Added flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked

diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index c5c1a86998da599fb1e46fe8b91643ddbf7813de..5aabce0f337e438c464449bf838fbebd42959885 100644 (file)
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -741,13 +741,17 @@ int gnutls_load_file(const char *filename, gnutls_datum_t * data)
 /**
  * gnutls_ocsp_status_request_is_checked:
  * @session: is a gnutls session
- * @flags: should be zero
+ * @flags: should be zero or %GNUTLS_OCSP_SR_IS_AVAIL
  *
  * Check whether an OCSP status response was included in the handshake
  * and whether it was checked and valid (not too old or superseded). 
  * This is a helper function when needing to decide whether to perform an
- * OCSP validity check on the peer's certificate. Must be called after
- * gnutls_certificate_verify_peers3() is called.
+ * OCSP validity check on the peer's certificate. Should be called after
+ * any of gnutls_certificate_verify_peers*() are called.
+ *
+ * If the flag %GNUTLS_OCSP_SR_IS_AVAIL is specified, the return
+ * value of the function indicates whether an OCSP status response have
+ * been received (even if invalid).
  *
  * Returns: non zero it was valid, or a zero if it wasn't sent,
  * or sent and was invalid.
@@ -756,6 +760,18 @@ int
 gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
                                      unsigned int flags)
 {
+       int ret;
+       gnutls_datum_t data;
+
+       if (flags & GNUTLS_OCSP_SR_IS_AVAIL) {
+               ret = gnutls_ocsp_status_request_get(session, &data);
+               if (ret < 0)
+                       return gnutls_assert_val(0);
+
+               if (data.data == NULL)
+                       return gnutls_assert_val(0);
+               return 1;
+       }
        return session->internals.ocsp_check_ok;
 }
 

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index d017c793456cdd1779ebc1fe580f1524ea691c61..31facadd993a258105190a3e3833ef63bd1c3e92 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1469,6 +1469,7 @@ int gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
 int gnutls_ocsp_status_request_get(gnutls_session_t session,
                                   gnutls_datum_t * response);
 
+#define GNUTLS_OCSP_SR_IS_AVAIL 1
 int gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
                                          unsigned int flags);
 

diff --git a/src/common.c b/src/common.c
index 9c700a7a7ac3d9a85e1572fa5e94ee3810d3c027..59fe728938c527248ba4a27b280f52ff742d6c7b 100644 (file)
--- a/src/common.c
+++ b/src/common.c
@@ -562,7 +562,7 @@ int print_info(gnutls_session_t session, int verbose, int print_cert)
                printf(" safe renegotiation,");
        if (gnutls_session_etm_status(session)!=0)
                printf(" EtM,");
-       if (gnutls_ocsp_status_request_is_checked(session, 0)!=0)
+       if (gnutls_ocsp_status_request_is_checked(session, GNUTLS_OCSP_SR_IS_AVAIL)!=0)
                printf(" OCSP status request,");
        printf("\n");