[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Wed Jul 13 17:08:44 UTC 2016 

The branch master has been updated
       via  d701504dfee35b8ddc6f8ab7d81a569e97c4c6cd (commit)
       via  02fb7cfeb2467a9644fd97da2c2788d9d270eb00 (commit)
      from  e99ab8ffd70c24a68b8e9c46da1d669fe0bed810 (commit)


- Log -----------------------------------------------------------------
commit d701504dfee35b8ddc6f8ab7d81a569e97c4c6cd
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Jul 13 14:20:49 2016 +0100

    make update
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 02fb7cfeb2467a9644fd97da2c2788d9d270eb00
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Jul 13 14:20:15 2016 +0100

    Add OCSP accessors.
    
    RT#4605
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/ocsp/ocsp_cl.c                | 23 +++++++++++++++++++++++
 doc/crypto/OCSP_resp_find_status.pod | 13 +++++++++++++
 include/openssl/ocsp.h               |  5 +++++
 util/libcrypto.num                   |  2 ++
 4 files changed, 43 insertions(+)

diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index 33a30bd..d0ee057 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -191,6 +191,29 @@ ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs)
     return bs->tbsResponseData.producedAt;
 }
 
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
+{
+    return bs->certs;
+}
+
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname)
+
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = rid->value.byName;
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = rid->value.byKey;
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    return 1;
+}
+
 /* Look single response matching a given certificate ID */
 
 int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
diff --git a/doc/crypto/OCSP_resp_find_status.pod b/doc/crypto/OCSP_resp_find_status.pod
index a852eaa..b948965 100644
--- a/doc/crypto/OCSP_resp_find_status.pod
+++ b/doc/crypto/OCSP_resp_find_status.pod
@@ -27,6 +27,12 @@ OCSP_single_get0_status, OCSP_check_validity
 
  ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* single);
 
+ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+
+ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                       const ASN1_OCTET_STRING **pid,
+                       const X509_NAME **pname);
+
  int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
                          ASN1_GENERALIZEDTIME *nextupd,
                          long sec, long maxsec);
@@ -61,6 +67,13 @@ B<*revtime>, B<*thisupd> and B<*nextupd>.
 OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the
 single response B<bs>.
 
+OCSP_resp_get0_certs() returns any certificates included in B<bs>.
+
+OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is
+a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
+responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
+is set to NULL.
+
 OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
 which will be typically obtained from OCSP_resp_find_status() or
 OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index 7ded752..c74495a 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -213,6 +213,11 @@ ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs);
 int OCSP_resp_count(OCSP_BASICRESP *bs);
 OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
 ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname);
+
 int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
 int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
                             ASN1_GENERALIZEDTIME **revtime,
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 6da939d..aa70000 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4150,3 +4150,5 @@ DSA_SIG_set0                            4094	1_1_0	EXIST::FUNCTION:DSA
 EVP_PKEY_get0_hmac                      4095	1_1_0	EXIST::FUNCTION:
 HMAC_CTX_get_md                         4096	1_1_0	EXIST::FUNCTION:
 NAME_CONSTRAINTS_check_CN               4097	1_1_0	EXIST::FUNCTION:
+OCSP_resp_get0_id                       4098	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_resp_get0_certs                    4099	1_1_0	EXIST::FUNCTION:OCSP

More information about the openssl-commits mailing list