From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 13 Nov 2014 08:52:43 +0000 (+0100)
Subject: Added flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked
X-Git-Tag: gnutls_3_4_0~637
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8306d4e9539f1cd97c654b8405bf20ea9eb116ab;p=thirdparty%2Fgnutls.git

Added flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked
---

diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index c5c1a86998..5aabce0f33 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -741,13 +741,17 @@ int gnutls_load_file(const char *filename, gnutls_datum_t * data)
 /**
  * gnutls_ocsp_status_request_is_checked:
  * @session: is a gnutls session
- * @flags: should be zero
+ * @flags: should be zero or %GNUTLS_OCSP_SR_IS_AVAIL
  *
  * Check whether an OCSP status response was included in the handshake
  * and whether it was checked and valid (not too old or superseded). 
  * This is a helper function when needing to decide whether to perform an
- * OCSP validity check on the peer's certificate. Must be called after
- * gnutls_certificate_verify_peers3() is called.
+ * OCSP validity check on the peer's certificate. Should be called after
+ * any of gnutls_certificate_verify_peers*() are called.
+ *
+ * If the flag %GNUTLS_OCSP_SR_IS_AVAIL is specified, the return
+ * value of the function indicates whether an OCSP status response have
+ * been received (even if invalid).
  *
  * Returns: non zero it was valid, or a zero if it wasn't sent,
  * or sent and was invalid.
@@ -756,6 +760,18 @@ int
 gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
 				      unsigned int flags)
 {
+	int ret;
+	gnutls_datum_t data;
+
+	if (flags & GNUTLS_OCSP_SR_IS_AVAIL) {
+		ret = gnutls_ocsp_status_request_get(session, &data);
+		if (ret < 0)
+			return gnutls_assert_val(0);
+
+		if (data.data == NULL)
+			return gnutls_assert_val(0);
+		return 1;
+	}
 	return session->internals.ocsp_check_ok;
 }
 
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index d017c79345..31facadd99 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1469,6 +1469,7 @@ int gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
 int gnutls_ocsp_status_request_get(gnutls_session_t session,
 				   gnutls_datum_t * response);
 
+#define GNUTLS_OCSP_SR_IS_AVAIL 1
 int gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
 					  unsigned int flags);
 
diff --git a/src/common.c b/src/common.c
index 9c700a7a7a..59fe728938 100644
--- a/src/common.c
+++ b/src/common.c
@@ -562,7 +562,7 @@ int print_info(gnutls_session_t session, int verbose, int print_cert)
 		printf(" safe renegotiation,");
 	if (gnutls_session_etm_status(session)!=0)
 		printf(" EtM,");
-	if (gnutls_ocsp_status_request_is_checked(session, 0)!=0)
+	if (gnutls_ocsp_status_request_is_checked(session, GNUTLS_OCSP_SR_IS_AVAIL)!=0)
 		printf(" OCSP status request,");
 	printf("\n");