diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-02-08 19:13:26 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-06 13:08:16 +0100 |
commit | 0dca5ede0d7a98bc9061f4a50846732e50ffda0f (patch) | |
tree | 79a8035d8dfe75d769957f4b7ec2a44e715a91a8 /crypto/ocsp/ocsp_srv.c | |
parent | 9b9d24f0331f7175137bc60023e7a165ee886551 (diff) | |
download | openssl-0dca5ede0d7a98bc9061f4a50846732e50ffda0f.tar.gz |
Make more use of X509_add_certs(); minor related code & comments cleanup
This is a follow-up on #12615.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14436)
Diffstat (limited to 'crypto/ocsp/ocsp_srv.c')
-rw-r--r-- | crypto/ocsp/ocsp_srv.c | 13 |
1 files changed, 2 insertions, 11 deletions
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 4a864f2d79..2bd8b40d65 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -20,7 +20,6 @@ * Utility functions related to sending OCSP responses and extracting * relevant information from the request. */ - int OCSP_request_onereq_count(OCSP_REQUEST *req) { return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList); @@ -155,7 +154,6 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, } /* Add a certificate to an OCSP request */ - int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) { return ossl_x509_add_cert_new(&resp->certs, cert, X509_ADD_FLAG_UP_REF); @@ -166,12 +164,10 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) * set the responderID to the subject name in the signer's certificate, and * include one or more optional certificates in the response. */ - int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, STACK_OF(X509) *certs, unsigned long flags) { - int i; OCSP_RESPID *rid; EVP_PKEY *pkey; @@ -187,13 +183,9 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, } if (!(flags & OCSP_NOCERTS)) { - if (!OCSP_basic_add1_cert(brsp, signer)) + if (!OCSP_basic_add1_cert(brsp, signer) + || !X509_add_certs(brsp->certs, certs, X509_ADD_FLAG_UP_REF)) goto err; - for (i = 0; i < sk_X509_num(certs); i++) { - X509 *tmpcert = sk_X509_value(certs, i); - if (!OCSP_basic_add1_cert(brsp, tmpcert)) - goto err; - } } rid = &brsp->tbsResponseData.responderId; @@ -212,7 +204,6 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, * Right now, I think that not doing double hashing is the right thing. * -- Richard Levitte */ - if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0)) goto err; |