summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2007-09-26 23:56:59 +0200
committerDr. Stephen Henson <steve@openssl.org>2007-09-26 23:56:59 +0200
commit67c8e7f41486934b6809673b6d836d38eaf2383b (patch)
tree06fd94dda26946a4d53a63a98b280aeffbc0aac7 /crypto
parentMake sha512-armv4.pl byte-order neutral. (diff)
downloadopenssl-67c8e7f41486934b6809673b6d836d38eaf2383b.tar.xz
openssl-67c8e7f41486934b6809673b6d836d38eaf2383b.zip
Support for certificate status TLS extension.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/x_exten.c5
-rw-r--r--crypto/ocsp/ocsp.h12
-rw-r--r--crypto/ossl_typ.h2
-rw-r--r--crypto/stack/safestack.h22
-rw-r--r--crypto/x509/x509.h3
-rw-r--r--crypto/x509/x509_req.c4
-rw-r--r--crypto/x509v3/v3_utl.c24
-rw-r--r--crypto/x509v3/x509v3.h1
8 files changed, 65 insertions, 8 deletions
diff --git a/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c
index 702421b6c8..1732e66712 100644
--- a/crypto/asn1/x_exten.c
+++ b/crypto/asn1/x_exten.c
@@ -67,5 +67,10 @@ ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(X509_EXTENSION)
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
+
IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
index 34bb62c277..bbfc5055df 100644
--- a/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
@@ -187,11 +187,11 @@ typedef struct ocsp_resp_bytes_st
* responseStatus OCSPResponseStatus,
* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
*/
-typedef struct ocsp_response_st
+struct ocsp_response_st
{
ASN1_ENUMERATED *responseStatus;
OCSP_RESPBYTES *responseBytes;
- } OCSP_RESPONSE;
+ };
/* ResponderID ::= CHOICE {
* byName [1] Name,
@@ -199,14 +199,18 @@ typedef struct ocsp_response_st
*/
#define V_OCSP_RESPID_NAME 0
#define V_OCSP_RESPID_KEY 1
-typedef struct ocsp_responder_id_st
+struct ocsp_responder_id_st
{
int type;
union {
X509_NAME* byName;
ASN1_OCTET_STRING *byKey;
} value;
- } OCSP_RESPID;
+ };
+
+DECLARE_STACK_OF(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+
/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
* --(excluding the tag and length fields)
*/
diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h
index b132405098..2a66d484b9 100644
--- a/crypto/ossl_typ.h
+++ b/crypto/ossl_typ.h
@@ -188,5 +188,7 @@ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d
int idx, long argl, void *argp);
typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
+typedef struct ocsp_response_st OCSP_RESPONSE;
+typedef struct ocsp_responder_id_st OCSP_RESPID;
#endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
index 250929bf7d..f80353598f 100644
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -1074,6 +1074,28 @@ STACK_OF(type) \
#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
+#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
+#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i))
+#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val))
+#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val))
+#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val))
+#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val))
+#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val))
+#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i))
+#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr))
+#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i))
+#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp))
+#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st)
+#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func))
+#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
+
#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 914fb04b1d..4f40712448 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -205,6 +205,8 @@ typedef struct X509_extension_st
ASN1_OCTET_STRING *value;
} X509_EXTENSION;
+typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
+
DECLARE_STACK_OF(X509_EXTENSION)
DECLARE_ASN1_SET_OF(X509_EXTENSION)
@@ -801,6 +803,7 @@ DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index a2d78a8a12..48183dc00c 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -67,10 +67,6 @@
#include <openssl/buffer.h>
#include <openssl/pem.h>
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
-ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
-
X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
X509_REQ *ret;
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index f1b5c94c2a..6aa54aedfa 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -473,6 +473,30 @@ STACK *X509_get1_email(X509 *x)
return ret;
}
+STACK *X509_get1_ocsp(X509 *x)
+{
+ AUTHORITY_INFO_ACCESS *info;
+ STACK *ret = NULL;
+ int i;
+ info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
+ if (!info)
+ return NULL;
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
+ {
+ ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
+ if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
+ {
+ if (ad->location->type == GEN_URI)
+ {
+ if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
+ break;
+ }
+ }
+ }
+ AUTHORITY_INFO_ACCESS_free(info);
+ return ret;
+}
+
STACK *X509_REQ_get1_email(X509_REQ *x)
{
GENERAL_NAMES *gens;
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index cbadc4c185..be0c97a404 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -649,6 +649,7 @@ int X509_PURPOSE_get_id(X509_PURPOSE *);
STACK *X509_get1_email(X509 *x);
STACK *X509_REQ_get1_email(X509_REQ *x);
void X509_email_free(STACK *sk);
+STACK *X509_get1_ocsp(X509 *x);
ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);