#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/ocsp.h>
+#include <openssl/asn1t.h>
/* Convert a certificate and its issuer to an OCSP_CERTID */
if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
if ((nid = EVP_MD_type(dgst)) == NID_undef)
{
- OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
+ OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
goto err;
}
if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
/* Calculate the issuerKey hash, excluding tag and length */
- EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst);
+ if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
+ goto err;
if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
}
return cid;
digerr:
- OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
+ OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
err:
if (cid) OCSP_CERTID_free(cid);
return NULL;
return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
}
-/* XXX assumes certs in signature are sorted root to leaf XXX */
-int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey)
- {
- STACK_OF(X509) *sk;
-
- if (!req->optionalSignature) return 0;
- if (pkey == NULL)
- {
- if (!(sk = req->optionalSignature->certs)) return 0;
- if (!(pkey=X509_get_pubkey(sk_X509_value(sk, sk_X509_num(sk)-1))))
- {
- OCSPerr(OCSP_F_REQUEST_VERIFY,OCSP_R_NO_PUBLIC_KEY);
- return 0;
- }
- }
- return OCSP_REQUEST_verify(req, pkey);
- }
-
/* Parse a URL and split it up into host, port and path components and whether
* it is SSL.
*/
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, int *pssl)
{
char *p, *buf;
char *host, *port;
- /* dup the buffer since we are going to mess with it */
- buf = BUF_strdup(url);
- if (!buf) goto mem_err;
-
*phost = NULL;
*pport = NULL;
*ppath = NULL;
+ /* dup the buffer since we are going to mess with it */
+ buf = BUF_strdup(url);
+ if (!buf) goto mem_err;
+
/* Check for initial colon */
p = strchr(buf, ':');
if (!*ppath) goto mem_err;
+ p = host;
+ if(host[0] == '[')
+ {
+ /* ipv6 literal */
+ host++;
+ p = strchr(host, ']');
+ if(!p) goto parse_err;
+ *p = '\0';
+ p++;
+ }
+
/* Look for optional ':' for port number */
- if ((p = strchr(host, ':')))
+ if ((p = strchr(p, ':')))
{
*p = 0;
port = p + 1;
err:
+ if (buf) OPENSSL_free(buf);
if (*ppath) OPENSSL_free(*ppath);
if (*pport) OPENSSL_free(*pport);
if (*phost) OPENSSL_free(*phost);
return 0;
}
+
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)