*
*/
+#ifndef OPENSSL_NO_OCSP
+
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/ocsp.h>
#include <openssl/x509v3.h>
-/* OCSP extensions.
+/* OCSP extensions and a couple of CRL entry extensions
*/
static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
static void *ocsp_nonce_new(void);
static int i2d_ocsp_nonce(void *a, unsigned char **pp);
-static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
static void ocsp_nonce_free(void *a);
static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
X509V3_EXT_METHOD v3_ocsp_crlid = {
- NID_id_pkix_OCSP_CrlID, 0, &OCSP_CRLID_it,
+ NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
0,0,0,0,
0,0,
0,0,
};
X509V3_EXT_METHOD v3_ocsp_acutoff = {
- NID_id_pkix_OCSP_archiveCutoff, 0, &ASN1_GENERALIZEDTIME_it,
+ NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+ 0,0,0,0,
+ 0,0,
+ 0,0,
+ i2r_ocsp_acutoff,0,
+ NULL
+};
+
+X509V3_EXT_METHOD v3_crl_invdate = {
+ NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
0,0,0,0,
0,0,
0,0,
NULL
};
+X509V3_EXT_METHOD v3_crl_hold = {
+ NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+ 0,0,0,0,
+ 0,0,
+ 0,0,
+ i2r_object,0,
+ NULL
+};
+
X509V3_EXT_METHOD v3_ocsp_nonce = {
NID_id_pkix_OCSP_Nonce, 0, NULL,
ocsp_nonce_new,
};
X509V3_EXT_METHOD v3_ocsp_nocheck = {
- NID_id_pkix_OCSP_noCheck, 0, &ASN1_NULL_it,
+ NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
0,0,0,0,
0,s2i_ocsp_nocheck,
0,0,
NULL
};
+X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+ NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+ 0,0,0,0,
+ 0,0,
+ 0,0,
+ i2r_ocsp_serviceloc,0,
+ NULL
+};
+
static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
{
OCSP_CRLID *a = in;
}
+static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+{
+ if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+ if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
+ return 1;
+}
+
/* OCSP nonce. This is needs special treatment because it doesn't have
* an ASN1 encoding at all: it just contains arbitrary data.
*/
static int i2d_ocsp_nonce(void *a, unsigned char **pp)
{
ASN1_OCTET_STRING *os = a;
- if(*pp) {
+ if(pp) {
memcpy(*pp, os->data, os->length);
*pp += os->length;
}
return os->length;
}
-static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
{
ASN1_OCTET_STRING *os, **pos;
pos = a;
return 1;
}
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
{
return ASN1_NULL_new();
}
+
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+ {
+ int i;
+ OCSP_SERVICELOC *a = in;
+ ACCESS_DESCRIPTION *ad;
+
+ if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
+ if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+ {
+ ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
+ if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
+ goto err;
+ if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
+ if(BIO_puts(bp, " - ") <= 0) goto err;
+ if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
+ }
+ return 1;
+err:
+ return 0;
+ }
+#endif