diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-04-26 18:30:45 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-12 13:54:37 +0200 |
commit | eeccc237239d6f2b6fbc557be7062bfe2ab836be (patch) | |
tree | 888f18ed5067404a0703b62f94a263317109f5be /crypto/ocsp | |
parent | e3efe7a53299dff3cd2222542b6a999b1360d626 (diff) |
Introduce X509_add_cert[s] simplifying various additions to cert lists
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12615)
Diffstat (limited to 'crypto/ocsp')
-rw-r--r-- | crypto/ocsp/ocsp_cl.c | 9 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_local.h | 2 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_srv.c | 9 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 9 |
4 files changed, 7 insertions, 22 deletions
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 95b16dce55..f45bf1d6dc 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -81,14 +81,7 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) return 0; if (cert == NULL) return 1; - if (sig->certs == NULL - && (sig->certs = sk_X509_new_null()) == NULL) - return 0; - - if (!sk_X509_push(sig->certs, cert)) - return 0; - X509_up_ref(cert); - return 1; + return X509_add_cert_new(&sig->certs, cert, X509_ADD_FLAG_UP_REF); } /* diff --git a/crypto/ocsp/ocsp_local.h b/crypto/ocsp/ocsp_local.h index 3ae337faeb..d354197d4b 100644 --- a/crypto/ocsp/ocsp_local.h +++ b/crypto/ocsp/ocsp_local.h @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "crypto/x509.h" /* for X509_add_cert_new() */ + /*- CertID ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * issuerNameHash OCTET STRING, -- Hash of Issuer's DN diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 3cfe3649cc..d20a714855 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -162,14 +162,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) { - if (resp->certs == NULL - && (resp->certs = sk_X509_new_null()) == NULL) - return 0; - - if (!sk_X509_push(resp->certs, cert)) - return 0; - X509_up_ref(cert); - return 1; + return X509_add_cert_new(&resp->certs, cert, X509_ADD_FLAG_UP_REF); } /* diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 0dccb24eb5..33cd236af7 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -67,16 +67,13 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } if (!(flags & OCSP_NOVERIFY)) { int init_res; + if (flags & OCSP_NOCHAIN) { untrusted = NULL; } else if (bs->certs && certs) { untrusted = sk_X509_dup(bs->certs); - for (i = 0; i < sk_X509_num(certs); i++) { - if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); - goto f_err; - } - } + if (!X509_add_certs(untrusted, certs, X509_ADD_FLAG_DEFAULT)) + goto f_err; } else if (certs != NULL) { untrusted = certs; } else { |