* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
X509_NAME* issuer;
STACK_OF(ACCESS_DESCRIPTION) *locator;
} OCSP_SERVICELOC;
-
+
#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
int OCSP_request_is_signed(OCSP_REQUEST *req);
OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid,
- int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd,
+ int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd,
ASN1_TIME *nextupd);
int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* OCSP_RESPONSE templates */
ASN1_SEQUENCE(OCSP_RESPBYTES) = {
- ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
- ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+ ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+ ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
ASN1_CHOICE(OCSP_RESPID) = {
- ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
- ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+ ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+ ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
} ASN1_CHOICE_END(OCSP_RESPID)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+ ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
ASN1_SEQUENCE(OCSP_SINGLERESP) = {
- ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
- ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
- ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+ ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+ ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+ ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+ ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
ASN1_SEQUENCE(OCSP_RESPDATA) = {
- ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
- ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
- ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
- ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+ ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+ ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+ ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+ ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(OCSP_RESPDATA)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
ASN1_SEQUENCE(OCSP_BASICRESP) = {
- ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
- ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+ ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+ ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
} ASN1_SEQUENCE_END(OCSP_BASICRESP)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
ASN1_SEQUENCE(OCSP_CRLID) = {
- ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
- ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
- ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+ ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+ ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+ ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
} ASN1_SEQUENCE_END(OCSP_CRLID)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* relevant information from the response.
*/
-/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
+/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
* pointer: useful if we want to add extensions.
*/
OCSP_ONEREQ *
if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
goto err;
return one;
+
err:
OCSP_ONEREQ_free(one);
return NULL;
req->tbsRequest->requestorName = gen;
return 1;
}
-
+
/* Add a certificate to an OCSP request */
int
OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
if (!sig->certs && !(sig->certs = sk_X509_new_null()))
return 0;
- if(!sk_X509_push(sig->certs, cert))
+ if (!sk_X509_push(sig->certs, cert))
return 0;
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
return 1;
}
if (!(flags & OCSP_NOCERTS)) {
- if(!OCSP_request_add1_cert(req, signer))
+ if (!OCSP_request_add1_cert(req, signer))
goto err;
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
}
return 1;
+
err:
OCSP_SIGNATURE_free(req->optionalSignature);
req->optionalSignature = NULL;
}
/* Extract status information from an OCSP_SINGLERESP structure.
- * Note: the revtime and reason values are only set if the
+ * Note: the revtime and reason values are only set if the
* certificate status is revoked. Returns numerical value of
* status.
*/
*revtime = rev->revocationTime;
if (reason) {
if (rev->revocationReason)
- *reason = ASN1_ENUMERATED_get(rev->revocationReason);
+ *reason = ASN1_ENUMERATED_get(
+ rev->revocationReason);
else
*reason = -1;
}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
-static ERR_STRING_DATA OCSP_str_functs[]=
- {
-{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
-{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
-{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
-{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
-{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
-{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},
-{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
-{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
-{0,NULL}
- };
+static ERR_STRING_DATA OCSP_str_functs[]= {
+ {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
+ {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
+ {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
+ {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
+ {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
+ {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
+ {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
+ {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
+ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
+ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},
+ {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
+ {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
+ {0, NULL}
+};
-static ERR_STRING_DATA OCSP_str_reasons[]=
- {
-{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"},
-{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"},
-{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
-{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
-{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"},
-{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
-{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
-{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"},
-{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
-{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"},
-{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"},
-{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"},
-{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"},
-{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"},
-{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
-{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"},
-{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
-{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"},
-{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"},
-{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"},
-{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
-{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"},
-{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
-{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"},
-{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
-{0,NULL}
- };
+static ERR_STRING_DATA OCSP_str_reasons[]= {
+ {ERR_REASON(OCSP_R_BAD_DATA) , "bad data"},
+ {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+ {ERR_REASON(OCSP_R_DIGEST_ERR) , "digest err"},
+ {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), "error in nextupdate field"},
+ {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), "error in thisupdate field"},
+ {ERR_REASON(OCSP_R_ERROR_PARSING_URL) , "error parsing url"},
+ {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), "missing ocspsigning usage"},
+ {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), "nextupdate before thisupdate"},
+ {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) , "not basic response"},
+ {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
+ {ERR_REASON(OCSP_R_NO_CONTENT) , "no content"},
+ {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) , "no public key"},
+ {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) , "no response data"},
+ {ERR_REASON(OCSP_R_NO_REVOKED_TIME) , "no revoked time"},
+ {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
+ {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) , "request not signed"},
+ {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), "response contains no revocation data"},
+ {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) , "root ca not trusted"},
+ {ERR_REASON(OCSP_R_SERVER_READ_ERROR) , "server read error"},
+ {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
+ {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), "server response parse error"},
+ {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) , "server write error"},
+ {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) , "signature failure"},
+ {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
+ {ERR_REASON(OCSP_R_STATUS_EXPIRED) , "status expired"},
+ {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) , "status not yet valid"},
+ {ERR_REASON(OCSP_R_STATUS_TOO_OLD) , "status too old"},
+ {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"},
+ {ERR_REASON(OCSP_R_UNKNOWN_NID) , "unknown nid"},
+ {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), "unsupported requestorname type"},
+ {0, NULL}
+};
#endif
-void ERR_load_OCSP_strings(void)
- {
+void
+ERR_load_OCSP_strings(void)
+{
#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,OCSP_str_functs);
- ERR_load_strings(0,OCSP_str_reasons);
- }
-#endif
+ if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, OCSP_str_functs);
+ ERR_load_strings(0, OCSP_str_reasons);
}
+#endif
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int
OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
{
- return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
- NULL;
+ return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex,
+ loc) != NULL;
}
/* Single extensions */
return X509v3_delete_ext(x->singleRequestExtensions, loc);
}
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+void *
+OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
}
OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
{
return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,
- nid ,lastpos);
+ nid, lastpos);
}
int
int
OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
{
- return X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,
- crit, lastpos);
+ return X509v3_get_ext_by_critical(
+ x->tbsResponseData->responseExtensions, crit, lastpos);
}
X509_EXTENSION *
if (i2d(data, &p) <= 0)
goto err;
} else if (sk) {
- if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,
+ if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
(I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
IS_SEQUENCE)) <= 0)
goto err;
if (!(b = p = malloc((unsigned int)i)))
goto err;
- if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,
- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
+ if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p,
+ (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
goto err;
} else {
OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
goto err;
free(b);
return s;
+
err:
free(b);
return NULL;
/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
* a random nonce will be generated.
- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
+ * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
* nonce, previous versions used the raw nonce.
*/
X509V3_ADD_REPLACE))
goto err;
ret = 1;
+
err:
free(os.data);
return ret;
X509_EXTENSION *req_ext, *resp_ext;
req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
- resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+ resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs,
+ NID_id_pkix_OCSP_Nonce, -1);
/* Check both absent */
if (req_idx < 0 && resp_idx < 0)
return 2;
return 1;
}
-/* Copy the nonce value (if any) from an OCSP request to
+/* Copy the nonce value (if any) from an OCSP request to
* a response.
*/
int
{
X509_EXTENSION *x = NULL;
OCSP_CRLID *cid = NULL;
-
+
if (!(cid = OCSP_CRLID_new()))
goto err;
if (url) {
if (tim) {
if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
goto err;
- if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+ if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
goto err;
}
x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
+
err:
if (cid)
OCSP_CRLID_free(cid);
goto err;
while (oids && *oids) {
if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&
- (o = OBJ_nid2obj(nid)))
+ (o = OBJ_nid2obj(nid)))
sk_ASN1_OBJECT_push(sk, o);
oids++;
}
x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
+
err:
if (sk)
sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
goto err;
x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
+
err:
if (gt)
ASN1_GENERALIZEDTIME_free(gt);
ASN1_IA5STRING *ia5 = NULL;
OCSP_SERVICELOC *sloc = NULL;
ACCESS_DESCRIPTION *ad = NULL;
-
+
if (!(sloc = OCSP_SERVICELOC_new()))
goto err;
if (!(sloc->issuer = X509_NAME_dup(issuer)))
urls++;
}
x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
+
err:
if (sloc)
OCSP_SERVICELOC_free(sloc);
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
return 0;
}
- /* Set end of response code and start of message */
+ /* Set end of response code and start of message */
*q++ = 0;
/* Attempt to parse numeric code */
case OHS_ASN1_WRITE:
n = BIO_get_mem_data(rctx->mem, &p);
i = BIO_write(rctx->io,
- p + (n - rctx->asn1_len), rctx->asn1_len);
+ p + (n - rctx->asn1_len), rctx->asn1_len);
if (i <= 0) {
if (BIO_should_retry(rctx->io))
return -1;
rctx->state = OHS_ASN1_CONTENT;
/* FALLTHROUGH */
-
+
case OHS_ASN1_CONTENT:
n = BIO_get_mem_data(rctx->mem, &p);
if (n < (int)rctx->asn1_len)
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
goto err;
}
- if (!(alg->algorithm=OBJ_nid2obj(nid)))
+ if (!(alg->algorithm = OBJ_nid2obj(nid)))
goto err;
- if ((alg->parameter=ASN1_TYPE_new()) == NULL)
+ if ((alg->parameter = ASN1_TYPE_new()) == NULL)
goto err;
- alg->parameter->type=V_ASN1_NULL;
+ alg->parameter->type = V_ASN1_NULL;
if (!X509_NAME_digest(issuerName, dgst, md, &i))
goto digerr;
goto err;
}
return cid;
+
digerr:
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
err:
/* Check for trailing part of path */
p = strchr(p, '/');
- if (!p)
+ if (!p)
*ppath = BUF_strdup("/");
else {
*ppath = BUF_strdup(p);
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
{
const OCSP_TBLSTR *p;
- for (p=ts; p < ts + len; p++)
+ for (p = ts; p < ts + len; p++)
if (p->t == s)
return p->m;
return "(UNKNOWN)";
OCSP_response_status_str(long s)
{
static const OCSP_TBLSTR rstat_tbl[] = {
- { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
- { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
- { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
- { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
- { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
- { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" }
+ { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
+ { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
+ { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
+ { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
+ { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
+ { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" }
};
return table2string(s, rstat_tbl, 6);
-}
+}
const char *
OCSP_cert_status_str(long s)
{
static const OCSP_TBLSTR cstat_tbl[] = {
- { V_OCSP_CERTSTATUS_GOOD, "good" },
- { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
- { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" }
+ { V_OCSP_CERTSTATUS_GOOD, "good" },
+ { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
+ { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" }
};
return table2string(s, cstat_tbl, 3);
-}
+}
const char *
OCSP_crl_reason_str(long s)
{
static const OCSP_TBLSTR reason_tbl[] = {
- { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
- { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
- { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
- { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
- { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
- { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
- { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
- { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" }
+ { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
+ { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
+ { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
+ { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
+ { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
+ { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
+ { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
+ { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" }
};
return table2string(s, reason_tbl, 8);
-}
+}
int
OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
OCSP_REQINFO *inf = o->tbsRequest;
OCSP_SIGNATURE *sig = o->optionalSignature;
- if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0)
+ if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
goto err;
l = ASN1_INTEGER_get(inf->version);
- if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0)
+ if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0)
goto err;
if (inf->requestorName != NULL) {
- if (BIO_write(bp,"\n Requestor Name: ",21) <= 0)
+ if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0)
goto err;
GENERAL_NAME_print(bp, inf->requestorName);
}
- if (BIO_write(bp,"\n Requestor List:\n",21) <= 0)
+ if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0)
goto err;
for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
one = sk_OCSP_ONEREQ_value(inf->requestList, i);
if (sig) {
X509_signature_print(bp, sig->signatureAlgorithm,
sig->signature);
- for (i=0; i<sk_X509_num(sig->certs); i++) {
- X509_print(bp, sk_X509_value(sig->certs,i));
- PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
+ for (i = 0; i < sk_X509_num(sig->certs); i++) {
+ X509_print(bp, sk_X509_value(sig->certs, i));
+ PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
}
}
return 1;
+
err:
return 0;
}
OCSP_SINGLERESP *single = NULL;
OCSP_RESPBYTES *rb = o->responseBytes;
- if (BIO_puts(bp,"OCSP Response Data:\n") <= 0)
+ if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
goto err;
l = ASN1_ENUMERATED_get(o->responseStatus);
- if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n",
+ if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n",
OCSP_response_status_str(l), l) <= 0)
goto err;
if (rb == NULL)
return 1;
- if (BIO_puts(bp," Response Type: ") <= 0)
+ if (BIO_puts(bp, " Response Type: ") <= 0)
goto err;
- if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+ if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
goto err;
if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
- BIO_puts(bp," (unknown response type)\n");
+ BIO_puts(bp, " (unknown response type)\n");
return 1;
}
goto err;
rd = br->tbsResponseData;
l = ASN1_INTEGER_get(rd->version);
- if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", l+1,l) <= 0)
+ if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0)
goto err;
- if (BIO_puts(bp," Responder Id: ") <= 0)
+ if (BIO_puts(bp, " Responder Id: ") <= 0)
goto err;
- rid = rd->responderId;
+ rid = rd->responderId;
switch (rid->type) {
case V_OCSP_RESPID_NAME:
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
break;
}
- if (BIO_printf(bp,"\n Produced At: ")<=0)
+ if (BIO_printf(bp, "\n Produced At: ")<=0)
goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
goto err;
- if (BIO_printf(bp,"\n Responses:\n") <= 0)
+ if (BIO_printf(bp, "\n Responses:\n") <= 0)
goto err;
for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
if (! sk_OCSP_SINGLERESP_value(rd->responses, i))
if (ocsp_certid_print(bp, cid, 4) <= 0)
goto err;
cst = single->certStatus;
- if (BIO_printf(bp," Cert Status: %s",
+ if (BIO_printf(bp, " Cert Status: %s",
OCSP_cert_status_str(cst->type)) <= 0)
goto err;
if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
rev = cst->value.revoked;
- if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
+ if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
goto err;
if (!ASN1_GENERALIZEDTIME_print(bp,
- rev->revocationTime))
+ rev->revocationTime))
goto err;
if (rev->revocationReason) {
l = ASN1_ENUMERATED_get(rev->revocationReason);
goto err;
}
}
- if (BIO_printf(bp,"\n This Update: ") <= 0)
+ if (BIO_printf(bp, "\n This Update: ") <= 0)
goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
+ if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
goto err;
if (single->nextUpdate) {
- if (BIO_printf(bp,"\n Next Update: ") <= 0)
+ if (BIO_printf(bp, "\n Next Update: ") <= 0)
goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
+ if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
goto err;
}
- if (BIO_write(bp,"\n",1) <= 0)
+ if (BIO_write(bp, "\n", 1) <= 0)
goto err;
if (!X509V3_extensions_print(bp, "Response Single Extensions",
single->singleExtensions, flags, 8))
goto err;
- if (BIO_write(bp,"\n",1) <= 0)
+ if (BIO_write(bp, "\n", 1) <= 0)
goto err;
}
if (!X509V3_extensions_print(bp, "Response Extensions",
for (i = 0; i < sk_X509_num(br->certs); i++) {
X509_print(bp, sk_X509_value(br->certs, i));
- PEM_write_bio_X509(bp,sk_X509_value(br->certs, i));
+ PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
}
ret = 1;
+
err:
OCSP_BASICRESP_free(br);
return ret;
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
&rsp->responseBytes->response))
goto err;
return rsp;
+
err:
if (rsp)
OCSP_RESPONSE_free(rsp);
goto err;
cs = single->certStatus;
- switch(cs->type = status) {
+ switch (cs->type = status) {
case V_OCSP_CERTSTATUS_REVOKED:
if (!revtime) {
OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,
if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
goto err;
if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
- goto err;
+ goto err;
if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
- if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
+ if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
goto err;
if (!(ASN1_ENUMERATED_set(ri->revocationReason,
reason)))
- goto err;
- }
+ goto err;
+ }
break;
case V_OCSP_CERTSTATUS_GOOD:
if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
goto err;
return single;
+
err:
OCSP_SINGLERESP_free(single);
return NULL;
goto err;
return 1;
+
err:
return 0;
}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include <string.h>
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
- STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags);
+ STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
- unsigned long flags);
+ unsigned long flags);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
- STACK_OF(OCSP_SINGLERESP) *sresp);
+ STACK_OF(OCSP_SINGLERESP) *sresp);
static int ocsp_check_delegated(X509 *x, int flags);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
- X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st,
- unsigned long flags);
+ X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st,
+ unsigned long flags);
/* Verify a basic response message */
int
if (!(flags & OCSP_NOVERIFY)) {
int init_res;
- if(flags & OCSP_NOCHAIN)
+ if (flags & OCSP_NOCHAIN)
init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
else
init_res = X509_STORE_CTX_init(&ctx, st, signer,
bs->certs);
if (!init_res) {
ret = -1;
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
goto end;
}
X509_verify_cert_error_string(i));
goto end;
}
- if(flags & OCSP_NOCHECKS) {
+ if (flags & OCSP_NOCHECKS) {
ret = 1;
goto end;
}
x = sk_X509_value(chain, sk_X509_num(chain) - 1);
if (X509_check_trust(x, NID_OCSP_sign, 0) !=
- X509_TRUST_TRUSTED) {
+ X509_TRUST_TRUSTED) {
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
OCSP_R_ROOT_CA_NOT_TRUSTED);
goto end;
init_res = X509_STORE_CTX_init(&ctx, store, signer,
req->optionalSignature->certs);
if (!init_res) {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
return 0;
}
ret = X509_verify_cert(&ctx);
X509_STORE_CTX_cleanup(&ctx);
if (ret <= 0) {
- ret = X509_STORE_CTX_get_error(&ctx);
+ ret = X509_STORE_CTX_get_error(&ctx);
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
OCSP_R_CERTIFICATE_VERIFY_ERROR);
ERR_asprintf_error_data("Verify error:%s",
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
X509_NAME* issuer;
STACK_OF(ACCESS_DESCRIPTION) *locator;
} OCSP_SERVICELOC;
-
+
#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
int OCSP_request_is_signed(OCSP_REQUEST *req);
OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid,
- int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd,
+ int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd,
ASN1_TIME *nextupd);
int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* OCSP_RESPONSE templates */
ASN1_SEQUENCE(OCSP_RESPBYTES) = {
- ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
- ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+ ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+ ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
ASN1_CHOICE(OCSP_RESPID) = {
- ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
- ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+ ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+ ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
} ASN1_CHOICE_END(OCSP_RESPID)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+ ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
ASN1_SEQUENCE(OCSP_SINGLERESP) = {
- ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
- ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
- ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+ ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+ ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+ ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+ ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
ASN1_SEQUENCE(OCSP_RESPDATA) = {
- ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
- ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
- ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
- ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+ ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+ ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+ ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+ ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(OCSP_RESPDATA)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
ASN1_SEQUENCE(OCSP_BASICRESP) = {
- ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
- ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+ ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+ ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
} ASN1_SEQUENCE_END(OCSP_BASICRESP)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
ASN1_SEQUENCE(OCSP_CRLID) = {
- ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
- ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
- ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+ ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+ ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+ ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
} ASN1_SEQUENCE_END(OCSP_CRLID)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* relevant information from the response.
*/
-/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
+/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
* pointer: useful if we want to add extensions.
*/
OCSP_ONEREQ *
if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
goto err;
return one;
+
err:
OCSP_ONEREQ_free(one);
return NULL;
req->tbsRequest->requestorName = gen;
return 1;
}
-
+
/* Add a certificate to an OCSP request */
int
OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
if (!sig->certs && !(sig->certs = sk_X509_new_null()))
return 0;
- if(!sk_X509_push(sig->certs, cert))
+ if (!sk_X509_push(sig->certs, cert))
return 0;
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
return 1;
}
if (!(flags & OCSP_NOCERTS)) {
- if(!OCSP_request_add1_cert(req, signer))
+ if (!OCSP_request_add1_cert(req, signer))
goto err;
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
}
return 1;
+
err:
OCSP_SIGNATURE_free(req->optionalSignature);
req->optionalSignature = NULL;
}
/* Extract status information from an OCSP_SINGLERESP structure.
- * Note: the revtime and reason values are only set if the
+ * Note: the revtime and reason values are only set if the
* certificate status is revoked. Returns numerical value of
* status.
*/
*revtime = rev->revocationTime;
if (reason) {
if (rev->revocationReason)
- *reason = ASN1_ENUMERATED_get(rev->revocationReason);
+ *reason = ASN1_ENUMERATED_get(
+ rev->revocationReason);
else
*reason = -1;
}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
-static ERR_STRING_DATA OCSP_str_functs[]=
- {
-{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
-{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
-{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
-{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
-{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
-{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},
-{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
-{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
-{0,NULL}
- };
+static ERR_STRING_DATA OCSP_str_functs[]= {
+ {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
+ {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
+ {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
+ {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
+ {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
+ {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
+ {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
+ {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
+ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
+ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},
+ {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
+ {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
+ {0, NULL}
+};
-static ERR_STRING_DATA OCSP_str_reasons[]=
- {
-{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"},
-{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"},
-{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
-{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
-{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"},
-{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
-{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
-{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"},
-{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
-{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"},
-{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"},
-{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"},
-{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"},
-{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"},
-{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
-{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"},
-{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
-{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"},
-{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"},
-{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"},
-{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
-{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"},
-{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
-{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"},
-{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
-{0,NULL}
- };
+static ERR_STRING_DATA OCSP_str_reasons[]= {
+ {ERR_REASON(OCSP_R_BAD_DATA) , "bad data"},
+ {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+ {ERR_REASON(OCSP_R_DIGEST_ERR) , "digest err"},
+ {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), "error in nextupdate field"},
+ {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), "error in thisupdate field"},
+ {ERR_REASON(OCSP_R_ERROR_PARSING_URL) , "error parsing url"},
+ {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), "missing ocspsigning usage"},
+ {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), "nextupdate before thisupdate"},
+ {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) , "not basic response"},
+ {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
+ {ERR_REASON(OCSP_R_NO_CONTENT) , "no content"},
+ {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) , "no public key"},
+ {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) , "no response data"},
+ {ERR_REASON(OCSP_R_NO_REVOKED_TIME) , "no revoked time"},
+ {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
+ {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) , "request not signed"},
+ {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), "response contains no revocation data"},
+ {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) , "root ca not trusted"},
+ {ERR_REASON(OCSP_R_SERVER_READ_ERROR) , "server read error"},
+ {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
+ {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), "server response parse error"},
+ {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) , "server write error"},
+ {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) , "signature failure"},
+ {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
+ {ERR_REASON(OCSP_R_STATUS_EXPIRED) , "status expired"},
+ {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) , "status not yet valid"},
+ {ERR_REASON(OCSP_R_STATUS_TOO_OLD) , "status too old"},
+ {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"},
+ {ERR_REASON(OCSP_R_UNKNOWN_NID) , "unknown nid"},
+ {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), "unsupported requestorname type"},
+ {0, NULL}
+};
#endif
-void ERR_load_OCSP_strings(void)
- {
+void
+ERR_load_OCSP_strings(void)
+{
#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,OCSP_str_functs);
- ERR_load_strings(0,OCSP_str_reasons);
- }
-#endif
+ if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, OCSP_str_functs);
+ ERR_load_strings(0, OCSP_str_reasons);
}
+#endif
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int
OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
{
- return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
- NULL;
+ return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex,
+ loc) != NULL;
}
/* Single extensions */
return X509v3_delete_ext(x->singleRequestExtensions, loc);
}
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+void *
+OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
}
OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
{
return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,
- nid ,lastpos);
+ nid, lastpos);
}
int
int
OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
{
- return X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,
- crit, lastpos);
+ return X509v3_get_ext_by_critical(
+ x->tbsResponseData->responseExtensions, crit, lastpos);
}
X509_EXTENSION *
if (i2d(data, &p) <= 0)
goto err;
} else if (sk) {
- if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,
+ if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
(I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
IS_SEQUENCE)) <= 0)
goto err;
if (!(b = p = malloc((unsigned int)i)))
goto err;
- if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,
- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
+ if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p,
+ (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
goto err;
} else {
OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
goto err;
free(b);
return s;
+
err:
free(b);
return NULL;
/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
* a random nonce will be generated.
- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
+ * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
* nonce, previous versions used the raw nonce.
*/
X509V3_ADD_REPLACE))
goto err;
ret = 1;
+
err:
free(os.data);
return ret;
X509_EXTENSION *req_ext, *resp_ext;
req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
- resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+ resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs,
+ NID_id_pkix_OCSP_Nonce, -1);
/* Check both absent */
if (req_idx < 0 && resp_idx < 0)
return 2;
return 1;
}
-/* Copy the nonce value (if any) from an OCSP request to
+/* Copy the nonce value (if any) from an OCSP request to
* a response.
*/
int
{
X509_EXTENSION *x = NULL;
OCSP_CRLID *cid = NULL;
-
+
if (!(cid = OCSP_CRLID_new()))
goto err;
if (url) {
if (tim) {
if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
goto err;
- if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+ if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
goto err;
}
x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
+
err:
if (cid)
OCSP_CRLID_free(cid);
goto err;
while (oids && *oids) {
if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&
- (o = OBJ_nid2obj(nid)))
+ (o = OBJ_nid2obj(nid)))
sk_ASN1_OBJECT_push(sk, o);
oids++;
}
x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
+
err:
if (sk)
sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
goto err;
x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
+
err:
if (gt)
ASN1_GENERALIZEDTIME_free(gt);
ASN1_IA5STRING *ia5 = NULL;
OCSP_SERVICELOC *sloc = NULL;
ACCESS_DESCRIPTION *ad = NULL;
-
+
if (!(sloc = OCSP_SERVICELOC_new()))
goto err;
if (!(sloc->issuer = X509_NAME_dup(issuer)))
urls++;
}
x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
+
err:
if (sloc)
OCSP_SERVICELOC_free(sloc);
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
return 0;
}
- /* Set end of response code and start of message */
+ /* Set end of response code and start of message */
*q++ = 0;
/* Attempt to parse numeric code */
case OHS_ASN1_WRITE:
n = BIO_get_mem_data(rctx->mem, &p);
i = BIO_write(rctx->io,
- p + (n - rctx->asn1_len), rctx->asn1_len);
+ p + (n - rctx->asn1_len), rctx->asn1_len);
if (i <= 0) {
if (BIO_should_retry(rctx->io))
return -1;
rctx->state = OHS_ASN1_CONTENT;
/* FALLTHROUGH */
-
+
case OHS_ASN1_CONTENT:
n = BIO_get_mem_data(rctx->mem, &p);
if (n < (int)rctx->asn1_len)
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
goto err;
}
- if (!(alg->algorithm=OBJ_nid2obj(nid)))
+ if (!(alg->algorithm = OBJ_nid2obj(nid)))
goto err;
- if ((alg->parameter=ASN1_TYPE_new()) == NULL)
+ if ((alg->parameter = ASN1_TYPE_new()) == NULL)
goto err;
- alg->parameter->type=V_ASN1_NULL;
+ alg->parameter->type = V_ASN1_NULL;
if (!X509_NAME_digest(issuerName, dgst, md, &i))
goto digerr;
goto err;
}
return cid;
+
digerr:
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
err:
/* Check for trailing part of path */
p = strchr(p, '/');
- if (!p)
+ if (!p)
*ppath = BUF_strdup("/");
else {
*ppath = BUF_strdup(p);
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
{
const OCSP_TBLSTR *p;
- for (p=ts; p < ts + len; p++)
+ for (p = ts; p < ts + len; p++)
if (p->t == s)
return p->m;
return "(UNKNOWN)";
OCSP_response_status_str(long s)
{
static const OCSP_TBLSTR rstat_tbl[] = {
- { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
- { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
- { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
- { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
- { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
- { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" }
+ { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
+ { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
+ { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
+ { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
+ { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
+ { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" }
};
return table2string(s, rstat_tbl, 6);
-}
+}
const char *
OCSP_cert_status_str(long s)
{
static const OCSP_TBLSTR cstat_tbl[] = {
- { V_OCSP_CERTSTATUS_GOOD, "good" },
- { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
- { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" }
+ { V_OCSP_CERTSTATUS_GOOD, "good" },
+ { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
+ { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" }
};
return table2string(s, cstat_tbl, 3);
-}
+}
const char *
OCSP_crl_reason_str(long s)
{
static const OCSP_TBLSTR reason_tbl[] = {
- { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
- { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
- { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
- { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
- { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
- { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
- { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
- { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" }
+ { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
+ { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
+ { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
+ { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
+ { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
+ { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
+ { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
+ { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" }
};
return table2string(s, reason_tbl, 8);
-}
+}
int
OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
OCSP_REQINFO *inf = o->tbsRequest;
OCSP_SIGNATURE *sig = o->optionalSignature;
- if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0)
+ if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
goto err;
l = ASN1_INTEGER_get(inf->version);
- if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0)
+ if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0)
goto err;
if (inf->requestorName != NULL) {
- if (BIO_write(bp,"\n Requestor Name: ",21) <= 0)
+ if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0)
goto err;
GENERAL_NAME_print(bp, inf->requestorName);
}
- if (BIO_write(bp,"\n Requestor List:\n",21) <= 0)
+ if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0)
goto err;
for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
one = sk_OCSP_ONEREQ_value(inf->requestList, i);
if (sig) {
X509_signature_print(bp, sig->signatureAlgorithm,
sig->signature);
- for (i=0; i<sk_X509_num(sig->certs); i++) {
- X509_print(bp, sk_X509_value(sig->certs,i));
- PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
+ for (i = 0; i < sk_X509_num(sig->certs); i++) {
+ X509_print(bp, sk_X509_value(sig->certs, i));
+ PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
}
}
return 1;
+
err:
return 0;
}
OCSP_SINGLERESP *single = NULL;
OCSP_RESPBYTES *rb = o->responseBytes;
- if (BIO_puts(bp,"OCSP Response Data:\n") <= 0)
+ if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
goto err;
l = ASN1_ENUMERATED_get(o->responseStatus);
- if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n",
+ if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n",
OCSP_response_status_str(l), l) <= 0)
goto err;
if (rb == NULL)
return 1;
- if (BIO_puts(bp," Response Type: ") <= 0)
+ if (BIO_puts(bp, " Response Type: ") <= 0)
goto err;
- if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+ if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
goto err;
if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
- BIO_puts(bp," (unknown response type)\n");
+ BIO_puts(bp, " (unknown response type)\n");
return 1;
}
goto err;
rd = br->tbsResponseData;
l = ASN1_INTEGER_get(rd->version);
- if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", l+1,l) <= 0)
+ if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0)
goto err;
- if (BIO_puts(bp," Responder Id: ") <= 0)
+ if (BIO_puts(bp, " Responder Id: ") <= 0)
goto err;
- rid = rd->responderId;
+ rid = rd->responderId;
switch (rid->type) {
case V_OCSP_RESPID_NAME:
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
break;
}
- if (BIO_printf(bp,"\n Produced At: ")<=0)
+ if (BIO_printf(bp, "\n Produced At: ")<=0)
goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
goto err;
- if (BIO_printf(bp,"\n Responses:\n") <= 0)
+ if (BIO_printf(bp, "\n Responses:\n") <= 0)
goto err;
for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
if (! sk_OCSP_SINGLERESP_value(rd->responses, i))
if (ocsp_certid_print(bp, cid, 4) <= 0)
goto err;
cst = single->certStatus;
- if (BIO_printf(bp," Cert Status: %s",
+ if (BIO_printf(bp, " Cert Status: %s",
OCSP_cert_status_str(cst->type)) <= 0)
goto err;
if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
rev = cst->value.revoked;
- if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
+ if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
goto err;
if (!ASN1_GENERALIZEDTIME_print(bp,
- rev->revocationTime))
+ rev->revocationTime))
goto err;
if (rev->revocationReason) {
l = ASN1_ENUMERATED_get(rev->revocationReason);
goto err;
}
}
- if (BIO_printf(bp,"\n This Update: ") <= 0)
+ if (BIO_printf(bp, "\n This Update: ") <= 0)
goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
+ if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
goto err;
if (single->nextUpdate) {
- if (BIO_printf(bp,"\n Next Update: ") <= 0)
+ if (BIO_printf(bp, "\n Next Update: ") <= 0)
goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
+ if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
goto err;
}
- if (BIO_write(bp,"\n",1) <= 0)
+ if (BIO_write(bp, "\n", 1) <= 0)
goto err;
if (!X509V3_extensions_print(bp, "Response Single Extensions",
single->singleExtensions, flags, 8))
goto err;
- if (BIO_write(bp,"\n",1) <= 0)
+ if (BIO_write(bp, "\n", 1) <= 0)
goto err;
}
if (!X509V3_extensions_print(bp, "Response Extensions",
for (i = 0; i < sk_X509_num(br->certs); i++) {
X509_print(bp, sk_X509_value(br->certs, i));
- PEM_write_bio_X509(bp,sk_X509_value(br->certs, i));
+ PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
}
ret = 1;
+
err:
OCSP_BASICRESP_free(br);
return ret;
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
&rsp->responseBytes->response))
goto err;
return rsp;
+
err:
if (rsp)
OCSP_RESPONSE_free(rsp);
goto err;
cs = single->certStatus;
- switch(cs->type = status) {
+ switch (cs->type = status) {
case V_OCSP_CERTSTATUS_REVOKED:
if (!revtime) {
OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,
if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
goto err;
if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
- goto err;
+ goto err;
if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
- if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
+ if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
goto err;
if (!(ASN1_ENUMERATED_set(ri->revocationReason,
reason)))
- goto err;
- }
+ goto err;
+ }
break;
case V_OCSP_CERTSTATUS_GOOD:
if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
goto err;
return single;
+
err:
OCSP_SINGLERESP_free(single);
return NULL;
goto err;
return 1;
+
err:
return 0;
}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include <string.h>
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
- STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags);
+ STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
- unsigned long flags);
+ unsigned long flags);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
- STACK_OF(OCSP_SINGLERESP) *sresp);
+ STACK_OF(OCSP_SINGLERESP) *sresp);
static int ocsp_check_delegated(X509 *x, int flags);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
- X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st,
- unsigned long flags);
+ X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st,
+ unsigned long flags);
/* Verify a basic response message */
int
if (!(flags & OCSP_NOVERIFY)) {
int init_res;
- if(flags & OCSP_NOCHAIN)
+ if (flags & OCSP_NOCHAIN)
init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
else
init_res = X509_STORE_CTX_init(&ctx, st, signer,
bs->certs);
if (!init_res) {
ret = -1;
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
goto end;
}
X509_verify_cert_error_string(i));
goto end;
}
- if(flags & OCSP_NOCHECKS) {
+ if (flags & OCSP_NOCHECKS) {
ret = 1;
goto end;
}
x = sk_X509_value(chain, sk_X509_num(chain) - 1);
if (X509_check_trust(x, NID_OCSP_sign, 0) !=
- X509_TRUST_TRUSTED) {
+ X509_TRUST_TRUSTED) {
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
OCSP_R_ROOT_CA_NOT_TRUSTED);
goto end;
init_res = X509_STORE_CTX_init(&ctx, store, signer,
req->optionalSignature->certs);
if (!init_res) {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
return 0;
}
ret = X509_verify_cert(&ctx);
X509_STORE_CTX_cleanup(&ctx);
if (ret <= 0) {
- ret = X509_STORE_CTX_get_error(&ctx);
+ ret = X509_STORE_CTX_get_error(&ctx);
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
OCSP_R_CERTIFICATE_VERIFY_ERROR);
ERR_asprintf_error_data("Verify error:%s",
projects / openbsd / commitdiff