New function to copy nonce values from OCSP
request to response.
This commit is contained in:
parent
4978361212
commit
26e083ccb7
3 changed files with 21 additions and 12 deletions
4
CHANGES
4
CHANGES
|
@ -3,6 +3,10 @@
|
||||||
|
|
||||||
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
|
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
|
||||||
|
|
||||||
|
*) New function OCSP_copy_nonce() to copy nonce value (if present) from
|
||||||
|
request to response.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) Functions for OCSP responders. OCSP_request_onereq_count(),
|
*) Functions for OCSP responders. OCSP_request_onereq_count(),
|
||||||
OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
|
OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
|
||||||
extract information from a certificate request. OCSP_response_create()
|
extract information from a certificate request. OCSP_response_create()
|
||||||
|
|
|
@ -412,11 +412,12 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
|
||||||
ASN1_BIT_STRING* issuerKey,
|
ASN1_BIT_STRING* issuerKey,
|
||||||
ASN1_INTEGER *serialNumber);
|
ASN1_INTEGER *serialNumber);
|
||||||
|
|
||||||
OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim);
|
|
||||||
|
|
||||||
OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
|
OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
|
||||||
|
|
||||||
int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
|
int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
|
||||||
int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
|
int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
|
||||||
|
int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
|
||||||
|
|
||||||
int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
|
int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
|
||||||
int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
|
int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
|
||||||
|
|
||||||
|
|
|
@ -371,16 +371,20 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len)
|
/* Copy the nonce value (if any) from an OCSP request to
|
||||||
{
|
* a response.
|
||||||
X509_EXTENSION *x=NULL;
|
*/
|
||||||
if (!(x = X509_EXTENSION_new())) goto err;
|
|
||||||
if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_Nonce))) goto err;
|
int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
|
||||||
if (!(ASN1_OCTET_STRING_set(x->value, p, len))) goto err;
|
{
|
||||||
return x;
|
X509_EXTENSION *req_ext;
|
||||||
err:
|
int req_idx;
|
||||||
if (x) X509_EXTENSION_free(x);
|
/* Check for nonce in request */
|
||||||
return NULL;
|
req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
|
||||||
|
/* If no nonce that's OK */
|
||||||
|
if (req_idx < 0) return 2;
|
||||||
|
req_ext = OCSP_REQUEST_get_ext(req, req_idx);
|
||||||
|
return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
|
X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
|
||||||
|
|
Loading…
Reference in a new issue