How can the ocsp responder be run non-interactively (e.g., run from a script so that the person running the script does not have to type in the OCSP signing key password)?
(Yes, I know that that generally isn't secure, but in this case it doesn't need to be. (It's for an example/test setup script).) Openssl subcommands such as req, x509, and ca accept -passin/-passin options for specifying key passwords non-interactively. However, for "openssl ocsp -index ...", there doesn't seem to be any way to specify the signing key password in or via the command line and stop openssl from interactively prompting for a password. The manual page for ocsp doesn't mention "password" anywhere. When I try adding "-passin pass:..." or "-passout pass:..." to an otherwise valid "openssl ocsp -index ..." command line, it prints out the "Usage: ocsp [options]" message (though without reporting "unknown option xxx" as other subcommands (e.g., "ca") do for unknown options). Trying something like "echo ... | openssl ocsp ..." doesn't work. Evidently openssl reads passwords in some way other than reading stdin (presumably reads from /dev/tty or something like that (in part to avoid interfering with data read from stdin)). That's with OpenSSl 1.0.1c 10 May 2012 from Cygwin. So...: 1. Is there a way (in that version of OpenSSL) to specify the password interactively for "openssl ocsp -index..." (that is, for the responder mode of the ocsp subcommand, whether in non-server checking mode or in server mode)? 2. If not, is that a bug (in the design--not providing the password- specification feature consistently where it would apply)? 3. Is the above error-reporting behavior for "openssl ocsp" a bug (that is, before printing out the "Usage: ..." message, shouldn't it report what command syntax error it detected, as other subcommands such as "openssl ca" do)? Thanks, Daniel ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
