From 73758d435bfcce06c5bcb58a54e5c2ddde47bed1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 19 Jan 2001 01:32:23 +0000 Subject: Additional functionality in ocsp utility: print summary of status info. Check nonce values. Option to disable verify. Update usage message. Rename status to string functions and make them global. --- crypto/ocsp/ocsp.h | 6 ++++++ crypto/ocsp/ocsp_prn.c | 15 ++++++++------- crypto/ocsp/ocsp_vfy.c | 2 +- crypto/stack/safestack.h | 20 ++++++++++++++++++++ 4 files changed, 35 insertions(+), 8 deletions(-) (limited to 'crypto') diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index ef36ba9910..0c643e1a88 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -100,6 +100,8 @@ typedef struct ocsp_cert_id_st ASN1_INTEGER *serialNumber; } OCSP_CERTID; +DECLARE_STACK_OF(OCSP_CERTID) + /* Request ::= SEQUENCE { * reqCert CertID, * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } @@ -538,6 +540,10 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) +char *OCSP_response_status_str(long s); +char *OCSP_cert_status_str(long s); +char *OCSP_crl_reason_str(long s); + int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index fc63183517..4b7bc28769 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -97,7 +97,7 @@ static char *table2string(long s, OCSP_TBLSTR *ts, int len) return "(UNKNOWN)"; } -static char* ocspResponseStatus2string(long s) +char *OCSP_response_status_str(long s) { static OCSP_TBLSTR rstat_tbl[] = { { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, @@ -109,7 +109,7 @@ static char* ocspResponseStatus2string(long s) return table2string(s, rstat_tbl, 6); } -static char* ocspCertStatus2string(long s) +char *OCSP_cert_status_str(long s) { static OCSP_TBLSTR cstat_tbl[] = { { V_OCSP_CERTSTATUS_GOOD, "good" }, @@ -118,7 +118,7 @@ static char* ocspCertStatus2string(long s) return table2string(s, cstat_tbl, 3); } -static char * cRLReason2string(long s) +char *OCSP_crl_reason_str(long s) { OCSP_TBLSTR reason_tbl[] = { { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, @@ -195,7 +195,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; l=ASN1_ENUMERATED_get(o->responseStatus); if (BIO_printf(bp," OCSP Response Status: %s (0x%x)\n", - ocspResponseStatus2string(l), l) <= 0) goto err; + OCSP_response_status_str(l), l) <= 0) goto err; if (rb == NULL) return 1; if (BIO_puts(bp," Response Type: ") <= 0) goto err; @@ -237,8 +237,8 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) cid = single->certId; if(ocsp_certid_print(bp, cid, 4) <= 0) goto err; cst = single->certStatus; - if (BIO_printf(bp,"\n Cert Status: %s", - ocspCertStatus2string(cst->type)) <= 0) + if (BIO_printf(bp," Cert Status: %s", + OCSP_cert_status_str(cst->type)) <= 0) goto err; if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { @@ -253,7 +253,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) l=ASN1_ENUMERATED_get(rev->revocationReason); if (BIO_printf(bp, "\n Revocation Reason: %s (0x%x)", - cRLReason2string(l), l) <= 0) + OCSP_crl_reason_str(l), l) <= 0) goto err; } } @@ -271,6 +271,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) "Response Single Extensions", single->singleExtensions, flags, 8)) goto err; + if (!BIO_write(bp,"\n",1)) goto err; } if (!X509V3_extensions_print(bp, "Response Extensions", rd->responseExtensions, flags, 4)) diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index b656609ee8..8868c980cb 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -144,7 +144,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, end: if(chain) sk_X509_pop_free(chain, X509_free); - return 1; + return ret; } diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 67bce3f5ea..fe77eeaa18 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -504,6 +504,26 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) +#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) +#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) +#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) +#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) +#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) +#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) +#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) +#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) +#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) +#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) + #define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) #define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) -- cgit v1.2.3