Modify OCSP API to more closely reflect

application needs.

Add OCSP library name to error code.

diff --git a/CHANGES b/CHANGES
index 836740afd08055ffa8cebd48a90a7cb1e1424796..f43b723c8e2848020919c5485a6a5ba340efa92c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,17 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Change function OCSP_request_add() to OCSP_request_add0().
+     This doesn't copy the supplied OCSP_CERTID and avoids the
+     need to free up the newly created id. Change return type
+     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+     This can then be used to add extensions to the request.
+     Deleted OCSP_request_new(), since most of its functionality
+     is now in OCSP_REQUEST_new() (and the case insensitive name
+     clash) apart from the ability to set the request name which
+     will be added elsewhere.
+     [Steve Henson]
+
   *) Update OCSP API. Remove obsolete extensions argument from
      various functions. Extensions are now handled using the new
      OCSP extension code. New simple OCSP HTTP function which 

diff --git a/crypto/err/err.c b/crypto/err/err.c
index 1f517cb5f410c7c2b945b8e261c15942c9c9c619..fdf774694810c23684e33d223eaa679c0ddf47d4 100644 (file)
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -163,6 +163,7 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_RAND,0,0)            ,"random number generator"},
 {ERR_PACK(ERR_LIB_DSO,0,0)             ,"DSO support routines"},
 {ERR_PACK(ERR_LIB_ENGINE,0,0)          ,"engine routines"},
+{ERR_PACK(ERR_LIB_OCSP,0,0)            ,"OCSP routines"},
 {0,NULL},
        };
 

diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
index 7c131d28f4cee91767dd6ffc62d6f97d0e5043c9..7bc23ba4cf3b5000beb5ccfad54149c8cb8b4f47 100644 (file)
--- a/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
@@ -395,10 +395,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
 
 OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim);
 
-OCSP_REQUEST *OCSP_request_new(X509_NAME* name);
-
-int OCSP_request_add(OCSP_REQUEST             *req,
-                    OCSP_CERTID              *cid);
+OCSP_ONEREQ *OCSP_request_add0(OCSP_REQUEST *req, OCSP_CERTID *cid);
 
 int OCSP_request_sign(OCSP_REQUEST   *req,
                      EVP_PKEY       *key,

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index bddb5280ea0db040b0615b797c62a050e617035d..2a6c472f23d70a25d5d7bf87b2d1066fcd0b0815 100644 (file)
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -162,37 +162,20 @@ err:
        return NULL;
        }
 
-OCSP_REQUEST *OCSP_request_new(X509_NAME* name)
-        {
-       OCSP_REQUEST *req = NULL;
-
-       if ((req = OCSP_REQUEST_new()) == NULL) goto err;
-       if (name) /* optional */
-               {
-               if (!(req->tbsRequest->requestorName=GENERAL_NAME_new()))
-                       goto err;
-               req->tbsRequest->requestorName->type = GEN_DIRNAME;
-               req->tbsRequest->requestorName->d.dirn = X509_NAME_dup(name);
-               }
-       if (!(req->tbsRequest->requestList = sk_OCSP_ONEREQ_new(NULL))) goto err;
-       return req;
-err:
-       if (req) OCSP_REQUEST_free(req);
-       return NULL;
-       }
-
-int OCSP_request_add(OCSP_REQUEST *req, OCSP_CERTID *cid)
+OCSP_ONEREQ *OCSP_request_add0(OCSP_REQUEST *req, OCSP_CERTID *cid)
         {
        OCSP_ONEREQ *one = NULL;
 
        if (!(one = OCSP_ONEREQ_new())) goto err;
        if (one->reqCert) OCSP_CERTID_free(one->reqCert);
-       if (!(one->reqCert = OCSP_CERTID_dup(cid))) goto err;
-       if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err;
-       return 1;
+       one->reqCert = cid;
+       if (req &&
+               !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+                               goto err;
+       return one;
 err:
        if (one) OCSP_ONEREQ_free(one);
-       return 0;
+       return NULL;
         }
 
 int OCSP_request_sign(OCSP_REQUEST   *req,