diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2001-02-04 03:04:43 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2001-02-04 03:04:43 +0000 |
| commit | 2b916952a8de5b1197169801925dad74aa3360cd (patch) | |
| tree | 3da79abd19c83d3b089374ec34a048bf1711a55e /crypto/ocsp/ocsp_cl.c | |
| parent | 02e4fbed3d256f4f1fffff84f307a336b50fae1f (diff) | |
Fix ASN1_TIME_to_generlizedtime().
Add protoype for OCSP_response_create().
Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
Diffstat (limited to 'crypto/ocsp/ocsp_cl.c')
| -rw-r--r-- | crypto/ocsp/ocsp_cl.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 34c3969bcc..7b3e742e4a 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -148,22 +148,31 @@ int OCSP_request_sign(OCSP_REQUEST *req, OCSP_SIGNATURE *sig; X509 *x; - if (signer && - !OCSP_request_set1_name(req, X509_get_subject_name(signer))) + if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) goto err; if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err; if (!dgst) dgst = EVP_sha1(); - if (key && !OCSP_REQUEST_sign(req, key, dgst)) goto err; + if (key) + { + if (!X509_check_private_key(signer, key)) + { + OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + goto err; + } + if (!OCSP_REQUEST_sign(req, key, dgst)) goto err; + } + if (!(flags & OCSP_NOCERTS)) { - if (!OCSP_request_add1_cert(req, signer)) goto err; - for (i = 0; i < sk_X509_num(certs); i++) + if(!OCSP_request_add1_cert(req, signer)) goto err; + for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); if (!OCSP_request_add1_cert(req, x)) goto err; } } + return 1; err: OCSP_SIGNATURE_free(req->optionalSignature); |