67 #include <openssl/ossl_typ.h>
68 #include <openssl/x509.h>
69 #include <openssl/x509v3.h>
70 #include <openssl/safestack.h>
78 #define OCSP_DEFAULT_NONCE_LENGTH 16
80 #define OCSP_NOCERTS 0x1
81 #define OCSP_NOINTERN 0x2
82 #define OCSP_NOSIGS 0x4
83 #define OCSP_NOCHAIN 0x8
84 #define OCSP_NOVERIFY 0x10
85 #define OCSP_NOEXPLICIT 0x20
86 #define OCSP_NOCASIGN 0x40
87 #define OCSP_NODELEGATED 0x80
88 #define OCSP_NOCHECKS 0x100
89 #define OCSP_TRUSTOTHER 0x200
90 #define OCSP_RESPID_KEY 0x400
91 #define OCSP_NOTIME 0x800
146 STACK_OF(
X509) *certs;
169 #define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
170 #define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
171 #define OCSP_RESPONSE_STATUS_INTERNALERROR 2
172 #define OCSP_RESPONSE_STATUS_TRYLATER 3
173 #define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
174 #define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
200 #define V_OCSP_RESPID_NAME 0
201 #define V_OCSP_RESPID_KEY 1
233 #define V_OCSP_CERTSTATUS_GOOD 0
234 #define V_OCSP_CERTSTATUS_REVOKED 1
235 #define V_OCSP_CERTSTATUS_UNKNOWN 2
308 STACK_OF(
X509) *certs;
322 #define OCSP_REVOKED_STATUS_NOSTATUS -1
323 #define OCSP_REVOKED_STATUS_UNSPECIFIED 0
324 #define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
325 #define OCSP_REVOKED_STATUS_CACOMPROMISE 2
326 #define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
327 #define OCSP_REVOKED_STATUS_SUPERSEDED 4
328 #define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
329 #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
330 #define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
354 #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
355 #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
357 #define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
359 #define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
361 #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
362 (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
364 #define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
365 (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
367 #define PEM_write_bio_OCSP_REQUEST(bp,o) \
368 PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
369 bp,(char *)o, NULL,NULL,0,NULL,NULL)
371 #define PEM_write_bio_OCSP_RESPONSE(bp,o) \
372 PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
373 bp,(char *)o, NULL,NULL,0,NULL,NULL)
375 #define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
377 #define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
379 #define OCSP_REQUEST_sign(o,pkey,md) \
380 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
381 o->optionalSignature->signatureAlgorithm,NULL,\
382 o->optionalSignature->signature,o->tbsRequest,pkey,md)
384 #define OCSP_BASICRESP_sign(o,pkey,md,d) \
385 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
386 o->signature,o->tbsResponseData,pkey,md)
388 #define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
389 a->optionalSignature->signatureAlgorithm,\
390 a->optionalSignature->signature,a->tbsRequest,r)
392 #define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
393 a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
395 #define ASN1_BIT_STRING_digest(data,type,md,len) \
396 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
398 #define OCSP_CERTSTATUS_dup(cs)\
399 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
400 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
407 int OCSP_sendreq_nbio(
OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
408 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
409 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx,
OCSP_REQUEST *req);
410 int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
411 const char *name,
const char *value);
422 int OCSP_request_add1_nonce(
OCSP_REQUEST *req,
unsigned char *val,
int len);
423 int OCSP_basic_add1_nonce(
OCSP_BASICRESP *resp,
unsigned char *val,
int len);
434 STACK_OF(
X509) *certs,
435 unsigned long flags);
454 long sec,
long maxsec);
458 int OCSP_parse_url(
char *url,
char **phost,
char **pport,
char **ppath,
int *pssl);
473 int status,
int reason,
479 STACK_OF(
X509) *certs,
unsigned long flags);
490 int OCSP_REQUEST_get_ext_by_NID(
OCSP_REQUEST *x,
int nid,
int lastpos);
492 int OCSP_REQUEST_get_ext_by_critical(
OCSP_REQUEST *x,
int crit,
int lastpos);
495 void *OCSP_REQUEST_get1_ext_d2i(
OCSP_REQUEST *x,
int nid,
int *crit,
int *idx);
496 int OCSP_REQUEST_add1_ext_i2d(
OCSP_REQUEST *x,
int nid,
void *value,
int crit,
497 unsigned long flags);
501 int OCSP_ONEREQ_get_ext_by_NID(
OCSP_ONEREQ *x,
int nid,
int lastpos);
503 int OCSP_ONEREQ_get_ext_by_critical(
OCSP_ONEREQ *x,
int crit,
int lastpos);
506 void *OCSP_ONEREQ_get1_ext_d2i(
OCSP_ONEREQ *x,
int nid,
int *crit,
int *idx);
507 int OCSP_ONEREQ_add1_ext_i2d(
OCSP_ONEREQ *x,
int nid,
void *value,
int crit,
508 unsigned long flags);
512 int OCSP_BASICRESP_get_ext_by_NID(
OCSP_BASICRESP *x,
int nid,
int lastpos);
514 int OCSP_BASICRESP_get_ext_by_critical(
OCSP_BASICRESP *x,
int crit,
int lastpos);
517 void *OCSP_BASICRESP_get1_ext_d2i(
OCSP_BASICRESP *x,
int nid,
int *crit,
int *idx);
518 int OCSP_BASICRESP_add1_ext_i2d(
OCSP_BASICRESP *x,
int nid,
void *value,
int crit,
519 unsigned long flags);
523 int OCSP_SINGLERESP_get_ext_by_NID(
OCSP_SINGLERESP *x,
int nid,
int lastpos);
525 int OCSP_SINGLERESP_get_ext_by_critical(
OCSP_SINGLERESP *x,
int crit,
int lastpos);
528 void *OCSP_SINGLERESP_get1_ext_d2i(
OCSP_SINGLERESP *x,
int nid,
int *crit,
int *idx);
529 int OCSP_SINGLERESP_add1_ext_i2d(
OCSP_SINGLERESP *x,
int nid,
void *value,
int crit,
530 unsigned long flags);
549 const
char *OCSP_response_status_str(
long s);
550 const
char *OCSP_cert_status_str(
long s);
551 const
char *OCSP_crl_reason_str(
long s);
563 void ERR_load_OCSP_strings(
void);
568 #define OCSP_F_ASN1_STRING_ENCODE 100
569 #define OCSP_F_D2I_OCSP_NONCE 102
570 #define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
571 #define OCSP_F_OCSP_BASIC_SIGN 104
572 #define OCSP_F_OCSP_BASIC_VERIFY 105
573 #define OCSP_F_OCSP_CERT_ID_NEW 101
574 #define OCSP_F_OCSP_CHECK_DELEGATED 106
575 #define OCSP_F_OCSP_CHECK_IDS 107
576 #define OCSP_F_OCSP_CHECK_ISSUER 108
577 #define OCSP_F_OCSP_CHECK_VALIDITY 115
578 #define OCSP_F_OCSP_MATCH_ISSUERID 109
579 #define OCSP_F_OCSP_PARSE_URL 114
580 #define OCSP_F_OCSP_REQUEST_SIGN 110
581 #define OCSP_F_OCSP_REQUEST_VERIFY 116
582 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
583 #define OCSP_F_OCSP_SENDREQ_BIO 112
584 #define OCSP_F_OCSP_SENDREQ_NBIO 117
585 #define OCSP_F_PARSE_HTTP_LINE1 118
586 #define OCSP_F_REQUEST_VERIFY 113
589 #define OCSP_R_BAD_DATA 100
590 #define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
591 #define OCSP_R_DIGEST_ERR 102
592 #define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
593 #define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123
594 #define OCSP_R_ERROR_PARSING_URL 121
595 #define OCSP_R_MISSING_OCSPSIGNING_USAGE 103
596 #define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
597 #define OCSP_R_NOT_BASIC_RESPONSE 104
598 #define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
599 #define OCSP_R_NO_CONTENT 106
600 #define OCSP_R_NO_PUBLIC_KEY 107
601 #define OCSP_R_NO_RESPONSE_DATA 108
602 #define OCSP_R_NO_REVOKED_TIME 109
603 #define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110
604 #define OCSP_R_REQUEST_NOT_SIGNED 128
605 #define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
606 #define OCSP_R_ROOT_CA_NOT_TRUSTED 112
607 #define OCSP_R_SERVER_READ_ERROR 113
608 #define OCSP_R_SERVER_RESPONSE_ERROR 114
609 #define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115
610 #define OCSP_R_SERVER_WRITE_ERROR 116
611 #define OCSP_R_SIGNATURE_FAILURE 117
612 #define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
613 #define OCSP_R_STATUS_EXPIRED 125
614 #define OCSP_R_STATUS_NOT_YET_VALID 126
615 #define OCSP_R_STATUS_TOO_OLD 127
616 #define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119
617 #define OCSP_R_UNKNOWN_NID 120
618 #define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
Definition: x509_vfy.h:183