diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2001-02-05 00:35:06 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2001-02-05 00:35:06 +0000 |
| commit | 26e083ccb72f0bfabb443c67b121ad8f9192217e (patch) | |
| tree | 69a10b3e853f5c5b0f33c32d9feaced9d7f02357 | |
| parent | 4978361212e01b405430c13cb4aa33bdfdeec190 (diff) | |
| download | openssl-26e083ccb72f0bfabb443c67b121ad8f9192217e.tar.gz | |
New function to copy nonce values from OCSP
request to response.
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | crypto/ocsp/ocsp.h | 5 | ||||
| -rw-r--r-- | crypto/ocsp/ocsp_ext.c | 24 |
3 files changed, 21 insertions, 12 deletions
@@ -3,6 +3,10 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) New function OCSP_copy_nonce() to copy nonce value (if present) from + request to response. + [Steve Henson] + *) Functions for OCSP responders. OCSP_request_onereq_count(), OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info() extract information from a certificate request. OCSP_response_create() diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index f77c4fd039..4826a709f0 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -412,11 +412,12 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber); -OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim); - OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 36e51ddd91..56c54f735b 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -371,16 +371,20 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) return ret; } -X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len) - { - X509_EXTENSION *x=NULL; - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_Nonce))) goto err; - if (!(ASN1_OCTET_STRING_set(x->value, p, len))) goto err; - return x; -err: - if (x) X509_EXTENSION_free(x); - return NULL; +/* Copy the nonce value (if any) from an OCSP request to + * a response. + */ + +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) + { + X509_EXTENSION *req_ext; + int req_idx; + /* Check for nonce in request */ + req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); + /* If no nonce that's OK */ + if (req_idx < 0) return 2; + req_ext = OCSP_REQUEST_get_ext(req, req_idx); + return OCSP_BASICRESP_add_ext(resp, req_ext, -1); } X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) |