diff options
| -rw-r--r-- | crypto/ocsp/ocsp_cl.c | 23 | ||||
| -rw-r--r-- | doc/crypto/OCSP_resp_find_status.pod | 13 | ||||
| -rw-r--r-- | include/openssl/ocsp.h | 5 |
3 files changed, 41 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 33a30bdf1c..d0ee0574d5 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -191,6 +191,29 @@ ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs) return bs->tbsResponseData.producedAt; } +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) +{ + return bs->certs; +} + +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname) + +{ + const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; + if (rid->type == V_OCSP_RESPID_NAME) { + *pname = rid->value.byName; + *pid = NULL; + } else if (rid->type == V_OCSP_RESPID_KEY) { + *pid = rid->value.byKey; + *pname = NULL; + } else { + return 0; + } + return 1; +} + /* Look single response matching a given certificate ID */ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) diff --git a/doc/crypto/OCSP_resp_find_status.pod b/doc/crypto/OCSP_resp_find_status.pod index a852eaa8fb..b94896592b 100644 --- a/doc/crypto/OCSP_resp_find_status.pod +++ b/doc/crypto/OCSP_resp_find_status.pod @@ -27,6 +27,12 @@ OCSP_single_get0_status, OCSP_check_validity ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* single); + const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); + + int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); + int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); @@ -61,6 +67,13 @@ B<*revtime>, B<*thisupd> and B<*nextupd>. OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the single response B<bs>. +OCSP_resp_get0_certs() returns any certificates included in B<bs>. + +OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is +a name then <*pname> is set to the name and B<*pid> is set to NULL. If the +responder ID is by key ID then B<*pid> is set to the key ID and B<*pname> +is set to NULL. + OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values which will be typically obtained from OCSP_resp_find_status() or OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index 7ded75242e..c74495a0b2 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -213,6 +213,11 @@ ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); + int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, ASN1_GENERALIZEDTIME **revtime, |