OLD | NEW |
| (Empty) |
1 /* ocsp.h */ | |
2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL | |
3 * project. */ | |
4 | |
5 /* History: | |
6 This file was transfered to Richard Levitte from CertCo by Kathy | |
7 Weinhold in mid-spring 2000 to be included in OpenSSL or released | |
8 as a patch kit. */ | |
9 | |
10 /* ==================================================================== | |
11 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | |
12 * | |
13 * Redistribution and use in source and binary forms, with or without | |
14 * modification, are permitted provided that the following conditions | |
15 * are met: | |
16 * | |
17 * 1. Redistributions of source code must retain the above copyright | |
18 * notice, this list of conditions and the following disclaimer. | |
19 * | |
20 * 2. Redistributions in binary form must reproduce the above copyright | |
21 * notice, this list of conditions and the following disclaimer in | |
22 * the documentation and/or other materials provided with the | |
23 * distribution. | |
24 * | |
25 * 3. All advertising materials mentioning features or use of this | |
26 * software must display the following acknowledgment: | |
27 * "This product includes software developed by the OpenSSL Project | |
28 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
29 * | |
30 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
31 * endorse or promote products derived from this software without | |
32 * prior written permission. For written permission, please contact | |
33 * openssl-core@openssl.org. | |
34 * | |
35 * 5. Products derived from this software may not be called "OpenSSL" | |
36 * nor may "OpenSSL" appear in their names without prior written | |
37 * permission of the OpenSSL Project. | |
38 * | |
39 * 6. Redistributions of any form whatsoever must retain the following | |
40 * acknowledgment: | |
41 * "This product includes software developed by the OpenSSL Project | |
42 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
43 * | |
44 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
45 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
47 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
48 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
49 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
50 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
51 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
53 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
54 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
55 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
56 * ==================================================================== | |
57 * | |
58 * This product includes cryptographic software written by Eric Young | |
59 * (eay@cryptsoft.com). This product includes software written by Tim | |
60 * Hudson (tjh@cryptsoft.com). | |
61 * | |
62 */ | |
63 | |
64 #ifndef HEADER_OCSP_H | |
65 #define HEADER_OCSP_H | |
66 | |
67 #include <openssl/ossl_typ.h> | |
68 #include <openssl/x509.h> | |
69 #include <openssl/x509v3.h> | |
70 #include <openssl/safestack.h> | |
71 | |
72 #ifdef __cplusplus | |
73 extern "C" { | |
74 #endif | |
75 | |
76 /* Various flags and values */ | |
77 | |
78 #define OCSP_DEFAULT_NONCE_LENGTH 16 | |
79 | |
80 #define OCSP_NOCERTS 0x1 | |
81 #define OCSP_NOINTERN 0x2 | |
82 #define OCSP_NOSIGS 0x4 | |
83 #define OCSP_NOCHAIN 0x8 | |
84 #define OCSP_NOVERIFY 0x10 | |
85 #define OCSP_NOEXPLICIT 0x20 | |
86 #define OCSP_NOCASIGN 0x40 | |
87 #define OCSP_NODELEGATED 0x80 | |
88 #define OCSP_NOCHECKS 0x100 | |
89 #define OCSP_TRUSTOTHER 0x200 | |
90 #define OCSP_RESPID_KEY 0x400 | |
91 #define OCSP_NOTIME 0x800 | |
92 | |
93 /* CertID ::= SEQUENCE { | |
94 * hashAlgorithm AlgorithmIdentifier, | |
95 * issuerNameHash OCTET STRING, -- Hash of Issuer's DN | |
96 * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excludi
ng the tag & length fields) | |
97 * serialNumber CertificateSerialNumber } | |
98 */ | |
99 typedef struct ocsp_cert_id_st | |
100 { | |
101 X509_ALGOR *hashAlgorithm; | |
102 ASN1_OCTET_STRING *issuerNameHash; | |
103 ASN1_OCTET_STRING *issuerKeyHash; | |
104 ASN1_INTEGER *serialNumber; | |
105 } OCSP_CERTID; | |
106 | |
107 DECLARE_STACK_OF(OCSP_CERTID) | |
108 | |
109 /* Request ::= SEQUENCE { | |
110 * reqCert CertID, | |
111 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } | |
112 */ | |
113 typedef struct ocsp_one_request_st | |
114 { | |
115 OCSP_CERTID *reqCert; | |
116 STACK_OF(X509_EXTENSION) *singleRequestExtensions; | |
117 } OCSP_ONEREQ; | |
118 | |
119 DECLARE_STACK_OF(OCSP_ONEREQ) | |
120 DECLARE_ASN1_SET_OF(OCSP_ONEREQ) | |
121 | |
122 | |
123 /* TBSRequest ::= SEQUENCE { | |
124 * version [0] EXPLICIT Version DEFAULT v1, | |
125 * requestorName [1] EXPLICIT GeneralName OPTIONAL, | |
126 * requestList SEQUENCE OF Request, | |
127 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } | |
128 */ | |
129 typedef struct ocsp_req_info_st | |
130 { | |
131 ASN1_INTEGER *version; | |
132 GENERAL_NAME *requestorName; | |
133 STACK_OF(OCSP_ONEREQ) *requestList; | |
134 STACK_OF(X509_EXTENSION) *requestExtensions; | |
135 } OCSP_REQINFO; | |
136 | |
137 /* Signature ::= SEQUENCE { | |
138 * signatureAlgorithm AlgorithmIdentifier, | |
139 * signature BIT STRING, | |
140 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } | |
141 */ | |
142 typedef struct ocsp_signature_st | |
143 { | |
144 X509_ALGOR *signatureAlgorithm; | |
145 ASN1_BIT_STRING *signature; | |
146 STACK_OF(X509) *certs; | |
147 } OCSP_SIGNATURE; | |
148 | |
149 /* OCSPRequest ::= SEQUENCE { | |
150 * tbsRequest TBSRequest, | |
151 * optionalSignature [0] EXPLICIT Signature OPTIONAL } | |
152 */ | |
153 typedef struct ocsp_request_st | |
154 { | |
155 OCSP_REQINFO *tbsRequest; | |
156 OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ | |
157 } OCSP_REQUEST; | |
158 | |
159 /* OCSPResponseStatus ::= ENUMERATED { | |
160 * successful (0), --Response has valid confirmations | |
161 * malformedRequest (1), --Illegal confirmation request | |
162 * internalError (2), --Internal error in issuer | |
163 * tryLater (3), --Try again later | |
164 * --(4) is not used | |
165 * sigRequired (5), --Must sign the request | |
166 * unauthorized (6) --Request unauthorized | |
167 * } | |
168 */ | |
169 #define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 | |
170 #define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 | |
171 #define OCSP_RESPONSE_STATUS_INTERNALERROR 2 | |
172 #define OCSP_RESPONSE_STATUS_TRYLATER 3 | |
173 #define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 | |
174 #define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 | |
175 | |
176 /* ResponseBytes ::= SEQUENCE { | |
177 * responseType OBJECT IDENTIFIER, | |
178 * response OCTET STRING } | |
179 */ | |
180 typedef struct ocsp_resp_bytes_st | |
181 { | |
182 ASN1_OBJECT *responseType; | |
183 ASN1_OCTET_STRING *response; | |
184 } OCSP_RESPBYTES; | |
185 | |
186 /* OCSPResponse ::= SEQUENCE { | |
187 * responseStatus OCSPResponseStatus, | |
188 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } | |
189 */ | |
190 struct ocsp_response_st | |
191 { | |
192 ASN1_ENUMERATED *responseStatus; | |
193 OCSP_RESPBYTES *responseBytes; | |
194 }; | |
195 | |
196 /* ResponderID ::= CHOICE { | |
197 * byName [1] Name, | |
198 * byKey [2] KeyHash } | |
199 */ | |
200 #define V_OCSP_RESPID_NAME 0 | |
201 #define V_OCSP_RESPID_KEY 1 | |
202 struct ocsp_responder_id_st | |
203 { | |
204 int type; | |
205 union { | |
206 X509_NAME* byName; | |
207 ASN1_OCTET_STRING *byKey; | |
208 } value; | |
209 }; | |
210 | |
211 DECLARE_STACK_OF(OCSP_RESPID) | |
212 DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) | |
213 | |
214 /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key | |
215 * --(excluding the tag and length fields) | |
216 */ | |
217 | |
218 /* RevokedInfo ::= SEQUENCE { | |
219 * revocationTime GeneralizedTime, | |
220 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } | |
221 */ | |
222 typedef struct ocsp_revoked_info_st | |
223 { | |
224 ASN1_GENERALIZEDTIME *revocationTime; | |
225 ASN1_ENUMERATED *revocationReason; | |
226 } OCSP_REVOKEDINFO; | |
227 | |
228 /* CertStatus ::= CHOICE { | |
229 * good [0] IMPLICIT NULL, | |
230 * revoked [1] IMPLICIT RevokedInfo, | |
231 * unknown [2] IMPLICIT UnknownInfo } | |
232 */ | |
233 #define V_OCSP_CERTSTATUS_GOOD 0 | |
234 #define V_OCSP_CERTSTATUS_REVOKED 1 | |
235 #define V_OCSP_CERTSTATUS_UNKNOWN 2 | |
236 typedef struct ocsp_cert_status_st | |
237 { | |
238 int type; | |
239 union { | |
240 ASN1_NULL *good; | |
241 OCSP_REVOKEDINFO *revoked; | |
242 ASN1_NULL *unknown; | |
243 } value; | |
244 } OCSP_CERTSTATUS; | |
245 | |
246 /* SingleResponse ::= SEQUENCE { | |
247 * certID CertID, | |
248 * certStatus CertStatus, | |
249 * thisUpdate GeneralizedTime, | |
250 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, | |
251 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } | |
252 */ | |
253 typedef struct ocsp_single_response_st | |
254 { | |
255 OCSP_CERTID *certId; | |
256 OCSP_CERTSTATUS *certStatus; | |
257 ASN1_GENERALIZEDTIME *thisUpdate; | |
258 ASN1_GENERALIZEDTIME *nextUpdate; | |
259 STACK_OF(X509_EXTENSION) *singleExtensions; | |
260 } OCSP_SINGLERESP; | |
261 | |
262 DECLARE_STACK_OF(OCSP_SINGLERESP) | |
263 DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) | |
264 | |
265 /* ResponseData ::= SEQUENCE { | |
266 * version [0] EXPLICIT Version DEFAULT v1, | |
267 * responderID ResponderID, | |
268 * producedAt GeneralizedTime, | |
269 * responses SEQUENCE OF SingleResponse, | |
270 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } | |
271 */ | |
272 typedef struct ocsp_response_data_st | |
273 { | |
274 ASN1_INTEGER *version; | |
275 OCSP_RESPID *responderId; | |
276 ASN1_GENERALIZEDTIME *producedAt; | |
277 STACK_OF(OCSP_SINGLERESP) *responses; | |
278 STACK_OF(X509_EXTENSION) *responseExtensions; | |
279 } OCSP_RESPDATA; | |
280 | |
281 /* BasicOCSPResponse ::= SEQUENCE { | |
282 * tbsResponseData ResponseData, | |
283 * signatureAlgorithm AlgorithmIdentifier, | |
284 * signature BIT STRING, | |
285 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } | |
286 */ | |
287 /* Note 1: | |
288 The value for "signature" is specified in the OCSP rfc2560 as follows: | |
289 "The value for the signature SHALL be computed on the hash of the DER | |
290 encoding ResponseData." This means that you must hash the DER-encoded | |
291 tbsResponseData, and then run it through a crypto-signing function, which | |
292 will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems | |
293 a bit odd, but that's the spec. Also note that the data structures do not | |
294 leave anywhere to independently specify the algorithm used for the initial | |
295 hash. So, we look at the signature-specification algorithm, and try to do | |
296 something intelligent. -- Kathy Weinhold, CertCo */ | |
297 /* Note 2: | |
298 It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open | |
299 for interpretation. I've done tests against another responder, and found | |
300 that it doesn't do the double hashing that the RFC seems to say one | |
301 should. Therefore, all relevant functions take a flag saying which | |
302 variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ | |
303 typedef struct ocsp_basic_response_st | |
304 { | |
305 OCSP_RESPDATA *tbsResponseData; | |
306 X509_ALGOR *signatureAlgorithm; | |
307 ASN1_BIT_STRING *signature; | |
308 STACK_OF(X509) *certs; | |
309 } OCSP_BASICRESP; | |
310 | |
311 /* | |
312 * CRLReason ::= ENUMERATED { | |
313 * unspecified (0), | |
314 * keyCompromise (1), | |
315 * cACompromise (2), | |
316 * affiliationChanged (3), | |
317 * superseded (4), | |
318 * cessationOfOperation (5), | |
319 * certificateHold (6), | |
320 * removeFromCRL (8) } | |
321 */ | |
322 #define OCSP_REVOKED_STATUS_NOSTATUS -1 | |
323 #define OCSP_REVOKED_STATUS_UNSPECIFIED 0 | |
324 #define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 | |
325 #define OCSP_REVOKED_STATUS_CACOMPROMISE 2 | |
326 #define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 | |
327 #define OCSP_REVOKED_STATUS_SUPERSEDED 4 | |
328 #define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 | |
329 #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 | |
330 #define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 | |
331 | |
332 /* CrlID ::= SEQUENCE { | |
333 * crlUrl [0] EXPLICIT IA5String OPTIONAL, | |
334 * crlNum [1] EXPLICIT INTEGER OPTIONAL, | |
335 * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } | |
336 */ | |
337 typedef struct ocsp_crl_id_st | |
338 { | |
339 ASN1_IA5STRING *crlUrl; | |
340 ASN1_INTEGER *crlNum; | |
341 ASN1_GENERALIZEDTIME *crlTime; | |
342 } OCSP_CRLID; | |
343 | |
344 /* ServiceLocator ::= SEQUENCE { | |
345 * issuer Name, | |
346 * locator AuthorityInfoAccessSyntax OPTIONAL } | |
347 */ | |
348 typedef struct ocsp_service_locator_st | |
349 { | |
350 X509_NAME* issuer; | |
351 STACK_OF(ACCESS_DESCRIPTION) *locator; | |
352 } OCSP_SERVICELOC; | |
353 | |
354 #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" | |
355 #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" | |
356 | |
357 #define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new
,d2i_OCSP_REQUEST,bp,p) | |
358 | |
359 #define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_
new,d2i_OCSP_RESPONSE,bp,p) | |
360 | |
361 #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ | |
362 (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL
) | |
363 | |
364 #define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ | |
365 (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NU
LL) | |
366 | |
367 #define PEM_write_bio_OCSP_REQUEST(bp,o) \ | |
368 PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ | |
369 bp,(char *)o, NULL,NULL,0,NULL,NULL) | |
370 | |
371 #define PEM_write_bio_OCSP_RESPONSE(bp,o) \ | |
372 PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ | |
373 bp,(char *)o, NULL,NULL,0,NULL,NULL) | |
374 | |
375 #define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPO
NSE,bp,o) | |
376 | |
377 #define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST
,bp,o) | |
378 | |
379 #define OCSP_REQUEST_sign(o,pkey,md) \ | |
380 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ | |
381 o->optionalSignature->signatureAlgorithm,NULL,\ | |
382 o->optionalSignature->signature,o->tbsRequest,pkey,md) | |
383 | |
384 #define OCSP_BASICRESP_sign(o,pkey,md,d) \ | |
385 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,
\ | |
386 o->signature,o->tbsResponseData,pkey,md) | |
387 | |
388 #define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ | |
389 a->optionalSignature->signatureAlgorithm,\ | |
390 a->optionalSignature->signature,a->tbsRequest,r) | |
391 | |
392 #define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDA
TA),\ | |
393 a->signatureAlgorithm,a->signature,a->tbsResponseData,r) | |
394 | |
395 #define ASN1_BIT_STRING_digest(data,type,md,len) \ | |
396 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) | |
397 | |
398 #define OCSP_CERTSTATUS_dup(cs)\ | |
399 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ | |
400 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) | |
401 | |
402 OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); | |
403 | |
404 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); | |
405 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, | |
406 int maxline); | |
407 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); | |
408 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); | |
409 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); | |
410 int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, | |
411 const char *name, const char *value); | |
412 | |
413 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); | |
414 | |
415 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, | |
416 X509_NAME *issuerName, | |
417 ASN1_BIT_STRING* issuerKey, | |
418 ASN1_INTEGER *serialNumber); | |
419 | |
420 OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); | |
421 | |
422 int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); | |
423 int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); | |
424 int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); | |
425 int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); | |
426 | |
427 int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); | |
428 int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); | |
429 | |
430 int OCSP_request_sign(OCSP_REQUEST *req, | |
431 X509 *signer, | |
432 EVP_PKEY *key, | |
433 const EVP_MD *dgst, | |
434 STACK_OF(X509) *certs, | |
435 unsigned long flags); | |
436 | |
437 int OCSP_response_status(OCSP_RESPONSE *resp); | |
438 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); | |
439 | |
440 int OCSP_resp_count(OCSP_BASICRESP *bs); | |
441 OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); | |
442 int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); | |
443 int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, | |
444 ASN1_GENERALIZEDTIME **revtime, | |
445 ASN1_GENERALIZEDTIME **thisupd, | |
446 ASN1_GENERALIZEDTIME **nextupd); | |
447 int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, | |
448 int *reason, | |
449 ASN1_GENERALIZEDTIME **revtime, | |
450 ASN1_GENERALIZEDTIME **thisupd, | |
451 ASN1_GENERALIZEDTIME **nextupd); | |
452 int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, | |
453 ASN1_GENERALIZEDTIME *nextupd, | |
454 long sec, long maxsec); | |
455 | |
456 int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st
ore, unsigned long flags); | |
457 | |
458 int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
l); | |
459 | |
460 int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); | |
461 int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); | |
462 | |
463 int OCSP_request_onereq_count(OCSP_REQUEST *req); | |
464 OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); | |
465 OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); | |
466 int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, | |
467 ASN1_OCTET_STRING **pikeyHash, | |
468 ASN1_INTEGER **pserial, OCSP_CERTID *cid); | |
469 int OCSP_request_is_signed(OCSP_REQUEST *req); | |
470 OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); | |
471 OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, | |
472 OCSP_CERTID *cid, | |
473 int status, int reason, | |
474 ASN1_TIME *revtime, | |
475 ASN1_TIME *thisupd, ASN1_TIME *nextupd); | |
476 int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); | |
477 int OCSP_basic_sign(OCSP_BASICRESP *brsp, | |
478 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, | |
479 STACK_OF(X509) *certs, unsigned long flags); | |
480 | |
481 X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); | |
482 | |
483 X509_EXTENSION *OCSP_accept_responses_new(char **oids); | |
484 | |
485 X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); | |
486 | |
487 X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); | |
488 | |
489 int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); | |
490 int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); | |
491 int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos); | |
492 int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); | |
493 X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); | |
494 X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); | |
495 void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx); | |
496 int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, | |
497 unsigned long flags); | |
498 int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); | |
499 | |
500 int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); | |
501 int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); | |
502 int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos); | |
503 int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); | |
504 X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); | |
505 X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); | |
506 void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); | |
507 int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, | |
508 unsigned long flags); | |
509 int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); | |
510 | |
511 int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); | |
512 int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); | |
513 int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastp
os); | |
514 int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
; | |
515 X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); | |
516 X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); | |
517 void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *id
x); | |
518 int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int cri
t, | |
519 unsigned long flags); | |
520 int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); | |
521 | |
522 int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); | |
523 int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); | |
524 int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int las
tpos); | |
525 int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpo
s); | |
526 X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); | |
527 X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); | |
528 void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *
idx); | |
529 int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int c
rit, | |
530 unsigned long flags); | |
531 int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); | |
532 | |
533 DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) | |
534 DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) | |
535 DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) | |
536 DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) | |
537 DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) | |
538 DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) | |
539 DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) | |
540 DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) | |
541 DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) | |
542 DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) | |
543 DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) | |
544 DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) | |
545 DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) | |
546 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) | |
547 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) | |
548 | |
549 const char *OCSP_response_status_str(long s); | |
550 const char *OCSP_cert_status_str(long s); | |
551 const char *OCSP_crl_reason_str(long s); | |
552 | |
553 int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); | |
554 int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); | |
555 | |
556 int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, | |
557 X509_STORE *st, unsigned long flags); | |
558 | |
559 /* BEGIN ERROR CODES */ | |
560 /* The following lines are auto generated by the script mkerr.pl. Any changes | |
561 * made after this point may be overwritten when the script is next run. | |
562 */ | |
563 void ERR_load_OCSP_strings(void); | |
564 | |
565 /* Error codes for the OCSP functions. */ | |
566 | |
567 /* Function codes. */ | |
568 #define OCSP_F_ASN1_STRING_ENCODE 100 | |
569 #define OCSP_F_D2I_OCSP_NONCE 102 | |
570 #define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 | |
571 #define OCSP_F_OCSP_BASIC_SIGN 104 | |
572 #define OCSP_F_OCSP_BASIC_VERIFY 105 | |
573 #define OCSP_F_OCSP_CERT_ID_NEW 101 | |
574 #define OCSP_F_OCSP_CHECK_DELEGATED 106 | |
575 #define OCSP_F_OCSP_CHECK_IDS 107 | |
576 #define OCSP_F_OCSP_CHECK_ISSUER 108 | |
577 #define OCSP_F_OCSP_CHECK_VALIDITY 115 | |
578 #define OCSP_F_OCSP_MATCH_ISSUERID 109 | |
579 #define OCSP_F_OCSP_PARSE_URL 114 | |
580 #define OCSP_F_OCSP_REQUEST_SIGN 110 | |
581 #define OCSP_F_OCSP_REQUEST_VERIFY 116 | |
582 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 | |
583 #define OCSP_F_OCSP_SENDREQ_BIO 112 | |
584 #define OCSP_F_OCSP_SENDREQ_NBIO 117 | |
585 #define OCSP_F_PARSE_HTTP_LINE1 118 | |
586 #define OCSP_F_REQUEST_VERIFY 113 | |
587 | |
588 /* Reason codes. */ | |
589 #define OCSP_R_BAD_DATA 100 | |
590 #define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 | |
591 #define OCSP_R_DIGEST_ERR 102 | |
592 #define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 | |
593 #define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 | |
594 #define OCSP_R_ERROR_PARSING_URL 121 | |
595 #define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 | |
596 #define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 | |
597 #define OCSP_R_NOT_BASIC_RESPONSE 104 | |
598 #define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 | |
599 #define OCSP_R_NO_CONTENT 106 | |
600 #define OCSP_R_NO_PUBLIC_KEY 107 | |
601 #define OCSP_R_NO_RESPONSE_DATA 108 | |
602 #define OCSP_R_NO_REVOKED_TIME 109 | |
603 #define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 | |
604 #define OCSP_R_REQUEST_NOT_SIGNED 128 | |
605 #define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 | |
606 #define OCSP_R_ROOT_CA_NOT_TRUSTED 112 | |
607 #define OCSP_R_SERVER_READ_ERROR 113 | |
608 #define OCSP_R_SERVER_RESPONSE_ERROR 114 | |
609 #define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 | |
610 #define OCSP_R_SERVER_WRITE_ERROR 116 | |
611 #define OCSP_R_SIGNATURE_FAILURE 117 | |
612 #define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 | |
613 #define OCSP_R_STATUS_EXPIRED 125 | |
614 #define OCSP_R_STATUS_NOT_YET_VALID 126 | |
615 #define OCSP_R_STATUS_TOO_OLD 127 | |
616 #define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 | |
617 #define OCSP_R_UNKNOWN_NID 120 | |
618 #define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 | |
619 | |
620 #ifdef __cplusplus | |
621 } | |
622 #endif | |
623 #endif | |
OLD | NEW |