Add OCSP accessors.
RT#4605 Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
e99ab8ffd7
commit
02fb7cfeb2
3 changed files with 41 additions and 0 deletions
|
|
@ -191,6 +191,29 @@ ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs)
|
|||
return bs->tbsResponseData.producedAt;
|
||||
}
|
||||
|
||||
const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
|
||||
{
|
||||
return bs->certs;
|
||||
}
|
||||
|
||||
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
|
||||
const ASN1_OCTET_STRING **pid,
|
||||
const X509_NAME **pname)
|
||||
|
||||
{
|
||||
const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
|
||||
if (rid->type == V_OCSP_RESPID_NAME) {
|
||||
*pname = rid->value.byName;
|
||||
*pid = NULL;
|
||||
} else if (rid->type == V_OCSP_RESPID_KEY) {
|
||||
*pid = rid->value.byKey;
|
||||
*pname = NULL;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Look single response matching a given certificate ID */
|
||||
|
||||
int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
|
||||
|
|
|
|||
|
|
@ -27,6 +27,12 @@ OCSP_single_get0_status, OCSP_check_validity
|
|||
|
||||
ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* single);
|
||||
|
||||
const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
|
||||
|
||||
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
|
||||
const ASN1_OCTET_STRING **pid,
|
||||
const X509_NAME **pname);
|
||||
|
||||
int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
|
||||
ASN1_GENERALIZEDTIME *nextupd,
|
||||
long sec, long maxsec);
|
||||
|
|
@ -61,6 +67,13 @@ B<*revtime>, B<*thisupd> and B<*nextupd>.
|
|||
OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the
|
||||
single response B<bs>.
|
||||
|
||||
OCSP_resp_get0_certs() returns any certificates included in B<bs>.
|
||||
|
||||
OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is
|
||||
a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
|
||||
responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
|
||||
is set to NULL.
|
||||
|
||||
OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
|
||||
which will be typically obtained from OCSP_resp_find_status() or
|
||||
OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds
|
||||
|
|
|
|||
|
|
@ -213,6 +213,11 @@ ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs);
|
|||
int OCSP_resp_count(OCSP_BASICRESP *bs);
|
||||
OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
|
||||
ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs);
|
||||
const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
|
||||
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
|
||||
const ASN1_OCTET_STRING **pid,
|
||||
const X509_NAME **pname);
|
||||
|
||||
int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
|
||||
int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
|
||||
ASN1_GENERALIZEDTIME **revtime,
|
||||
|
|
|
|||
Loading…
Reference in a new issue