]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/ocsp/ocsp.h
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix warnings in d1_both.c [from 0.9.8-stable].
[thirdparty/openssl.git] / crypto / ocsp / ocsp.h
CommitLineData
eb64730b
RL		 1/* ocsp.h */
2/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3 * project. */
4
5/* History:
6 This file was transfered to Richard Levitte from CertCo by Kathy
7 Weinhold in mid-spring 2000 to be included in OpenSSL or released
8 as a patch kit. */
9
10/* ====================================================================
11 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 *
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in
22 * the documentation and/or other materials provided with the
23 * distribution.
24 *
25 * 3. All advertising materials mentioning features or use of this
26 * software must display the following acknowledgment:
27 * "This product includes software developed by the OpenSSL Project
28 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
29 *
30 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
31 * endorse or promote products derived from this software without
32 * prior written permission. For written permission, please contact
33 * openssl-core@openssl.org.
34 *
35 * 5. Products derived from this software may not be called "OpenSSL"
36 * nor may "OpenSSL" appear in their names without prior written
37 * permission of the OpenSSL Project.
38 *
39 * 6. Redistributions of any form whatsoever must retain the following
40 * acknowledgment:
41 * "This product includes software developed by the OpenSSL Project
42 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
43 *
44 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
45 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
48 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55 * OF THE POSSIBILITY OF SUCH DAMAGE.
56 * ====================================================================
57 *
58 * This product includes cryptographic software written by Eric Young
59 * (eay@cryptsoft.com). This product includes software written by Tim
60 * Hudson (tjh@cryptsoft.com).
61 *
62 */
63
64#ifndef HEADER_OCSP_H
65#define HEADER_OCSP_H
66
c1c6c0bf 67#include <openssl/ossl_typ.h>
eb64730b
RL		 68#include <openssl/x509.h>
69#include <openssl/x509v3.h>
70#include <openssl/safestack.h>
71
72#ifdef __cplusplus
73extern "C" {
74#endif
75
0b33bc65
DSH		 76/* Various flags and values */
77
78#define OCSP_DEFAULT_NONCE_LENGTH 16
79
80#define OCSP_NOCERTS 0x1
9b4dc830
DSH		 81#define OCSP_NOINTERN 0x2
82#define OCSP_NOSIGS 0x4
81f169e9
DSH		 83#define OCSP_NOCHAIN 0x8
84#define OCSP_NOVERIFY 0x10
85#define OCSP_NOEXPLICIT 0x20
86#define OCSP_NOCASIGN 0x40
87#define OCSP_NODELEGATED 0x80
88#define OCSP_NOCHECKS 0x100
50d51991 89#define OCSP_TRUSTOTHER 0x200
02e4fbed
DSH		 90#define OCSP_RESPID_KEY 0x400
91#define OCSP_NOTIME 0x800
0b33bc65 92
eb64730b
RL		 93/* CertID ::= SEQUENCE {
94 * hashAlgorithm AlgorithmIdentifier,
95 * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
96 * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
97 * serialNumber CertificateSerialNumber }
98 */
99typedef struct ocsp_cert_id_st
100 {
101 X509_ALGOR *hashAlgorithm;
102 ASN1_OCTET_STRING *issuerNameHash;
103 ASN1_OCTET_STRING *issuerKeyHash;
104 ASN1_INTEGER *serialNumber;
105 } OCSP_CERTID;
106
73758d43
DSH		 107DECLARE_STACK_OF(OCSP_CERTID)
108
eb64730b
RL		 109/* Request ::= SEQUENCE {
110 * reqCert CertID,
111 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
112 */
113typedef struct ocsp_one_request_st
114 {
115 OCSP_CERTID *reqCert;
116 STACK_OF(X509_EXTENSION) *singleRequestExtensions;
117 } OCSP_ONEREQ;
118
119DECLARE_STACK_OF(OCSP_ONEREQ)
120DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
121
122
123/* TBSRequest ::= SEQUENCE {
124 * version [0] EXPLICIT Version DEFAULT v1,
125 * requestorName [1] EXPLICIT GeneralName OPTIONAL,
126 * requestList SEQUENCE OF Request,
127 * requestExtensions [2] EXPLICIT Extensions OPTIONAL }
128 */
129typedef struct ocsp_req_info_st
130 {
131 ASN1_INTEGER *version;
132 GENERAL_NAME *requestorName;
133 STACK_OF(OCSP_ONEREQ) *requestList;
134 STACK_OF(X509_EXTENSION) *requestExtensions;
135 } OCSP_REQINFO;
136
137/* Signature ::= SEQUENCE {
138 * signatureAlgorithm AlgorithmIdentifier,
139 * signature BIT STRING,
140 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
141 */
142typedef struct ocsp_signature_st
143 {
144 X509_ALGOR *signatureAlgorithm;
145 ASN1_BIT_STRING *signature;
146 STACK_OF(X509) *certs;
147 } OCSP_SIGNATURE;
148
149/* OCSPRequest ::= SEQUENCE {
150 * tbsRequest TBSRequest,
151 * optionalSignature [0] EXPLICIT Signature OPTIONAL }
152 */
153typedef struct ocsp_request_st
154 {
155 OCSP_REQINFO *tbsRequest;
156 OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
157 } OCSP_REQUEST;
158
159/* OCSPResponseStatus ::= ENUMERATED {
160 * successful (0), --Response has valid confirmations
161 * malformedRequest (1), --Illegal confirmation request
162 * internalError (2), --Internal error in issuer
163 * tryLater (3), --Try again later
164 * --(4) is not used
165 * sigRequired (5), --Must sign the request
166 * unauthorized (6) --Request unauthorized
167 * }
168 */
0b33bc65 169#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
eb64730b
RL		 170#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
171#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
172#define OCSP_RESPONSE_STATUS_TRYLATER 3
173#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
174#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
175
176/* ResponseBytes ::= SEQUENCE {
177 * responseType OBJECT IDENTIFIER,
178 * response OCTET STRING }
179 */
180typedef struct ocsp_resp_bytes_st
181 {
182 ASN1_OBJECT *responseType;
183 ASN1_OCTET_STRING *response;
184 } OCSP_RESPBYTES;
185
186/* OCSPResponse ::= SEQUENCE {
187 * responseStatus OCSPResponseStatus,
188 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
189 */
67c8e7f4 190struct ocsp_response_st
eb64730b
RL		 191 {
192 ASN1_ENUMERATED *responseStatus;
193 OCSP_RESPBYTES *responseBytes;
67c8e7f4 194 };
eb64730b
RL		 195
196/* ResponderID ::= CHOICE {
197 * byName [1] Name,
198 * byKey [2] KeyHash }
199 */
36f554d4
DSH		 200#define V_OCSP_RESPID_NAME 0
201#define V_OCSP_RESPID_KEY 1
67c8e7f4 202struct ocsp_responder_id_st
eb64730b 203 {
36f554d4 204 int type;
eb64730b
RL		 205 union {
206 X509_NAME* byName;
207 ASN1_OCTET_STRING *byKey;
208 } value;
67c8e7f4
DSH		 209 };
210
211DECLARE_STACK_OF(OCSP_RESPID)
212DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
213
eb64730b
RL		 214/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
215 * --(excluding the tag and length fields)
216 */
217
218/* RevokedInfo ::= SEQUENCE {
219 * revocationTime GeneralizedTime,
220 * revocationReason [0] EXPLICIT CRLReason OPTIONAL }
221 */
222typedef struct ocsp_revoked_info_st
223 {
224 ASN1_GENERALIZEDTIME *revocationTime;
225 ASN1_ENUMERATED *revocationReason;
226 } OCSP_REVOKEDINFO;
227
228/* CertStatus ::= CHOICE {
229 * good [0] IMPLICIT NULL,
230 * revoked [1] IMPLICIT RevokedInfo,
231 * unknown [2] IMPLICIT UnknownInfo }
232 */
233#define V_OCSP_CERTSTATUS_GOOD 0
234#define V_OCSP_CERTSTATUS_REVOKED 1
235#define V_OCSP_CERTSTATUS_UNKNOWN 2
236typedef struct ocsp_cert_status_st
237 {
36f554d4
DSH		 238 int type;
239 union {
240 ASN1_NULL *good;
241 OCSP_REVOKEDINFO *revoked;
242 ASN1_NULL *unknown;
243 } value;
eb64730b
RL		 244 } OCSP_CERTSTATUS;
245
246/* SingleResponse ::= SEQUENCE {
247 * certID CertID,
248 * certStatus CertStatus,
249 * thisUpdate GeneralizedTime,
250 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
251 * singleExtensions [1] EXPLICIT Extensions OPTIONAL }
252 */
253typedef struct ocsp_single_response_st
254 {
255 OCSP_CERTID *certId;
256 OCSP_CERTSTATUS *certStatus;
257 ASN1_GENERALIZEDTIME *thisUpdate;
258 ASN1_GENERALIZEDTIME *nextUpdate;
259 STACK_OF(X509_EXTENSION) *singleExtensions;
260 } OCSP_SINGLERESP;
261
262DECLARE_STACK_OF(OCSP_SINGLERESP)
263DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
264
265/* ResponseData ::= SEQUENCE {
266 * version [0] EXPLICIT Version DEFAULT v1,
267 * responderID ResponderID,
268 * producedAt GeneralizedTime,
269 * responses SEQUENCE OF SingleResponse,
270 * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
271 */
272typedef struct ocsp_response_data_st
273 {
274 ASN1_INTEGER *version;
275 OCSP_RESPID *responderId;
276 ASN1_GENERALIZEDTIME *producedAt;
277 STACK_OF(OCSP_SINGLERESP) *responses;
278 STACK_OF(X509_EXTENSION) *responseExtensions;
279 } OCSP_RESPDATA;
280
281/* BasicOCSPResponse ::= SEQUENCE {
282 * tbsResponseData ResponseData,
283 * signatureAlgorithm AlgorithmIdentifier,
284 * signature BIT STRING,
285 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
286 */
287 /* Note 1:
288 The value for "signature" is specified in the OCSP rfc2560 as follows:
289 "The value for the signature SHALL be computed on the hash of the DER
290 encoding ResponseData." This means that you must hash the DER-encoded
291 tbsResponseData, and then run it through a crypto-signing function, which
292 will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems
293 a bit odd, but that's the spec. Also note that the data structures do not
294 leave anywhere to independently specify the algorithm used for the initial
295 hash. So, we look at the signature-specification algorithm, and try to do
296 something intelligent. -- Kathy Weinhold, CertCo */
297 /* Note 2:
298 It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
299 for interpretation. I've done tests against another responder, and found
300 that it doesn't do the double hashing that the RFC seems to say one
301 should. Therefore, all relevant functions take a flag saying which
302 variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */
303typedef struct ocsp_basic_response_st
304 {
305 OCSP_RESPDATA *tbsResponseData;
306 X509_ALGOR *signatureAlgorithm;
307 ASN1_BIT_STRING *signature;
308 STACK_OF(X509) *certs;
309 } OCSP_BASICRESP;
310
311/*
312 * CRLReason ::= ENUMERATED {
313 * unspecified (0),
314 * keyCompromise (1),
315 * cACompromise (2),
316 * affiliationChanged (3),
317 * superseded (4),
318 * cessationOfOperation (5),
319 * certificateHold (6),
320 * removeFromCRL (8) }
321 */
322#define OCSP_REVOKED_STATUS_NOSTATUS -1
323#define OCSP_REVOKED_STATUS_UNSPECIFIED 0
324#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
325#define OCSP_REVOKED_STATUS_CACOMPROMISE 2
326#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
327#define OCSP_REVOKED_STATUS_SUPERSEDED 4
328#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
329#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
330#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
331
332/* CrlID ::= SEQUENCE {
333 * crlUrl [0] EXPLICIT IA5String OPTIONAL,
334 * crlNum [1] EXPLICIT INTEGER OPTIONAL,
335 * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
336 */
337typedef struct ocsp_crl_id_st
338 {
339 ASN1_IA5STRING *crlUrl;
340 ASN1_INTEGER *crlNum;
341 ASN1_GENERALIZEDTIME *crlTime;
342 } OCSP_CRLID;
343
344/* ServiceLocator ::= SEQUENCE {
345 * issuer Name,
346 * locator AuthorityInfoAccessSyntax OPTIONAL }
347 */
348typedef struct ocsp_service_locator_st
349 {
350 X509_NAME* issuer;
351 STACK_OF(ACCESS_DESCRIPTION) *locator;
352 } OCSP_SERVICELOC;
353
354#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
355#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
356
41a15c4f 357#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
eb64730b 358
41a15c4f 359#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
eb64730b
RL		 360
361#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
362 (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
363
364#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
365 (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
366
367#define PEM_write_bio_OCSP_REQUEST(bp,o) \
368 PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
369 bp,(char *)o, NULL,NULL,0,NULL,NULL)
370
371#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
372 PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
373 bp,(char *)o, NULL,NULL,0,NULL,NULL)
374
41a15c4f 375#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
eb64730b 376
41a15c4f 377#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
eb64730b
RL		 378
379#define OCSP_REQUEST_sign(o,pkey,md) \
bb5ea36b 380 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
eb64730b 381 o->optionalSignature->signatureAlgorithm,NULL,\
0b33bc65 382 o->optionalSignature->signature,o->tbsRequest,pkey,md)
eb64730b
RL		 383
384#define OCSP_BASICRESP_sign(o,pkey,md,d) \
bb5ea36b 385 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
0b33bc65 386 o->signature,o->tbsResponseData,pkey,md)
eb64730b 387
bb5ea36b 388#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
eb64730b 389 a->optionalSignature->signatureAlgorithm,\
0b33bc65 390 a->optionalSignature->signature,a->tbsRequest,r)
eb64730b 391
bb5ea36b 392#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
0b33bc65 393 a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
eb64730b
RL		 394
395#define ASN1_BIT_STRING_digest(data,type,md,len) \
bb5ea36b 396 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
eb64730b 397
eb64730b
RL		 398#define OCSP_CERTSTATUS_dup(cs)\
399 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
400 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
401
fb596f3b
DSH		 402OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
403
bf0d176e 404OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
c1c6c0bf
DSH		 405OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
406 int maxline);
407int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
408void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
bf0d176e
DSH		 409
410OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
411
eb64730b
RL		 412OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
413 X509_NAME *issuerName,
414 ASN1_BIT_STRING* issuerKey,
415 ASN1_INTEGER *serialNumber);
416
0b33bc65 417OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
26e083cc 418
0b33bc65 419int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
46a58ab9 420int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
0b33bc65 421int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
26e083cc
DSH		 422int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
423
0b33bc65
DSH		 424int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
425int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
eb64730b
RL		 426
427int OCSP_request_sign(OCSP_REQUEST *req,
0b33bc65 428 X509 *signer,
eb64730b
RL		 429 EVP_PKEY *key,
430 const EVP_MD *dgst,
0b33bc65
DSH		 431 STACK_OF(X509) *certs,
432 unsigned long flags);
433
434int OCSP_response_status(OCSP_RESPONSE *resp);
435OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
eb64730b 436
b5524a3a
DSH		 437int OCSP_resp_count(OCSP_BASICRESP *bs);
438OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
439int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
440int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
441 ASN1_GENERALIZEDTIME **revtime,
442 ASN1_GENERALIZEDTIME **thisupd,
443 ASN1_GENERALIZEDTIME **nextupd);
444int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
445 int *reason,
446 ASN1_GENERALIZEDTIME **revtime,
447 ASN1_GENERALIZEDTIME **thisupd,
448 ASN1_GENERALIZEDTIME **nextupd);
f1965221
DSH		 449int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
450 ASN1_GENERALIZEDTIME *nextupd,
451 long sec, long maxsec);
b5524a3a 452
fafc7f98 453int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
eb64730b 454
67c18019
DSH		 455int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
456
81f169e9 457int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
0b33bc65
DSH		 458int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
459
02e4fbed
DSH		 460int OCSP_request_onereq_count(OCSP_REQUEST *req);
461OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
462OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
463int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
464 ASN1_OCTET_STRING **pikeyHash,
465 ASN1_INTEGER **pserial, OCSP_CERTID *cid);
fafc7f98 466int OCSP_request_is_signed(OCSP_REQUEST *req);
2b916952 467OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
02e4fbed
DSH		 468OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
469 OCSP_CERTID *cid,
470 int status, int reason,
471 ASN1_TIME *revtime,
472 ASN1_TIME *thisupd, ASN1_TIME *nextupd);
473int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
474int OCSP_basic_sign(OCSP_BASICRESP *brsp,
475 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
476 STACK_OF(X509) *certs, unsigned long flags);
eb64730b 477
eb64730b
RL		 478X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
479
480X509_EXTENSION *OCSP_accept_responses_new(char **oids);
481
482X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
483
484X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
485
ec558b65
DSH		 486int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
487int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
488int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
489int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
490X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
491X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
492void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
493int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
494 unsigned long flags);
495int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
496
497int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
498int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
499int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
500int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
501X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
502X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
503void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
504int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
505 unsigned long flags);
506int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
507
508int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
509int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
510int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
511int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
512X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
513X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
514void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
515int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
516 unsigned long flags);
517int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
518
519int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
520int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
521int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
522int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
523X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
524X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
525void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
526int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
527 unsigned long flags);
528int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
529
c08523d8 530DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
73e92de5
DSH		 531DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
532DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
533DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
534DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
535DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
536DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
537DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
538DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
539DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
540DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
541DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
1f47ec53 542DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
c08523d8 543DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
c08523d8 544DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
eb64730b 545
73758d43
DSH		 546char *OCSP_response_status_str(long s);
547char *OCSP_cert_status_str(long s);
548char *OCSP_crl_reason_str(long s);
549
73e92de5 550int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
5782ceb2 551int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
73e92de5 552
9b4dc830
DSH		 553int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
554 X509_STORE *st, unsigned long flags);
73e92de5 555
eb64730b
RL		 556/* BEGIN ERROR CODES */
557/* The following lines are auto generated by the script mkerr.pl. Any changes
558 * made after this point may be overwritten when the script is next run.
559 */
b476df64 560void ERR_load_OCSP_strings(void);
eb64730b
RL		 561
562/* Error codes for the OCSP functions. */
563
564/* Function codes. */
46a58ab9 565#define OCSP_F_ASN1_STRING_ENCODE 100
46a58ab9
DSH		 566#define OCSP_F_D2I_OCSP_NONCE 102
567#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
568#define OCSP_F_OCSP_BASIC_SIGN 104
569#define OCSP_F_OCSP_BASIC_VERIFY 105
8afca8d9 570#define OCSP_F_OCSP_CERT_ID_NEW 101
46a58ab9
DSH		 571#define OCSP_F_OCSP_CHECK_DELEGATED 106
572#define OCSP_F_OCSP_CHECK_IDS 107
573#define OCSP_F_OCSP_CHECK_ISSUER 108
f1965221 574#define OCSP_F_OCSP_CHECK_VALIDITY 115
46a58ab9 575#define OCSP_F_OCSP_MATCH_ISSUERID 109
67c18019 576#define OCSP_F_OCSP_PARSE_URL 114
46a58ab9 577#define OCSP_F_OCSP_REQUEST_SIGN 110
fafc7f98 578#define OCSP_F_OCSP_REQUEST_VERIFY 116
0b33bc65 579#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
46a58ab9 580#define OCSP_F_OCSP_SENDREQ_BIO 112
c1c6c0bf 581#define OCSP_F_OCSP_SENDREQ_NBIO 117
47a9d527 582#define OCSP_F_PARSE_HTTP_LINE1 118
46a58ab9 583#define OCSP_F_REQUEST_VERIFY 113
eb64730b
RL		 584
585/* Reason codes. */
46a58ab9
DSH		 586#define OCSP_R_BAD_DATA 100
587#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
588#define OCSP_R_DIGEST_ERR 102
f1965221
DSH		 589#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
590#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123
67c18019 591#define OCSP_R_ERROR_PARSING_URL 121
46a58ab9 592#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103
f1965221 593#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
46a58ab9
DSH		 594#define OCSP_R_NOT_BASIC_RESPONSE 104
595#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
596#define OCSP_R_NO_CONTENT 106
597#define OCSP_R_NO_PUBLIC_KEY 107
598#define OCSP_R_NO_RESPONSE_DATA 108
599#define OCSP_R_NO_REVOKED_TIME 109
600#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110
fafc7f98 601#define OCSP_R_REQUEST_NOT_SIGNED 128
46a58ab9
DSH		 602#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
603#define OCSP_R_ROOT_CA_NOT_TRUSTED 112
604#define OCSP_R_SERVER_READ_ERROR 113
605#define OCSP_R_SERVER_RESPONSE_ERROR 114
606#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115
607#define OCSP_R_SERVER_WRITE_ERROR 116
608#define OCSP_R_SIGNATURE_FAILURE 117
609#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
f1965221
DSH		 610#define OCSP_R_STATUS_EXPIRED 125
611#define OCSP_R_STATUS_NOT_YET_VALID 126
612#define OCSP_R_STATUS_TOO_OLD 127
46a58ab9
DSH		 613#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119
614#define OCSP_R_UNKNOWN_NID 120
fafc7f98 615#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
eb64730b
RL		 616
617#ifdef __cplusplus
618}
619#endif
620#endif
A mirror of the official openssl repository