Backport certificate status request TLS extension support to 0.9.8.

2 files changed, 25 insertions, 0 deletions

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 3dba0557b8..ac171ca940 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -473,6 +473,30 @@ STACK *X509_get1_email(X509 *x)
 	return ret;
 }
 
+STACK *X509_get1_ocsp(X509 *x)
+{
+	AUTHORITY_INFO_ACCESS *info;
+	STACK *ret = NULL;
+	int i;
+	info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
+	if (!info)
+		return NULL;
+	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
+		{
+		ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
+		if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
+			{
+			if (ad->location->type == GEN_URI)
+				{
+				if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
+					break;
+				}
+			}
+		}
+	AUTHORITY_INFO_ACCESS_free(info);
+	return ret;
+}
+
 STACK *X509_REQ_get1_email(X509_REQ *x)
 {
 	GENERAL_NAMES *gens;
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 91d2fb5b8b..db2b0482c1 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -617,6 +617,7 @@ int X509_PURPOSE_get_id(X509_PURPOSE *);
 STACK *X509_get1_email(X509 *x);
 STACK *X509_REQ_get1_email(X509_REQ *x);
 void X509_email_free(STACK *sk);
+STACK *X509_get1_ocsp(X509 *x);
 
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);