From 87998f80e7d05e0ad846bcf5152e4d5065dde49b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 7 Mar 2020 13:26:56 +0200
Subject: [PATCH] HS 2.0 server: Allow OCSP responder to continue running after
 errors

By default, 'openssl ocsp' exits upon receiving a malformed request.
That's not really ideal for a server, so configure openssl to not do
that and instead, continue running to process other requests.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 hs20/server/ca/ocsp-responder.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hs20/server/ca/ocsp-responder.sh b/hs20/server/ca/ocsp-responder.sh
index 8cebd7453..620947d01 100755
--- a/hs20/server/ca/ocsp-responder.sh
+++ b/hs20/server/ca/ocsp-responder.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text
+openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text -ignore_err