mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add OCSP_resp_get1_id() accessor

Browse Source 
Adding a get1 style accessor as brought up in mailing list post
https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.html

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1876)
This commit is contained in:
Sascha Steinbiss 2016-11-08 10:16:45 +01:00 committed by Rich Salz
parent 15b1688ac9
commit db17e43d88
4 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
crypto/ocsp/ocsp_cl.c
View File

@ -10,6 +10,7 @@
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
@ -199,9 +200,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid,
const X509_NAME **pname)
{
const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
if (rid->type == V_OCSP_RESPID_NAME) {
*pname = rid->value.byName;
*pid = NULL;
@ -214,6 +215,26 @@ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
return 1;
}
int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
ASN1_OCTET_STRING **pid,
X509_NAME **pname)
{
const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
if (rid->type == V_OCSP_RESPID_NAME) {
*pname = X509_NAME_dup(rid->value.byName);
*pid = NULL;
} else if (rid->type == V_OCSP_RESPID_KEY) {
*pid = ASN1_OCTET_STRING_dup(rid->value.byKey);
*pname = NULL;
} else {
return 0;
}
if (pname == NULL && pid == NULL)
return 0;
return 1;
}
/* Look single response matching a given certificate ID */
int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)

9
doc/man3/OCSP_resp_find_status.pod
View File

@ -4,6 +4,7 @@
OCSP_resp_get0_certs,
OCSP_resp_get0_id,
OCSP_resp_get1_id,
OCSP_resp_get0_produced_at,
OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
OCSP_single_get0_status, OCSP_check_validity
@ -35,6 +36,9 @@ OCSP_single_get0_status, OCSP_check_validity
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid,
const X509_NAME **pname);
int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
ASN1_OCTET_STRING **pid,
X509_NAME **pname);
int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
ASN1_GENERALIZEDTIME *nextupd,
@ -75,7 +79,10 @@ OCSP_resp_get0_certs() returns any certificates included in B<bs>.
OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is
a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
is set to NULL.
is set to NULL. OCSP_resp_get1_id() leaves ownership of B<*pid> and B<*pname>
with the caller, who is responsible for freeing them. Both functions return 1
in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0,
no freeing of the results is necessary.
OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
which will be typically obtained from OCSP_resp_find_status() or

3
include/openssl/ocsp.h
View File

@ -221,6 +221,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid,
const X509_NAME **pname);
int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
ASN1_OCTET_STRING **pid,
X509_NAME **pname);
int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,

1
util/libcrypto.num
View File

@ -4299,3 +4299,4 @@ UI_method_get_data_destructor 4241 1_1_1 EXIST::FUNCTION:UI
ERR_load_strings_const 4242 1_1_1 EXIST::FUNCTION:
ASN1_TIME_to_tm 4243 1_1_1 EXIST::FUNCTION:
ASN1_TIME_set_string_X509 4244 1_1_1 EXIST::FUNCTION:
OCSP_resp_get1_id 4245 1_1_1 EXIST::FUNCTION:OCSP