extern "C" {
#endif
+/* Various flags and values */
+
+#define OCSP_DEFAULT_NONCE_LENGTH 16
+
+#define OCSP_NOCERTS 0x1
+#define OCSP_NOINTERN 0x2
+#define OCSP_NOSIGS 0x4
+#define OCSP_NOCHAIN 0x8
+#define OCSP_NOVERIFY 0x10
+#define OCSP_NOEXPLICIT 0x20
+#define OCSP_NOCASIGN 0x40
+#define OCSP_NODELEGATED 0x80
+#define OCSP_NOCHECKS 0x100
+
/* CertID ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* issuerNameHash OCTET STRING, -- Hash of Issuer's DN
ASN1_INTEGER *serialNumber;
} OCSP_CERTID;
+DECLARE_STACK_OF(OCSP_CERTID)
+
/* Request ::= SEQUENCE {
* reqCert CertID,
* singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
* unauthorized (6) --Request unauthorized
* }
*/
-#define OCSP_RESPONSE_STATUS_SUCCESSFULL 0
+#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
#define OCSP_RESPONSE_STATUS_TRYLATER 3
#define OCSP_REQUEST_sign(o,pkey,md) \
ASN1_item_sign(&OCSP_REQINFO_it,\
o->optionalSignature->signatureAlgorithm,NULL,\
- o->optionalSignature->signature,(char *)o->tbsRequest,pkey,md)
+ o->optionalSignature->signature,o->tbsRequest,pkey,md)
#define OCSP_BASICRESP_sign(o,pkey,md,d) \
ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL,\
- o->signature,(char *)o->tbsResponseData,pkey,md)
+ o->signature,o->tbsResponseData,pkey,md)
#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(&OCSP_REQINFO_it,\
a->optionalSignature->signatureAlgorithm,\
- a->optionalSignature->signature,(char *)a->tbsRequest,r)
+ a->optionalSignature->signature,a->tbsRequest,r)
#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(&OCSP_RESPDATA_it,\
- a->signatureAlgorithm,a->signature,(char *)a->tbsResponseData,r)
+ a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
#define ASN1_BIT_STRING_digest(data,type,md,len) \
- ASN1_item_digest(&ASN1_BIT_STRING_it,type,(char *)data,md,len)
+ ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len)
#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
(char *(*)())d2i_OCSP_CERTID,(char *)(cid))
OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim);
-OCSP_REQUEST *OCSP_request_new(X509_NAME* name);
-
-int OCSP_request_add(OCSP_REQUEST *req,
- OCSP_CERTID *cid);
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
int OCSP_request_sign(OCSP_REQUEST *req,
+ X509 *signer,
EVP_PKEY *key,
const EVP_MD *dgst,
- STACK_OF(X509) *certs);
+ STACK_OF(X509) *certs,
+ unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+ ASN1_GENERALIZEDTIME **thisupd,
+ ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+ int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+ ASN1_GENERALIZEDTIME **thisupd,
+ ASN1_GENERALIZEDTIME **nextupd);
int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey);
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
OCSP_BASICRESP *OCSP_basic_response_new(int tag,
X509* cert);
ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(),
char *data, STACK_OF(ASN1_OBJECT) *sk);
-X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len);
-
X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
X509_EXTENSION *OCSP_accept_responses_new(char **oids);
DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+char *OCSP_response_status_str(long s);
+char *OCSP_cert_status_str(long s);
+char *OCSP_crl_reason_str(long s);
+
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+ X509_STORE *st, unsigned long flags);
void ERR_load_OCSP_strings(void);
#define OCSP_F_CERT_ID_NEW 102
#define OCSP_F_CERT_STATUS_NEW 103
#define OCSP_F_D2I_OCSP_NONCE 109
+#define OCSP_F_OCSP_BASIC_VERIFY 113
+#define OCSP_F_OCSP_CHECK_DELEGATED 117
+#define OCSP_F_OCSP_CHECK_IDS 114
+#define OCSP_F_OCSP_CHECK_ISSUER 115
+#define OCSP_F_OCSP_CHECK_NONCE 112
+#define OCSP_F_OCSP_MATCH_ISSUERID 116
+#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
#define OCSP_F_OCSP_SENDREQ_BIO 110
#define OCSP_F_REQUEST_VERIFY 104
#define OCSP_F_RESPONSE_VERIFY 105
/* Reason codes. */
#define OCSP_R_BAD_DATA 108
#define OCSP_R_BAD_TAG 100
+#define OCSP_R_CERTIFICATE_VERIFY_ERROR 126
#define OCSP_R_DIGEST_ERR 101
#define OCSP_R_FAILED_TO_OPEN 109
#define OCSP_R_FAILED_TO_READ 110
#define OCSP_R_FAILED_TO_STAT 111
+#define OCSP_R_MISSING_OCSPSIGNING_USAGE 131
#define OCSP_R_MISSING_VALUE 112
+#define OCSP_R_NONCE_MISSING_IN_RESPONSE 121
+#define OCSP_R_NONCE_VALUE_MISMATCH 122
+#define OCSP_R_NOT_BASIC_RESPONSE 120
#define OCSP_R_NO_CERTIFICATE 102
+#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 128
#define OCSP_R_NO_CONTENT 115
#define OCSP_R_NO_PUBLIC_KEY 103
#define OCSP_R_NO_RESPONSE_DATA 104
#define OCSP_R_NO_SIGNATURE 105
+#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 129
#define OCSP_R_REVOKED_NO_TIME 106
+#define OCSP_R_ROOT_CA_NOT_TRUSTED 127
#define OCSP_R_SERVER_READ_ERROR 116
#define OCSP_R_SERVER_RESPONSE_ERROR 117
#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 118
#define OCSP_R_SERVER_WRITE_ERROR 119
+#define OCSP_R_SIGNATURE_FAILURE 124
+#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 125
+#define OCSP_R_UNEXPECTED_NONCE_IN_RESPONSE 123
+#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 130
#define OCSP_R_UNKNOWN_NID 107
#define OCSP_R_UNSUPPORTED_OPTION 113
#define OCSP_R_VALUE_ALREADY 114