Add support for the noCheck OCSP extension. This is

just a NULL and appears in a certificate.
author: Dr. Stephen Henson <steve@openssl.org> 2000-12-16 01:58:58 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2000-12-16 01:58:58 +0000
commit: f1a6a0d4ddbeb9470d2b03e447466997729c2aac (patch)
tree: 97a95564ad404bf329d32016bfac7df079799618 /crypto/x509v3
parent: 9c67ab2f26bb6d4a6955406d028a79e763223849 (diff)
2 files changed, 24 insertions, 1 deletions
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index 8bf8c7aa35..98e1c599ec 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -62,7 +62,7 @@ extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern X509V3_EXT_METHOD v3_ocsp_crlid;
+extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck;
 
 /* This table will be searched using OBJ_bsearch so it *must* kept in
  * order of the ext_nid values.
@@ -94,6 +94,7 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_ocsp_nonce,
 &v3_ocsp_crlid,
 &v3_ocsp_accresp,
+&v3_ocsp_nocheck,
 &v3_ocsp_acutoff
 };
 
diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
index 7df71f225a..6a7e6ac31b 100644
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -75,6 +75,9 @@ static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
 static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
 
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+
 X509V3_EXT_METHOD v3_ocsp_crlid = {
 	NID_id_pkix_OCSP_CrlID, 0, &OCSP_CRLID_it,
 	0,0,0,0,
@@ -105,6 +108,15 @@ X509V3_EXT_METHOD v3_ocsp_nonce = {
 	NULL
 };
 
+X509V3_EXT_METHOD v3_ocsp_nocheck = {
+	NID_id_pkix_OCSP_noCheck, 0, &ASN1_NULL_it,
+	0,0,0,0,
+	0,s2i_ocsp_nocheck,
+	0,0,
+	i2r_ocsp_nocheck,0,
+	NULL
+};
+
 static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
 {
 	OCSP_CRLID *a = in;
@@ -189,4 +201,14 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
 	return 1;
 }
 
+/* Nocheck is just a single NULL. Don't print anything and always set it */
 
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+{
+	return 1;
+}
+
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
+{
+	return ASN1_NULL_new();
+}
author	Dr. Stephen Henson <steve@openssl.org>	2000-12-16 01:58:58 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2000-12-16 01:58:58 +0000
commit	f1a6a0d4ddbeb9470d2b03e447466997729c2aac (patch)
tree	97a95564ad404bf329d32016bfac7df079799618 /crypto/x509v3
parent	9c67ab2f26bb6d4a6955406d028a79e763223849 (diff)