]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added gnutls_ocsp_resp_verify() and some sign fixes.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 28 Jan 2012 17:55:55 +0000 (18:55 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 28 Jan 2012 18:55:14 +0000 (19:55 +0100)
lib/auth/cert.h
lib/includes/gnutls/ocsp.h
lib/libgnutls.map
lib/openpgp/openpgp_int.h
lib/x509/ocsp.c
lib/x509/ocsp_output.c

index b0931fb9f8e3fbaa43959c4a905e489557695993..55ff0bdf3c6c5e2c2b4b50c4a69db0efa7f07b6b 100644 (file)
@@ -24,8 +24,8 @@
 #define AUTH_CERT_H
 #include "gnutls_auth.h"
 #include <auth/dh_common.h>
-#include "x509/x509_int.h"
-#include "openpgp/openpgp_int.h"
+#include <x509/x509_int.h>
+#include <openpgp/openpgp_int.h>
 #include <gnutls/abstract.h>
 #include <gnutls/compat.h>
 #include <gnutls_str_array.h>
index 89eb673f7564ee8dd8ab806bb70ad5bc25be99ef..f2703c0655a0a068bf9d2282e22d814463593b8f 100644 (file)
@@ -220,11 +220,11 @@ extern "C"
                                   gnutls_datum_t *issuer_name_hash,
                                   gnutls_datum_t *issuer_key_hash,
                                   gnutls_datum_t *serial_number,
-                                  int *cert_status,
+                                  unsigned int *cert_status,
                                   time_t *this_update,
                                   time_t *next_update,
                                   time_t *revocation_time,
-                                  int *revocation_reason);
+                                  unsigned int *revocation_reason);
   int gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp,
                                      unsigned indx,
                                      gnutls_datum_t *oid,
@@ -243,11 +243,15 @@ extern "C"
   int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
                                      gnutls_x509_crt_t signercert,
                                      unsigned *verify,
-                                     int flags);
+                                     unsigned int flags);
   int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
                               gnutls_x509_trust_list_t trustlist,
                               unsigned *verify,
-                              int flags);
+                              unsigned int flags);
+  int gnutls_ocsp_resp_verify_cred (gnutls_ocsp_resp_t resp,
+                        gnutls_certificate_credentials_t cred,
+                        unsigned *verify,
+                        unsigned int flags);
 
 #ifdef __cplusplus
 }
index 40765f8d54d64dda061200eaf298b7e550526b1c..98afb7456b3e131a90f90a8c2ea1d7f52e2c0d68 100644 (file)
@@ -773,6 +773,7 @@ GNUTLS_3_0_0 {
        gnutls_priority_ecc_curve_list;
        gnutls_verify_stored_pubkey;
        gnutls_store_pubkey;
+       gnutls_ocsp_resp_verify_cred;
 } GNUTLS_2_12;
 
 GNUTLS_PRIVATE {
index c412e1ed9bd1ed036700c4ef76d4e09fe5aecc31..9f6b3a5212691dec415c6dcb5f4c3d952e797a25 100644 (file)
@@ -29,7 +29,7 @@
 
 #ifdef ENABLE_OPENPGP
 
-#include <opencdk.h>
+#include <opencdk/opencdk.h>
 #include <gnutls/openpgp.h>
 
 #define KEYID_IMPORT(dst, src) { \
index 732a99e04cd23f317c93af1f071fdae5a5a4867e..aa7ba492406f64857258f650b6ccaad4f1b7ede5 100644 (file)
@@ -32,6 +32,7 @@
 #include "verify-high.h"
 
 #include <gnutls/ocsp.h>
+#include <auth/cert.h>
 
 typedef struct gnutls_ocsp_req_int
 {
@@ -1331,11 +1332,11 @@ gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
                             gnutls_datum_t *issuer_name_hash,
                             gnutls_datum_t *issuer_key_hash,
                             gnutls_datum_t *serial_number,
-                            int *cert_status,
+                            unsigned int *cert_status,
                             time_t *this_update,
                             time_t *next_update,
                             time_t *revocation_time,
-                            int *revocation_reason)
+                            unsigned int *revocation_reason)
 {
   gnutls_datum_t sa;
   char name[ASN1_MAX_NAME_SIZE];
@@ -1937,8 +1938,8 @@ find_signercert (gnutls_ocsp_resp_t resp)
 int
 gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
                                gnutls_x509_crt_t signercert,
-                               unsigned *verify,
-                               int flags)
+                               unsigned int *verify,
+                               unsigned int flags)
 {
   gnutls_datum_t sig = { NULL };
   gnutls_datum_t data = { NULL };
@@ -2039,8 +2040,8 @@ gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
 int
 gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
                         gnutls_x509_trust_list_t trustlist,
-                        unsigned *verify,
-                        int flags)
+                        unsigned int *verify,
+                        unsigned int flags)
 {
   gnutls_x509_crt_t signercert = NULL;
   int rc;
@@ -2158,3 +2159,25 @@ gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
 
   return rc;
 }
+
+/**
+ * gnutls_ocsp_resp_verify_cred:
+ * @resp: should contain a #gnutls_ocsp_resp_t structure
+ * @trustlist: the certificate credentials structure
+ * @verify: output variable with verification status, an #gnutls_ocsp_cert_status_t
+ * @flags: verification flags, 0 for now.
+ *
+ * This function is identical to gnutls_ocsp_resp_verify() but would
+ * use the trusted anchors from the certificate credentials structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value.
+ **/
+int
+gnutls_ocsp_resp_verify_cred (gnutls_ocsp_resp_t resp,
+                        gnutls_certificate_credentials_t cred,
+                        unsigned int*verify,
+                        unsigned int flags)
+{
+  return gnutls_ocsp_resp_verify( resp, cred->tlist, verify, flags);
+}
index 0a0601fee3a3872030970ef350c4ce16a27e774f..737b227a37828b90ad8e877cf07f8333b3baad05 100644 (file)
@@ -321,11 +321,11 @@ print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
     {
       gnutls_digest_algorithm_t digest;
       gnutls_datum_t in, ik, sn;
-      int cert_status;
+      unsigned int cert_status;
       time_t this_update;
       time_t next_update;
       time_t revocation_time;
-      int revocation_reason;
+      unsigned int revocation_reason;
 
       ret = gnutls_ocsp_resp_get_single (resp,
                                         indx,