Index: nss/mozilla/security/nss/lib/certhigh/ocsp.h |
=================================================================== |
--- nss/mozilla/security/nss/lib/certhigh/ocsp.h (revision 38521) |
+++ nss/mozilla/security/nss/lib/certhigh/ocsp.h (working copy) |
@@ -37,7 +37,7 @@ |
/* |
* Interface to the OCSP implementation. |
* |
- * $Id: ocsp.h,v 1.14 2009/03/21 01:40:35 nelson%bolyard.com Exp $ |
+ * $Id: ocsp.h,v 1.17 2010/02/01 20:09:32 wtc%google.com Exp $ |
*/ |
#ifndef _OCSP_H_ |
@@ -550,7 +550,43 @@ |
extern SECStatus |
CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert, |
PRTime time, void *pwArg); |
+ |
/* |
+ * FUNCTION: CERT_CacheOCSPResponseFromSideChannel |
+ * First, this function checks the OCSP cache to see if a good response |
+ * for the given certificate already exists. If it does, then the function |
+ * returns successfully. |
+ * |
+ * If not, then it validates that the given OCSP response is a valid, |
+ * good response for the given certificate and inserts it into the |
+ * cache. |
+ * |
+ * This function is intended for use when OCSP responses are provided via a |
+ * side-channel, i.e. TLS OCSP stapling (a.k.a. the status_request extension). |
+ * |
+ * INPUTS: |
+ * CERTCertDBHandle *handle |
+ * certificate DB of the cert that is being checked |
+ * CERTCertificate *cert |
+ * the certificate being checked |
+ * PRTime time |
+ * time for which status is to be determined |
+ * SECItem *encodedResponse |
+ * the DER encoded bytes of the OCSP response |
+ * void *pwArg |
+ * argument for password prompting, if needed |
+ * RETURN: |
+ * SECSuccess if the cert was found in the cache, or if the OCSP response was |
+ * found to be valid and inserted into the cache. SECFailure otherwise. |
+ */ |
+extern SECStatus |
+CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle, |
+ CERTCertificate *cert, |
+ PRTime time, |
+ SECItem *encodedResponse, |
+ void *pwArg); |
+ |
+/* |
* FUNCTION: CERT_GetOCSPStatusForCertID |
* Returns the OCSP status contained in the passed in paramter response |
* that corresponds to the certID passed in. |