* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer:
* useful if we want to add extensions.
*/
-
OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
{
OCSP_ONEREQ *one = NULL;
}
/* Set requestorName from an X509_NAME structure */
-
int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm)
{
GENERAL_NAME *gen = GENERAL_NAME_new();
}
/* Add a certificate to an OCSP request */
-
int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
{
- OCSP_SIGNATURE *sig;
-
- if (req->optionalSignature == NULL)
- req->optionalSignature = OCSP_SIGNATURE_new();
- sig = req->optionalSignature;
- if (sig == NULL)
+ if (req->optionalSignature == NULL
+ && (req->optionalSignature = OCSP_SIGNATURE_new()) == NULL)
return 0;
if (cert == NULL)
return 1;
- return ossl_x509_add_cert_new(&sig->certs, cert, X509_ADD_FLAG_UP_REF);
+ return ossl_x509_add_cert_new(&req->optionalSignature->certs, cert,
+ X509_ADD_FLAG_UP_REF);
}
/*
* optional signers certificate and include one or more optional certificates
* in the request. Behaves like PKCS7_sign().
*/
-
int OCSP_request_sign(OCSP_REQUEST *req,
X509 *signer,
EVP_PKEY *key,
const EVP_MD *dgst,
STACK_OF(X509) *certs, unsigned long flags)
{
- int i;
- X509 *x;
-
if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
goto err;
}
if ((flags & OCSP_NOCERTS) == 0) {
- if (!OCSP_request_add1_cert(req, signer))
+ if (!OCSP_request_add1_cert(req, signer)
+ || !X509_add_certs(req->optionalSignature->certs, certs,
+ X509_ADD_FLAG_UP_REF))
goto err;
- for (i = 0; i < sk_X509_num(certs); i++) {
- x = sk_X509_value(certs, i);
- if (!OCSP_request_add1_cert(req, x))
- goto err;
- }
}
return 1;
}
/* Get response status */
-
int OCSP_response_status(OCSP_RESPONSE *resp)
{
return ASN1_ENUMERATED_get(resp->responseStatus);
* Extract basic response from OCSP_RESPONSE or NULL if no basic response
* present.
*/
-
OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
{
OCSP_RESPBYTES *rb = resp->responseBytes;
return &bs->tbsResponseData;
}
-/*
- * Return number of OCSP_SINGLERESP responses present in a basic response.
- */
+/* Return number of OCSP_SINGLERESP responses present in a basic response */
int OCSP_resp_count(OCSP_BASICRESP *bs)
{
}
/* Extract an OCSP_SINGLERESP response with a given index */
-
OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
{
if (bs == NULL)
}
/* Look single response matching a given certificate ID */
-
int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
{
int i;
* revtime and reason values are only set if the certificate status is
* revoked. Returns numerical value of status.
*/
-
int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
ASN1_GENERALIZEDTIME **revtime,
ASN1_GENERALIZEDTIME **thisupd,
* This function combines the previous ones: look up a certificate ID and if
* found extract status information. Return 0 is successful.
*/
-
int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
int *reason,
ASN1_GENERALIZEDTIME **revtime,
* accepting very old responses without a nextUpdate field an optional maxage
* parameter specifies the maximum age the thisUpdate field can be.
*/
-
int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
{
* Utility functions related to sending OCSP responses and extracting
* relevant information from the request.
*/
-
int OCSP_request_onereq_count(OCSP_REQUEST *req)
{
return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
}
/* Add a certificate to an OCSP request */
-
int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
{
return ossl_x509_add_cert_new(&resp->certs, cert, X509_ADD_FLAG_UP_REF);
* set the responderID to the subject name in the signer's certificate, and
* include one or more optional certificates in the response.
*/
-
int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
X509 *signer, EVP_MD_CTX *ctx,
STACK_OF(X509) *certs, unsigned long flags)
{
- int i;
OCSP_RESPID *rid;
EVP_PKEY *pkey;
}
if (!(flags & OCSP_NOCERTS)) {
- if (!OCSP_basic_add1_cert(brsp, signer))
+ if (!OCSP_basic_add1_cert(brsp, signer)
+ || !X509_add_certs(brsp->certs, certs, X509_ADD_FLAG_UP_REF))
goto err;
- for (i = 0; i < sk_X509_num(certs); i++) {
- X509 *tmpcert = sk_X509_value(certs, i);
- if (!OCSP_basic_add1_cert(brsp, tmpcert))
- goto err;
- }
}
rid = &brsp->tbsResponseData.responderId;
* Right now, I think that not doing double hashing is the right thing.
* -- Richard Levitte
*/
-
if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0))
goto err;
int ossl_x509_add_cert_new(STACK_OF(X509) **p_sk, X509 *cert, int flags)
{
- if (*p_sk == NULL
- && (*p_sk = sk_X509_new_null()) == NULL) {
+ if (*p_sk == NULL && (*p_sk = sk_X509_new_null()) == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
return 0;
}
}
int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags)
-/* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */
+/* compiler would allow 'const' for the certs, yet they may get up-ref'ed */
{
if (sk == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs,
int flags)
-/* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */
+/* compiler would allow 'const' for the certs, yet they may get up-ref'ed */
{
int n = sk_X509_num(certs /* may be NULL */);
int i;
projects / thirdparty / openssl.git / commitdiff
