Additional functionality in ocsp utility: print summary

of status info. Check nonce values. Option to disable
verify. Update usage message.

Rename status to string functions and make them global.

3 files changed, 15 insertions, 8 deletions

diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
index ef36ba9910..0c643e1a88 100644
--- a/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
@@ -100,6 +100,8 @@ typedef struct ocsp_cert_id_st
 	ASN1_INTEGER *serialNumber;
 	} OCSP_CERTID;
 
+DECLARE_STACK_OF(OCSP_CERTID)
+
 /*   Request ::=     SEQUENCE {
  *       reqCert                    CertID,
  *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
@@ -538,6 +540,10 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
 
+char *OCSP_response_status_str(long s);
+char *OCSP_cert_status_str(long s);
+char *OCSP_crl_reason_str(long s);
+
 int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
 int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
 
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index fc63183517..4b7bc28769 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -97,7 +97,7 @@ static char *table2string(long s, OCSP_TBLSTR *ts, int len)
 	return "(UNKNOWN)";
 }
 
-static char* ocspResponseStatus2string(long s)
+char *OCSP_response_status_str(long s)
         {
 	static OCSP_TBLSTR rstat_tbl[] = {
 	        { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
@@ -109,7 +109,7 @@ static char* ocspResponseStatus2string(long s)
 	return table2string(s, rstat_tbl, 6);
 	} 
 
-static char* ocspCertStatus2string(long s)
+char *OCSP_cert_status_str(long s)
         {
 	static OCSP_TBLSTR cstat_tbl[] = {
 	        { V_OCSP_CERTSTATUS_GOOD, "good" },
@@ -118,7 +118,7 @@ static char* ocspCertStatus2string(long s)
 	return table2string(s, cstat_tbl, 3);
 	} 
 
-static char * cRLReason2string(long s)
+char *OCSP_crl_reason_str(long s)
         {
 	OCSP_TBLSTR reason_tbl[] = {
 	  { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
@@ -195,7 +195,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 	if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
 	l=ASN1_ENUMERATED_get(o->responseStatus);
 	if (BIO_printf(bp,"    OCSP Response Status: %s (0x%x)\n",
-		       ocspResponseStatus2string(l), l) <= 0) goto err;
+		       OCSP_response_status_str(l), l) <= 0) goto err;
 	if (rb == NULL) return 1;
         if (BIO_puts(bp,"    Response Type: ") <= 0)
 	        goto err;
@@ -237,8 +237,8 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 		cid = single->certId;
 		if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
 		cst = single->certStatus;
-		if (BIO_printf(bp,"\n    Cert Status: %s",
-			       ocspCertStatus2string(cst->type)) <= 0)
+		if (BIO_printf(bp,"    Cert Status: %s",
+			       OCSP_cert_status_str(cst->type)) <= 0)
 		        goto err;
 		if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
 		        {
@@ -253,7 +253,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 				l=ASN1_ENUMERATED_get(rev->revocationReason);
 				if (BIO_printf(bp, 
 					 "\n    Revocation Reason: %s (0x%x)",
-					       cRLReason2string(l), l) <= 0)
+					       OCSP_crl_reason_str(l), l) <= 0)
 				        goto err;
 				}
 			}
@@ -271,6 +271,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 					"Response Single Extensions",
 					single->singleExtensions, flags, 8))
 							goto err;
+		if (!BIO_write(bp,"\n",1)) goto err;
 		}
 	if (!X509V3_extensions_print(bp, "Response Extensions",
 					rd->responseExtensions, flags, 4))
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index b656609ee8..8868c980cb 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -144,7 +144,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
 
 	end:
 	if(chain) sk_X509_pop_free(chain, X509_free);
-	return 1;
+	return ret;
 	}