diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2007-09-26 23:56:59 +0200 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2007-09-26 23:56:59 +0200 |
commit | 67c8e7f41486934b6809673b6d836d38eaf2383b (patch) | |
tree | 06fd94dda26946a4d53a63a98b280aeffbc0aac7 /crypto | |
parent | Make sha512-armv4.pl byte-order neutral. (diff) | |
download | openssl-67c8e7f41486934b6809673b6d836d38eaf2383b.tar.xz openssl-67c8e7f41486934b6809673b6d836d38eaf2383b.zip |
Support for certificate status TLS extension.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/x_exten.c | 5 | ||||
-rw-r--r-- | crypto/ocsp/ocsp.h | 12 | ||||
-rw-r--r-- | crypto/ossl_typ.h | 2 | ||||
-rw-r--r-- | crypto/stack/safestack.h | 22 | ||||
-rw-r--r-- | crypto/x509/x509.h | 3 | ||||
-rw-r--r-- | crypto/x509/x509_req.c | 4 | ||||
-rw-r--r-- | crypto/x509v3/v3_utl.c | 24 | ||||
-rw-r--r-- | crypto/x509v3/x509v3.h | 1 |
8 files changed, 65 insertions, 8 deletions
diff --git a/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c index 702421b6c8..1732e66712 100644 --- a/crypto/asn1/x_exten.c +++ b/crypto/asn1/x_exten.c @@ -67,5 +67,10 @@ ASN1_SEQUENCE(X509_EXTENSION) = { ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(X509_EXTENSION) +ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) +ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) + IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index 34bb62c277..bbfc5055df 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -187,11 +187,11 @@ typedef struct ocsp_resp_bytes_st * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } */ -typedef struct ocsp_response_st +struct ocsp_response_st { ASN1_ENUMERATED *responseStatus; OCSP_RESPBYTES *responseBytes; - } OCSP_RESPONSE; + }; /* ResponderID ::= CHOICE { * byName [1] Name, @@ -199,14 +199,18 @@ typedef struct ocsp_response_st */ #define V_OCSP_RESPID_NAME 0 #define V_OCSP_RESPID_KEY 1 -typedef struct ocsp_responder_id_st +struct ocsp_responder_id_st { int type; union { X509_NAME* byName; ASN1_OCTET_STRING *byKey; } value; - } OCSP_RESPID; + }; + +DECLARE_STACK_OF(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) + /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key * --(excluding the tag and length fields) */ diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h index b132405098..2a66d484b9 100644 --- a/crypto/ossl_typ.h +++ b/crypto/ossl_typ.h @@ -188,5 +188,7 @@ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d int idx, long argl, void *argp); typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 250929bf7d..f80353598f 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -1074,6 +1074,28 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) +#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) +#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) +#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) +#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) +#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) +#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) +#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) + #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 914fb04b1d..4f40712448 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -205,6 +205,8 @@ typedef struct X509_extension_st ASN1_OCTET_STRING *value; } X509_EXTENSION; +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + DECLARE_STACK_OF(X509_EXTENSION) DECLARE_ASN1_SET_OF(X509_EXTENSION) @@ -801,6 +803,7 @@ DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index a2d78a8a12..48183dc00c 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -67,10 +67,6 @@ #include <openssl/buffer.h> #include <openssl/pem.h> -ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) -ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) - X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { X509_REQ *ret; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index f1b5c94c2a..6aa54aedfa 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -473,6 +473,30 @@ STACK *X509_get1_email(X509 *x) return ret; } +STACK *X509_get1_ocsp(X509 *x) +{ + AUTHORITY_INFO_ACCESS *info; + STACK *ret = NULL; + int i; + info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); + if (!info) + return NULL; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) + { + ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); + if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) + { + if (ad->location->type == GEN_URI) + { + if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) + break; + } + } + } + AUTHORITY_INFO_ACCESS_free(info); + return ret; +} + STACK *X509_REQ_get1_email(X509_REQ *x) { GENERAL_NAMES *gens; diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index cbadc4c185..be0c97a404 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -649,6 +649,7 @@ int X509_PURPOSE_get_id(X509_PURPOSE *); STACK *X509_get1_email(X509 *x); STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); +STACK *X509_get1_ocsp(X509 *x); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); |