From f1a6a0d4ddbeb9470d2b03e447466997729c2aac Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 16 Dec 2000 01:58:58 +0000 Subject: [PATCH] Add support for the noCheck OCSP extension. This is just a NULL and appears in a certificate. --- crypto/objects/obj_dat.h | 4 ++-- crypto/objects/obj_mac.h | 1 + crypto/objects/objects.txt | 2 +- crypto/x509v3/ext_dat.h | 3 ++- crypto/x509v3/v3_ocsp.c | 22 ++++++++++++++++++++++ 5 files changed, 28 insertions(+), 4 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 7401905f3e..b10da2d9b6 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1016,7 +1016,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2745]),0}, {"acceptableResponses","Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2754]),0}, -{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0}, +{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0}, {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, 9,&(lvalues[2772]),0}, {"serviceLocator","OCSP Service Locator", @@ -1517,6 +1517,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[178]),/* "OCSP" */ &(nid_objs[370]),/* "OCSP Archive Cutoff" */ &(nid_objs[367]),/* "OCSP CRL ID" */ +&(nid_objs[369]),/* "OCSP No Check" */ &(nid_objs[366]),/* "OCSP Nonce" */ &(nid_objs[371]),/* "OCSP Service Locator" */ &(nid_objs[180]),/* "OCSP Signing" */ @@ -1791,7 +1792,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[96]),/* "mdc2WithRSA" */ &(nid_objs[51]),/* "messageDigest" */ &(nid_objs[173]),/* "name" */ -&(nid_objs[369]),/* "noCheck" */ &(nid_objs[379]),/* "org" */ &(nid_objs[17]),/* "organizationName" */ &(nid_objs[18]),/* "organizationalUnitName" */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 715293548f..308528f9cc 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -1323,6 +1323,7 @@ #define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L #define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" #define NID_id_pkix_OCSP_noCheck 369 #define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index a203a2bde1..d4ee20db37 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -434,7 +434,7 @@ id-pkix-OCSP 1 : basicOCSPResponse : Basic OCSP Response id-pkix-OCSP 2 : Nonce : OCSP Nonce id-pkix-OCSP 3 : CrlID : OCSP CRL ID id-pkix-OCSP 4 : acceptableResponses : Acceptable OCSP Responses -id-pkix-OCSP 5 : noCheck +id-pkix-OCSP 5 : noCheck : OCSP No Check id-pkix-OCSP 6 : archiveCutoff : OCSP Archive Cutoff id-pkix-OCSP 7 : serviceLocator : OCSP Service Locator id-pkix-OCSP 8 : extendedStatus : Extended OCSP Status diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 8bf8c7aa35..98e1c599ec 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -62,7 +62,7 @@ extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; -extern X509V3_EXT_METHOD v3_ocsp_crlid; +extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -94,6 +94,7 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_ocsp_nonce, &v3_ocsp_crlid, &v3_ocsp_accresp, +&v3_ocsp_nocheck, &v3_ocsp_acutoff }; diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c index 7df71f225a..6a7e6ac31b 100644 --- a/crypto/x509v3/v3_ocsp.c +++ b/crypto/x509v3/v3_ocsp.c @@ -75,6 +75,9 @@ static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length); static void ocsp_nonce_free(void *a); static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); +static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); +static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); + X509V3_EXT_METHOD v3_ocsp_crlid = { NID_id_pkix_OCSP_CrlID, 0, &OCSP_CRLID_it, 0,0,0,0, @@ -105,6 +108,15 @@ X509V3_EXT_METHOD v3_ocsp_nonce = { NULL }; +X509V3_EXT_METHOD v3_ocsp_nocheck = { + NID_id_pkix_OCSP_noCheck, 0, &ASN1_NULL_it, + 0,0,0,0, + 0,s2i_ocsp_nocheck, + 0,0, + i2r_ocsp_nocheck,0, + NULL +}; + static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) { OCSP_CRLID *a = in; @@ -189,4 +201,14 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int return 1; } +/* Nocheck is just a single NULL. Don't print anything and always set it */ +static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent) +{ + return 1; +} + +static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) +{ + return ASN1_NULL_new(); +} -- 2.25.1