diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-01-04 01:46:36 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-01-04 01:46:36 +0000 |
commit | bf0d176e48c6dd44c6cb3250d1e56d9d098f815a (patch) | |
tree | 199fe76e0938dd662f98fe7c8c5efd7438c09dbb /crypto/ocsp/ocsp_lib.c | |
parent | ec5add8784a2ffacd3391daae7937e04225da9da (diff) |
Update OCSP API.
Remove extensions argument from various functions
because it is not needed with the new extension
code.
New function OCSP_cert_to_id() to convert a pair
of certificates into an OCSP_CERTID.
New simple OCSP HTTP function. This is rather primitive
but just about adequate to send OCSP requests and
parse the response.
Fix typo in CRL distribution points extension.
Fix ASN1 code so it adds a final null to constructed
strings.
Diffstat (limited to 'crypto/ocsp/ocsp_lib.c')
-rw-r--r-- | crypto/ocsp/ocsp_lib.c | 60 |
1 files changed, 20 insertions, 40 deletions
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index be1ff96112..bddb5280ea 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -67,28 +67,24 @@ #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/x509v3.h> -#include <openssl/safestack.h> #include <openssl/ocsp.h> -static STACK_OF(X509_EXTENSION) *ext_dup(STACK_OF(X509_EXTENSION) *fr) - { - int i; - STACK_OF(X509_EXTENSION) *to = NULL; - - if (!(to = sk_X509_EXTENSION_dup(fr))) - goto err; - for (i = 0; i < sk_X509_EXTENSION_num(fr); i++) - { - sk_X509_EXTENSION_set(to, i, - X509_EXTENSION_dup(sk_X509_EXTENSION_value(fr, i))); - if (! sk_X509_EXTENSION_value(to, i)) - goto err; - } - return to; -err: - if (to) sk_X509_EXTENSION_pop_free(to, X509_EXTENSION_free); - return NULL; - } +/* Convert a certificate and its issuer to an OCSP_CERTID */ + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) +{ + X509_NAME *iname; + ASN1_INTEGER *serial; + ASN1_BIT_STRING *ikey; +#ifndef NO_SHA1 + if(!dgst) dgst = EVP_sha1(); +#endif + iname = X509_get_issuer_name(subject); + serial = X509_get_serialNumber(subject); + ikey = issuer->cert_info->key->public_key; + return OCSP_cert_id_new(dgst, iname, ikey, serial); +} + OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, @@ -166,8 +162,7 @@ err: return NULL; } -OCSP_REQUEST *OCSP_request_new(X509_NAME* name, - STACK_OF(X509_EXTENSION) *extensions) +OCSP_REQUEST *OCSP_request_new(X509_NAME* name) { OCSP_REQUEST *req = NULL; @@ -180,26 +175,19 @@ OCSP_REQUEST *OCSP_request_new(X509_NAME* name, req->tbsRequest->requestorName->d.dirn = X509_NAME_dup(name); } if (!(req->tbsRequest->requestList = sk_OCSP_ONEREQ_new(NULL))) goto err; - if (extensions && - (!(req->tbsRequest->requestExtensions = ext_dup(extensions)))) - goto err; return req; err: if (req) OCSP_REQUEST_free(req); return NULL; } -int OCSP_request_add(OCSP_REQUEST *req, - OCSP_CERTID *cid, - STACK_OF(X509_EXTENSION) *extensions) +int OCSP_request_add(OCSP_REQUEST *req, OCSP_CERTID *cid) { OCSP_ONEREQ *one = NULL; if (!(one = OCSP_ONEREQ_new())) goto err; if (one->reqCert) OCSP_CERTID_free(one->reqCert); if (!(one->reqCert = OCSP_CERTID_dup(cid))) goto err; - if (extensions&&(!(one->singleRequestExtensions=ext_dup(extensions)))) - goto err; if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err; return 1; err: @@ -238,9 +226,7 @@ err: return 0; } -OCSP_BASICRESP *OCSP_basic_response_new(int type, - X509* cert, - STACK_OF(X509_EXTENSION) *extensions) +OCSP_BASICRESP *OCSP_basic_response_new(int type, X509* cert) { time_t t; OCSP_RESPID *rid; @@ -281,9 +267,6 @@ OCSP_BASICRESP *OCSP_basic_response_new(int type, if (!(ASN1_GENERALIZEDTIME_set(rsp->tbsResponseData->producedAt, t))) goto err; if (!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new(NULL))) goto err; - if (extensions && (!(rsp->tbsResponseData->responseExtensions = - ext_dup(extensions)))) - goto err; return rsp; err: if (rsp) OCSP_BASICRESP_free(rsp); @@ -294,8 +277,7 @@ int OCSP_basic_response_add(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, OCSP_CERTSTATUS *cst, char *this, - char *next, - STACK_OF(X509_EXTENSION) *extensions) + char *next) { OCSP_SINGLERESP *single = NULL; @@ -312,8 +294,6 @@ int OCSP_basic_response_add(OCSP_BASICRESP *rsp, if (!ASN1_GENERALIZEDTIME_set_string(single->nextUpdate,next)) goto err; } - if (extensions && (!(single->singleExtensions = ext_dup(extensions)))) - goto err; if (!sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses,single)) goto err; return 1; err: |