.
++#
++# This file is free software; the Free Software Foundation
++# gives unlimited permission to copy and/or distribute it,
++# with or without modifications, as long as this notice is preserved.
++
++# _AM_PROG_CC_C_O
++# ---------------
++# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC
++# to automatically call this.
++AC_DEFUN([_AM_PROG_CC_C_O],
++[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
++AC_REQUIRE_AUX_FILE([compile])dnl
++AC_LANG_PUSH([C])dnl
++AC_CACHE_CHECK(
++ [whether $CC understands -c and -o together],
++ [am_cv_prog_cc_c_o],
++ [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])])
++ # Make sure it works both with $CC and with simple cc.
++ # Following AC_PROG_CC_C_O, we do the test twice because some
++ # compilers refuse to overwrite an existing .o file with -o,
++ # though they will create one.
++ am_cv_prog_cc_c_o=yes
++ for am_i in 1 2; do
++ if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \
++ && test -f conftest2.$ac_objext; then
++ : OK
++ else
++ am_cv_prog_cc_c_o=no
++ break
++ fi
++ done
++ rm -f core conftest*
++ unset am_i])
++if test "$am_cv_prog_cc_c_o" != yes; then
++ # Losing compiler, so override with the script.
++ # FIXME: It is wrong to rewrite CC.
++ # But if we don't then we get into trouble of one sort or another.
++ # A longer-term fix would be to have automake use am__CC in this case,
++ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
++ CC="$am_aux_dir/compile $CC"
++fi
++AC_LANG_POP([C])])
++
++# For backward compatibility.
++AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
++
++# Copyright (C) 2001-2013 Free Software Foundation, Inc.
++#
++# This file is free software; the Free Software Foundation
++# gives unlimited permission to copy and/or distribute it,
++# with or without modifications, as long as this notice is preserved.
++
++# AM_RUN_LOG(COMMAND)
++# -------------------
++# Run COMMAND, save the exit status in ac_status, and log it.
++# (This has been adapted from Autoconf's _AC_RUN_LOG macro.)
++AC_DEFUN([AM_RUN_LOG],
++[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
++ ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
++ (exit $ac_status); }])
++
+ # Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+ # Copyright (C) 1996-2013 Free Software Foundation, Inc.
+diff --git a/configure b/configure
+index 1c73fed..cfc2d55 100755
+--- a/configure
++++ b/configure
+@@ -1,11 +1,11 @@
+ #! /bin/sh
+ # From configure.ac Revision: 1.4 .
+ # Guess values for system-dependent variables and create Makefiles.
+-# Generated by GNU Autoconf 2.69 for openca-ocspd 3.1.1.
++# Generated by GNU Autoconf 2.69 for openca-ocspd 3.1.2.
+ #
+ # Report bugs to <[email protected]>.
+ #
+-# Copyright 2007-2014 by Massimiliano Pala and OpenCA Labs
++# Copyright 2007-2015 by Massimiliano Pala and OpenCA Labs
+ #
+ #
+ # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+@@ -593,8 +593,8 @@ MAKEFLAGS=
+ # Identity of this package.
+ PACKAGE_NAME='openca-ocspd'
+ PACKAGE_TARNAME='openca-ocspd'
+-PACKAGE_VERSION='3.1.1'
+-PACKAGE_STRING='openca-ocspd 3.1.1'
++PACKAGE_VERSION='3.1.2'
++PACKAGE_STRING='openca-ocspd 3.1.2'
+ PACKAGE_BUGREPORT='[email protected]'
+ PACKAGE_URL=''
+
+@@ -1377,7 +1377,7 @@ if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+-\`configure' configures openca-ocspd 3.1.1 to adapt to many kinds of systems.
++\`configure' configures openca-ocspd 3.1.2 to adapt to many kinds of systems.
+
+ Usage: $0 [OPTION]... [VAR=VALUE]...
+
+@@ -1448,7 +1448,7 @@ fi
+
+ if test -n "$ac_init_help"; then
+ case $ac_init_help in
+- short | recursive ) echo "Configuration of openca-ocspd 3.1.1:";;
++ short | recursive ) echo "Configuration of openca-ocspd 3.1.2:";;
+ esac
+ cat <<\_ACEOF
+
+@@ -1566,14 +1566,14 @@ fi
+ test -n "$ac_init_help" && exit $ac_status
+ if $ac_init_version; then
+ cat <<\_ACEOF
+-openca-ocspd configure 3.1.1
++openca-ocspd configure 3.1.2
+ generated by GNU Autoconf 2.69
+
+ Copyright (C) 2012 Free Software Foundation, Inc.
+ This configure script is free software; the Free Software Foundation
+ gives unlimited permission to copy, distribute and modify it.
+
+-Copyright 2007-2014 by Massimiliano Pala and OpenCA Labs
++Copyright 2007-2015 by Massimiliano Pala and OpenCA Labs
+ _ACEOF
+ exit
+ fi
+@@ -1937,7 +1937,7 @@ cat >config.log <<_ACEOF
+ This file contains any messages produced by compilers while
+ running configure, to aid debugging if configure makes a mistake.
+
+-It was created by openca-ocspd $as_me 3.1.1, which was
++It was created by openca-ocspd $as_me 3.1.2, which was
+ generated by GNU Autoconf 2.69. Invocation command line was
+
+ $ $0 $@
+@@ -2448,7 +2448,7 @@ test -n "$target_alias" &&
+ program_prefix=${target_alias}-
+
+
+-am__api_version='1.13'
++am__api_version='1.14'
+
+ # Find a good install program. We prefer a C program (faster),
+ # so one script is as good as another. But avoid the broken or
+@@ -2934,7 +2934,7 @@ fi
+
+ # Define the identity of the package.
+ PACKAGE='openca-ocspd'
+- VERSION='3.1.1'
++ VERSION='3.1.2'
+
+
+ cat >>confdefs.h <<_ACEOF
+@@ -2985,6 +2985,47 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
+
+
+
++# POSIX will say in a future version that running "rm -f" with no argument
++# is OK; and we want to be able to make that assumption in our Makefile
++# recipes. So use an aggressive probe to check that the usage we want is
++# actually supported "in the wild" to an acceptable degree.
++# See automake bug#10828.
++# To make any issue more visible, cause the running configure to be aborted
++# by default if the 'rm' program in use doesn't match our expectations; the
++# user can still override this though.
++if rm -f && rm -fr && rm -rf; then : OK; else
++ cat >&2 <<'END'
++Oops!
++
++Your 'rm' program seems unable to run without file operands specified
++on the command line, even when the '-f' option is present. This is contrary
++to the behaviour of most rm programs out there, and not conforming with
++the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
++
++Please tell [email protected] about your system, including the value
++of your $PATH and any error possibly output before this message. This
++can help us improve future automake versions.
++
++END
++ if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
++ echo 'Configuration will proceed anyway, since you have set the' >&2
++ echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
++ echo >&2
++ else
++ cat >&2 <<'END'
++Aborting the configuration process, to ensure you take notice of the issue.
++
++You can download and install GNU coreutils to get an 'rm' implementation
++that behaves properly: <http://www.gnu.org/software/coreutils/>.
++
++If you want to complete the configuration process using your problematic
++'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
++to "yes", and re-run configure.
++
++END
++ as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
++ fi
++fi
+
+ #AC_DISABLE_FAST_INSTALL
+ #AC_DISABLE_SHARED
+@@ -3957,6 +3998,65 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
++ac_ext=c
++ac_cpp='$CPP $CPPFLAGS'
++ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
++ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
++ac_compiler_gnu=$ac_cv_c_compiler_gnu
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
++$as_echo_n "checking whether $CC understands -c and -o together... " >&6; }
++if ${am_cv_prog_cc_c_o+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++int
++main ()
++{
++
++ ;
++ return 0;
++}
++_ACEOF
++ # Make sure it works both with $CC and with simple cc.
++ # Following AC_PROG_CC_C_O, we do the test twice because some
++ # compilers refuse to overwrite an existing .o file with -o,
++ # though they will create one.
++ am_cv_prog_cc_c_o=yes
++ for am_i in 1 2; do
++ if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
++ ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } \
++ && test -f conftest2.$ac_objext; then
++ : OK
++ else
++ am_cv_prog_cc_c_o=no
++ break
++ fi
++ done
++ rm -f core conftest*
++ unset am_i
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
++$as_echo "$am_cv_prog_cc_c_o" >&6; }
++if test "$am_cv_prog_cc_c_o" != yes; then
++ # Losing compiler, so override with the script.
++ # FIXME: It is wrong to rewrite CC.
++ # But if we don't then we get into trouble of one sort or another.
++ # A longer-term fix would be to have automake use am__CC in this case,
++ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
++ CC="$am_aux_dir/compile $CC"
++fi
++ac_ext=c
++ac_cpp='$CPP $CPPFLAGS'
++ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
++ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
++ac_compiler_gnu=$ac_cv_c_compiler_gnu
++
++
+ depcc="$CC" am_compiler_list=
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+@@ -4585,131 +4685,6 @@ done
+ ac_config_headers="$ac_config_headers src/ocspd/includes/config.h"
+
+
+-if test "x$CC" != xcc; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5
+-$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5
+-$as_echo_n "checking whether cc understands -c and -o together... " >&6; }
+-fi
+-set dummy $CC; ac_cc=`$as_echo "$2" |
+- sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+-if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-# Make sure it works both with $CC and with simple cc.
+-# We do the test twice because some compilers refuse to overwrite an
+-# existing .o file with -o, though they will create one.
+-ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+-rm -f conftest2.*
+-if { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; } &&
+- test -f conftest2.$ac_objext && { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; };
+-then
+- eval ac_cv_prog_cc_${ac_cc}_c_o=yes
+- if test "x$CC" != xcc; then
+- # Test first that cc exists at all.
+- if { ac_try='cc -c conftest.$ac_ext >&5'
+- { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; }; then
+- ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+- rm -f conftest2.*
+- if { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; } &&
+- test -f conftest2.$ac_objext && { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; };
+- then
+- # cc works too.
+- :
+- else
+- # cc exists but doesn't like -o.
+- eval ac_cv_prog_cc_${ac_cc}_c_o=no
+- fi
+- fi
+- fi
+-else
+- eval ac_cv_prog_cc_${ac_cc}_c_o=no
+-fi
+-rm -f core conftest*
+-
+-fi
+-if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h
+-
+-fi
+-
+-# FIXME: we rely on the cache variable name because
+-# there is no other way.
+-set dummy $CC
+-am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+-eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
+-if test "$am_t" != yes; then
+- # Losing compiler, so override with the script.
+- # FIXME: It is wrong to rewrite CC.
+- # But if we don't then we get into trouble of one sort or another.
+- # A longer-term fix would be to have automake use am__CC in this case,
+- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+- CC="$am_aux_dir/compile $CC"
+-fi
+-
+
+
+ ac_ext=c
+@@ -13875,7 +13850,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ # report actual input values of CONFIG_FILES etc. instead of their
+ # values after options handling.
+ ac_log="
+-This file was extended by openca-ocspd $as_me 3.1.1, which was
++This file was extended by openca-ocspd $as_me 3.1.2, which was
+ generated by GNU Autoconf 2.69. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+@@ -13941,7 +13916,7 @@ _ACEOF
+ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ ac_cs_version="\\
+-openca-ocspd config.status 3.1.1
++openca-ocspd config.status 3.1.2
+ configured by $0, generated by GNU Autoconf 2.69,
+ with options \\"\$ac_cs_config\\"
+
+diff --git a/configure.ac b/configure.ac
+index e4ccf22..b9e370c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2,10 +2,10 @@ dnl -*- mode: m4; -*-
+ dnl Process this file with autoconf to produce a configure script.
+ AC_REVISION($Revision: 1.4 $)
+
+-AC_COPYRIGHT([Copyright 2007-2014 by Massimiliano Pala and OpenCA Labs])
++AC_COPYRIGHT([Copyright 2007-2015 by Massimiliano Pala and OpenCA Labs])
+
+ dnl Autoconf
+-AC_INIT(openca-ocspd, 3.1.1, [[email protected]], [openca-ocspd])
++AC_INIT(openca-ocspd, 3.1.2, [[email protected]], [openca-ocspd])
+
+ dnl Some variables
+ VERSION=$PACKAGE_VERSION
+diff --git a/docs/Makefile.in b/docs/Makefile.in
+index 85ac380..140207a 100644
+--- a/docs/Makefile.in
++++ b/docs/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+diff --git a/etc/Makefile.in b/etc/Makefile.in
+index 7af691f..a174a3d 100644
+--- a/etc/Makefile.in
++++ b/etc/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+diff --git a/etc/ca.d/collegeca.xml b/etc/ca.d/collegeca.xml
+index e67a939..3471267 100644
+--- a/etc/ca.d/collegeca.xml
++++ b/etc/ca.d/collegeca.xml
+@@ -28,6 +28,12 @@
+ the serverToken is used, it has the precedence over the serverCertUrl
+ one -->
+ <!-- <pki:serverToken></pki:serverToken> -->
++ <!-- This allows for setting the responderIdType for the responder. The allowed
++ values are:
++ - 'name' for using the hash of the signer's certificate name
++ - 'keyid' for using the hash of the signer's public key
++ The default value (if not set) is to use the name identifier -->
++ <pki:responderIdType>name</pki:responderIdType>
+ <!-- In case a CA is compromised, set this option to yes. All the
+ responses for this CA will carry the caCompromised flag. -->
+ <pki:caCompromised>no</pki:caCompromised>
+diff --git a/etc/ca.d/self-certs.xml b/etc/ca.d/self-certs.xml
+index 2665175..f03a2e1 100644
+--- a/etc/ca.d/self-certs.xml
++++ b/etc/ca.d/self-certs.xml
+@@ -28,6 +28,12 @@
+ the serverToken is used, it has the precedence over the serverCertUrl
+ one -->
+ <!-- <pki:serverToken></pki:serverToken> -->
++ <!-- This allows for setting the responderIdType for the responder. The allowed
++ values are:
++ - 'name' for using the hash of the signer's certificate name
++ - 'keyid' for using the hash of the signer's public key
++ The default value (if not set) is to use the name identifier -->
++ <pki:responderIdType>name</pki:responderIdType>
+ <!-- In case a CA is compromised, set this option to yes. All the
+ responses for this CA will carry the caCompromised flag. -->
+ <pki:caCompromised>no</pki:caCompromised>
+diff --git a/etc/ocspd.xml.in b/etc/ocspd.xml.in
+index bb74d34..c028e67 100644
+--- a/etc/ocspd.xml.in
++++ b/etc/ocspd.xml.in
+@@ -59,9 +59,6 @@
+ <!-- Digest Algorithm to be used when signing responses, currently
+ for some CISCO devices SHA1 is the only supported algorithm -->
+ <pki:signatureDigestAlgorithm>SHA1</pki:signatureDigestAlgorithm>
+- <!-- Set this option if you want to include the KeyID. If you are
+- unsure about this setting, use 'yes'. -->
+- <pki:addResponseKeyID>yes</pki:addResponseKeyID>
+ <!-- Validity Period of responses, clients are not supposed to ask
+ informations about the same CA within this validity period
+ If the two options are both set to '0' the 'nextUpdate' field
+diff --git a/src/Makefile.in b/src/Makefile.in
+index c7b1dcf..23c5b79 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+diff --git a/src/ocspd/Makefile.in b/src/ocspd/Makefile.in
+index 0c02f4e..3ecb86f 100644
+--- a/src/ocspd/Makefile.in
++++ b/src/ocspd/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.13.4 from Makefile.am.
++# Makefile.in generated by automake 1.14.1 from Makefile.am.
+ # @configure_input@
+
+ # Copyright (C) 1994-2013 Free Software Foundation, Inc.
+@@ -442,14 +442,14 @@ distclean-compile:
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+ .c.obj:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ .c.lo:
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+diff --git a/src/ocspd/config.c b/src/ocspd/config.c
+index 5ee4258..3ecb676 100644
+--- a/src/ocspd/config.c
++++ b/src/ocspd/config.c
+@@ -300,17 +300,6 @@ OCSPD_CONFIG * OCSPD_load_config(char *configfile)
+ PKI_Free(tmp_s);
+ }
+
+- /* Digest Algorithm to be used */
+- if ((tmp_s = PKI_CONFIG_get_value(cnf, "/serverConfig/response/addResponseKeyID")) != NULL)
+- {
+- if (strncmp_nocase(tmp_s, "n", 1) == 0)
+- {
+- h->add_response_keyid = 1;
+- }
+-
+- PKI_Free(tmp_s);
+- }
+-
+ /* Now Parse the PRQP Response Section */
+ if ((tmp_s = PKI_CONFIG_get_value( cnf, "/serverConfig/response/validity/days" )) != NULL)
+ {
+@@ -578,21 +567,53 @@ int OCSPD_build_ca_list ( OCSPD_CONFIG *handler,
+ ca->token_name = tmp_s;
+ ca->token = PKI_TOKEN_new_null();
+
+- if ((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/pkiConfigDir" )) != NULL)
++ if ((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/pkiConfigDir" )) != NULL) {
+ ca->token_config_dir = strdup( tmp_s );
++ PKI_Free(tmp_s);
++ }
+ else
++ {
+ ca->token_config_dir = strdup(handler->token_config_dir);
++ }
+ }
+
+- if((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/caCompromised" )) == NULL)
++ if((tmp_s = PKI_CONFIG_get_value ( cnf, "/caConfig/caCompromised" )) == NULL) {
+ ca->compromised = 0;
++ }
+ else
++ {
+ ca->compromised = atoi(tmp_s);
++ PKI_Free(tmp_s);
++ }
++
++ /* Responder Id Type */
++ if ((tmp_s = PKI_CONFIG_get_value(cnf, "/caConfig/responderIdType")) != NULL)
++ {
++ if (strncmp_nocase(tmp_s, "keyid", 5) == 0)
++ {
++ ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_KEYID;
++ }
++ else if (strncmp_nocase(tmp_s, "name", 4) == 0)
++ {
++ ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_NAME;
++ }
++ else
++ {
++ PKI_log_err("Can not parse responderIdType: %s (allowed 'keyid' or 'name')", tmp_s);
++ exit(1);
++ }
++
++ PKI_Free(tmp_s);
++ }
++ else
++ {
++ // Default Value
++ ca->response_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_NAME;
++ }
+
+ // Now let's add the CA_LIST_ENTRY to the list of configured CAs
+ PKI_STACK_push ( ca_list, ca );
+
+- PKI_Free(tmp_s);
+ }
+
+ handler->ca_list = ca_list;
+diff --git a/src/ocspd/includes/general.h b/src/ocspd/includes/general.h
+index f82f236..34c453e 100644
+--- a/src/ocspd/includes/general.h
++++ b/src/ocspd/includes/general.h
+@@ -110,51 +110,53 @@ typedef struct ca_entry_certid
+ #define sk_CA_ENTRY_CERTID_find(st) SKM_sk_find(CA_ENTRY_CERTID, (st))
+
+ /* List of available CAs */
+-typedef struct ca_list_st
+- {
+- /* CA Identifier - Name from config file */
+- char *ca_id;
++typedef struct ca_list_st {
++ /* CA Identifier - Name from config file */
++ char *ca_id;
+
+- /* CA Status - If compromised > 0 respond all revoked */
+- int compromised;
++ /* CA Status - If compromised > 0 respond all revoked */
++ int compromised;
+
+- /* CA certificate */
+- PKI_X509_CERT *ca_cert;
++ /* CA certificate */
++ PKI_X509_CERT *ca_cert;
+
+- /* Cert Identifier */
+- CA_ENTRY_CERTID *cid;
++ /* Cert Identifier */
++ CA_ENTRY_CERTID *cid;
+
+- /* CA certificate URL */
+- URL *ca_url;
++ /* CA certificate URL */
++ URL *ca_url;
+
+- /* CRL URL */
+- URL *crl_url;
++ /* CRL URL */
++ URL *crl_url;
+
+- /* CRL data */
+- PKI_X509_CRL *crl;
++ /* CRL data */
++ PKI_X509_CRL *crl;
+
+- /* Pointer to the list of CRLs entries */
+- STACK_OF(X509_REVOKED) *crl_list;
++ /* Pointer to the list of CRLs entries */
++ STACK_OF(X509_REVOKED) *crl_list;
+
+- /* X509 nextUpdate and lastUpdate */
+- PKI_TIME *nextUpdate;
+- PKI_TIME *lastUpdate;
++ /* X509 nextUpdate and lastUpdate */
++ PKI_TIME *nextUpdate;
++ PKI_TIME *lastUpdate;
+
+- /* Options for auto reloading of CRL upon expiration */
+- int crl_status;
++ /* Options for auto reloading of CRL upon expiration */
++ int crl_status;
+
+- /* Number of entries present in the list */
+- unsigned long entries_num;
++ /* Number of entries present in the list */
++ unsigned long entries_num;
+
+- /* TOKEN to be used with this CA - if null, the default
+- * one will be used */
+- PKI_X509_CERT *server_cert;
++ /* TOKEN to be used with this CA - if null, the default
++ * one will be used */
++ PKI_X509_CERT *server_cert;
+
+- char *token_name;
+- char *token_config_dir;
+- PKI_TOKEN *token;
++ char *token_name;
++ char *token_config_dir;
++ PKI_TOKEN *token;
++
++ /* Responder Identifier Type */
++ int response_id_type;
+
+- } CA_LIST_ENTRY;
++} CA_LIST_ENTRY;
+
+ typedef struct {
+ pthread_t thread_tid;
+@@ -193,7 +195,6 @@ typedef struct ocspd_config {
+ int nmin;
+ int ndays;
+ int set_nextUpdate;
+- int add_response_keyid;
+
+ int flags;
+
+diff --git a/src/ocspd/response.c b/src/ocspd/response.c
+index 1dd39cb..9933f1e 100644
+--- a/src/ocspd/response.c
++++ b/src/ocspd/response.c
+@@ -27,7 +27,8 @@ static const char *statusInfo[] = {
+ NULL
+ };
+
+-int sign_ocsp_response(PKI_X509_OCSP_RESP *resp, OCSPD_CONFIG *conf, PKI_X509_CERT *signCert, PKI_X509_CERT *caCert, PKI_TOKEN *tk)
++int sign_ocsp_response(PKI_X509_OCSP_RESP *resp, OCSPD_CONFIG *conf, PKI_X509_CERT *signCert,
++ PKI_X509_CERT *caCert, PKI_TOKEN *tk, PKI_X509_OCSP_RESPID_TYPE resp_id_type)
+ {
+ PKI_DIGEST_ALG * sign_dgst = NULL;
+ PKI_OCSP_RESP * r = NULL;
+@@ -106,7 +107,9 @@ int sign_ocsp_response(PKI_X509_OCSP_RESP *resp, OCSPD_CONFIG *conf, PKI_X509_CE
+ }
+
+ // Now generate the signature for the response
+- sig_rv = PKI_X509_OCSP_RESP_sign(resp, tk->keypair, signCert, caCert, tk->otherCerts, sign_dgst);
++ sig_rv = PKI_X509_OCSP_RESP_sign(resp, tk->keypair, signCert,
++ caCert, tk->otherCerts,
++ sign_dgst, resp_id_type);
+
+ // Checks the return code and report the error (if any)
+ if (sig_rv != PKI_OK)
+@@ -206,6 +209,8 @@ PKI_X509_OCSP_RESP *make_ocsp_response(PKI_X509_OCSP_REQ *req, OCSPD_CONFIG *con
+ PKI_X509_OCSP_RESP *resp = NULL;
+ PKI_X509_OCSP_REQ_VALUE *req_val = NULL;
+
++ PKI_X509_OCSP_RESPID_TYPE resp_id_type = PKI_X509_OCSP_RESPID_TYPE_BY_NAME;
++
+ PKI_TOKEN *tk = NULL;
+
+ PKI_X509_CERT *signCert = NULL;
+@@ -339,6 +344,9 @@ PKI_X509_OCSP_RESP *make_ocsp_response(PKI_X509_OCSP_REQ *req, OCSPD_CONFIG *con
+ else signCert = NULL;
+ }
+
++ // Response Id Type
++ resp_id_type = ca->response_id_type;
++
+ // Here we check for the case where the CRL status is not ok, so
+ // we ask the client to try later, hopefully when we have a valid
+ // CRL to provide the response with
+@@ -498,7 +506,7 @@ PKI_X509_OCSP_RESP *make_ocsp_response(PKI_X509_OCSP_REQ *req, OCSPD_CONFIG *con
+ // Now we need to sign the response
+ if (resp != NULL && signResponse == 1)
+ {
+- if (sign_ocsp_response(resp, conf, signCert, caCert, tk) != PKI_OK)
++ if (sign_ocsp_response(resp, conf, signCert, caCert, tk, resp_id_type) != PKI_OK)
+ {
+ // Free the current response, and generate the appropriate error
+ PKI_X509_OCSP_RESP_free(resp);