From: Nikos Mavrogiannopoulos Date: Sat, 28 Jan 2012 17:55:55 +0000 (+0100) Subject: Added gnutls_ocsp_resp_verify() and some sign fixes. X-Git-Tag: gnutls_3_0_13~166 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=efaa2ee176568fcd009ff2ca9daa1b7fdac4c491;p=thirdparty%2Fgnutls.git Added gnutls_ocsp_resp_verify() and some sign fixes. --- diff --git a/lib/auth/cert.h b/lib/auth/cert.h index b0931fb9f8..55ff0bdf3c 100644 --- a/lib/auth/cert.h +++ b/lib/auth/cert.h @@ -24,8 +24,8 @@ #define AUTH_CERT_H #include "gnutls_auth.h" #include -#include "x509/x509_int.h" -#include "openpgp/openpgp_int.h" +#include +#include #include #include #include diff --git a/lib/includes/gnutls/ocsp.h b/lib/includes/gnutls/ocsp.h index 89eb673f75..f2703c0655 100644 --- a/lib/includes/gnutls/ocsp.h +++ b/lib/includes/gnutls/ocsp.h @@ -220,11 +220,11 @@ extern "C" gnutls_datum_t *issuer_name_hash, gnutls_datum_t *issuer_key_hash, gnutls_datum_t *serial_number, - int *cert_status, + unsigned int *cert_status, time_t *this_update, time_t *next_update, time_t *revocation_time, - int *revocation_reason); + unsigned int *revocation_reason); int gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp, unsigned indx, gnutls_datum_t *oid, @@ -243,11 +243,15 @@ extern "C" int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, gnutls_x509_crt_t signercert, unsigned *verify, - int flags); + unsigned int flags); int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, gnutls_x509_trust_list_t trustlist, unsigned *verify, - int flags); + unsigned int flags); + int gnutls_ocsp_resp_verify_cred (gnutls_ocsp_resp_t resp, + gnutls_certificate_credentials_t cred, + unsigned *verify, + unsigned int flags); #ifdef __cplusplus } diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 40765f8d54..98afb7456b 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -773,6 +773,7 @@ GNUTLS_3_0_0 { gnutls_priority_ecc_curve_list; gnutls_verify_stored_pubkey; gnutls_store_pubkey; + gnutls_ocsp_resp_verify_cred; } GNUTLS_2_12; GNUTLS_PRIVATE { diff --git a/lib/openpgp/openpgp_int.h b/lib/openpgp/openpgp_int.h index c412e1ed9b..9f6b3a5212 100644 --- a/lib/openpgp/openpgp_int.h +++ b/lib/openpgp/openpgp_int.h @@ -29,7 +29,7 @@ #ifdef ENABLE_OPENPGP -#include +#include #include #define KEYID_IMPORT(dst, src) { \ diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 732a99e04c..aa7ba49240 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -32,6 +32,7 @@ #include "verify-high.h" #include +#include typedef struct gnutls_ocsp_req_int { @@ -1331,11 +1332,11 @@ gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp, gnutls_datum_t *issuer_name_hash, gnutls_datum_t *issuer_key_hash, gnutls_datum_t *serial_number, - int *cert_status, + unsigned int *cert_status, time_t *this_update, time_t *next_update, time_t *revocation_time, - int *revocation_reason) + unsigned int *revocation_reason) { gnutls_datum_t sa; char name[ASN1_MAX_NAME_SIZE]; @@ -1937,8 +1938,8 @@ find_signercert (gnutls_ocsp_resp_t resp) int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, gnutls_x509_crt_t signercert, - unsigned *verify, - int flags) + unsigned int *verify, + unsigned int flags) { gnutls_datum_t sig = { NULL }; gnutls_datum_t data = { NULL }; @@ -2039,8 +2040,8 @@ gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, gnutls_x509_trust_list_t trustlist, - unsigned *verify, - int flags) + unsigned int *verify, + unsigned int flags) { gnutls_x509_crt_t signercert = NULL; int rc; @@ -2158,3 +2159,25 @@ gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, return rc; } + +/** + * gnutls_ocsp_resp_verify_cred: + * @resp: should contain a #gnutls_ocsp_resp_t structure + * @trustlist: the certificate credentials structure + * @verify: output variable with verification status, an #gnutls_ocsp_cert_status_t + * @flags: verification flags, 0 for now. + * + * This function is identical to gnutls_ocsp_resp_verify() but would + * use the trusted anchors from the certificate credentials structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + **/ +int +gnutls_ocsp_resp_verify_cred (gnutls_ocsp_resp_t resp, + gnutls_certificate_credentials_t cred, + unsigned int*verify, + unsigned int flags) +{ + return gnutls_ocsp_resp_verify( resp, cred->tlist, verify, flags); +} diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c index 0a0601fee3..737b227a37 100644 --- a/lib/x509/ocsp_output.c +++ b/lib/x509/ocsp_output.c @@ -321,11 +321,11 @@ print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp, { gnutls_digest_algorithm_t digest; gnutls_datum_t in, ik, sn; - int cert_status; + unsigned int cert_status; time_t this_update; time_t next_update; time_t revocation_time; - int revocation_reason; + unsigned int revocation_reason; ret = gnutls_ocsp_resp_get_single (resp, indx,