Generalise OCSP I/O functions to support dowloading of other ASN1

structures using HTTP. Add wrapper function to handle CRL download.

2 files changed, 9 insertions, 0 deletions

diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index e86a7fd744..78c18666af 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -666,6 +666,7 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
 
 int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index b94aeeb873..e62cd31394 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include <openssl/ocsp.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -127,6 +128,13 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
 		x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
 	}
 
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
+	{
+	return OCSP_REQ_CTX_nbio_d2i(rctx,
+				(ASN1_VALUE **)pcrl, ASN1_ITEM_rptr(X509_CRL));
+	}
+
+
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
 	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,