int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp);
int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
gnutls_datum_t * dn);
+int
+gnutls_ocsp_resp_get_responder_by_key(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * id);
+
time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp);
int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
unsigned indx,
* "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
* will be ASCII or UTF-8 encoded, depending on the certificate data.
*
+ * If the responder ID is not a name but a hash, this function
+ * will return a @dn that has %NULL data.
+ *
* The caller needs to deallocate memory by calling gnutls_free() on
* @dn->data.
*
return GNUTLS_E_SUCCESS;
}
+/**
+ * gnutls_ocsp_resp_get_responder_by_key:
+ * @resp: should contain a #gnutls_ocsp_resp_t structure
+ * @id: newly allocated buffer with ID
+ *
+ * This function will extract the key ID of the Basic OCSP Response in
+ * the provided buffer. If the responder ID is not a key ID then
+ * this function will return %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE.
+ *
+ * The caller needs to deallocate memory by calling gnutls_free() on
+ * @dn->data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error code is returned.
+ **/
+int
+gnutls_ocsp_resp_get_responder_by_key(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * id)
+{
+ int ret;
+
+ if (resp == NULL || id == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_read_value(resp->basicresp, "tbsResponseData.responderID.byKey", id);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return ret;
+}
+
/**
* gnutls_ocsp_resp_get_produced:
* @resp: should contain a #gnutls_ocsp_resp_t structure
{
gnutls_datum_t dn;
- /* XXX byKey */
-
ret = gnutls_ocsp_resp_get_responder(resp, &dn);
- if (ret < 0)
- addf(str, "error: get_dn: %s\n",
- gnutls_strerror(ret));
- else {
- addf(str, _("\tResponder ID: %.*s\n"), dn.size,
- dn.data);
- gnutls_free(dn.data);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ ret = gnutls_ocsp_resp_get_responder_by_key(resp, &dn);
+
+ if (ret >= 0) {
+ addf(str, _("\tResponder Key ID: "));
+ _gnutls_buffer_hexprint(str, dn.data, dn.size);
+ adds(str, "\n");
+ }
+ gnutls_free(dn.data);
+ } else {
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(ret));
+ }
+ } else {
+ if (dn.data != NULL) {
+ addf(str, _("\tResponder ID: %.*s\n"), dn.size,
+ dn.data);
+ gnutls_free(dn.data);
+ }
}
}