New function and options to check OCSP response validity.

[openssl.git] / crypto / ocsp / ocsp_err.c

diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
index 63677b572ebc2edaaca41e5b0957330a70d75a14..1cbf9cab306c08ad116febb760e5b099cbb25391 100644 (file)
--- a/crypto/ocsp/ocsp_err.c
+++ b/crypto/ocsp/ocsp_err.c
@@ -63,7 +63,7 @@
 #include <openssl/ocsp.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA OCSP_str_functs[]=
        {
 {ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0),      "ASN1_STRING_encode"},
@@ -75,6 +75,7 @@ static ERR_STRING_DATA OCSP_str_functs[]=
 {ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0),    "OCSP_CHECK_DELEGATED"},
 {ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0),  "OCSP_CHECK_IDS"},
 {ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0),       "OCSP_CHECK_ISSUER"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0),     "OCSP_check_validity"},
 {ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0),     "OCSP_MATCH_ISSUERID"},
 {ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0),  "OCSP_parse_url"},
 {ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0),       "OCSP_request_sign"},
@@ -89,8 +90,11 @@ static ERR_STRING_DATA OCSP_str_reasons[]=
 {OCSP_R_BAD_DATA                         ,"bad data"},
 {OCSP_R_CERTIFICATE_VERIFY_ERROR         ,"certificate verify error"},
 {OCSP_R_DIGEST_ERR                       ,"digest err"},
+{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD        ,"error in nextupdate field"},
+{OCSP_R_ERROR_IN_THISUPDATE_FIELD        ,"error in thisupdate field"},
 {OCSP_R_ERROR_PARSING_URL                ,"error parsing url"},
 {OCSP_R_MISSING_OCSPSIGNING_USAGE        ,"missing ocspsigning usage"},
+{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE     ,"nextupdate before thisupdate"},
 {OCSP_R_NOT_BASIC_RESPONSE               ,"not basic response"},
 {OCSP_R_NO_CERTIFICATES_IN_CHAIN         ,"no certificates in chain"},
 {OCSP_R_NO_CONTENT                       ,"no content"},
@@ -106,6 +110,9 @@ static ERR_STRING_DATA OCSP_str_reasons[]=
 {OCSP_R_SERVER_WRITE_ERROR               ,"server write error"},
 {OCSP_R_SIGNATURE_FAILURE                ,"signature failure"},
 {OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND     ,"signer certificate not found"},
+{OCSP_R_STATUS_EXPIRED                   ,"status expired"},
+{OCSP_R_STATUS_NOT_YET_VALID             ,"status not yet valid"},
+{OCSP_R_STATUS_TOO_OLD                   ,"status too old"},
 {OCSP_R_UNKNOWN_MESSAGE_DIGEST           ,"unknown message digest"},
 {OCSP_R_UNKNOWN_NID                      ,"unknown nid"},
 {0,NULL}
@@ -120,7 +127,7 @@ void ERR_load_OCSP_strings(void)
        if (init)
                {
                init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
                ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
 #endif