Implement remaining OCSP verify checks in

[openssl.git] / crypto / ocsp / ocsp.h

diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
index 60b843a2fa0239eebfd166ee3eb936f35e28c3c0..ef36ba991080b67b86de40f7af33bdcf408f38fa 100644 (file)
--- a/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
@@ -79,6 +79,12 @@ extern "C" {
 #define OCSP_NOCERTS                   0x1
 #define OCSP_NOINTERN                  0x2
 #define OCSP_NOSIGS                    0x4
+#define OCSP_NOCHAIN                   0x8
+#define OCSP_NOVERIFY                  0x10
+#define OCSP_NOEXPLICIT                        0x20
+#define OCSP_NOCASIGN                  0x40
+#define OCSP_NODELEGATED               0x80
+#define OCSP_NOCHECKS                  0x100
 
 /*   CertID ::= SEQUENCE {
  *       hashAlgorithm            AlgorithmIdentifier,
@@ -434,6 +440,7 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
 
 int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey);
 
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
 int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
 
 OCSP_BASICRESP *OCSP_basic_response_new(int tag,
@@ -554,7 +561,11 @@ void ERR_load_OCSP_strings(void);
 #define OCSP_F_CERT_STATUS_NEW                          103
 #define OCSP_F_D2I_OCSP_NONCE                           109
 #define OCSP_F_OCSP_BASIC_VERIFY                        113
+#define OCSP_F_OCSP_CHECK_DELEGATED                     117
+#define OCSP_F_OCSP_CHECK_IDS                           114
+#define OCSP_F_OCSP_CHECK_ISSUER                        115
 #define OCSP_F_OCSP_CHECK_NONCE                                 112
+#define OCSP_F_OCSP_MATCH_ISSUERID                      116
 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC                         111
 #define OCSP_F_OCSP_SENDREQ_BIO                                 110
 #define OCSP_F_REQUEST_VERIFY                           104
@@ -565,20 +576,25 @@ void ERR_load_OCSP_strings(void);
 /* Reason codes. */
 #define OCSP_R_BAD_DATA                                         108
 #define OCSP_R_BAD_TAG                                  100
+#define OCSP_R_CERTIFICATE_VERIFY_ERROR                         126
 #define OCSP_R_DIGEST_ERR                               101
 #define OCSP_R_FAILED_TO_OPEN                           109
 #define OCSP_R_FAILED_TO_READ                           110
 #define OCSP_R_FAILED_TO_STAT                           111
+#define OCSP_R_MISSING_OCSPSIGNING_USAGE                131
 #define OCSP_R_MISSING_VALUE                            112
 #define OCSP_R_NONCE_MISSING_IN_RESPONSE                121
 #define OCSP_R_NONCE_VALUE_MISMATCH                     122
 #define OCSP_R_NOT_BASIC_RESPONSE                       120
 #define OCSP_R_NO_CERTIFICATE                           102
+#define OCSP_R_NO_CERTIFICATES_IN_CHAIN                         128
 #define OCSP_R_NO_CONTENT                               115
 #define OCSP_R_NO_PUBLIC_KEY                            103
 #define OCSP_R_NO_RESPONSE_DATA                                 104
 #define OCSP_R_NO_SIGNATURE                             105
+#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA     129
 #define OCSP_R_REVOKED_NO_TIME                          106
+#define OCSP_R_ROOT_CA_NOT_TRUSTED                      127
 #define OCSP_R_SERVER_READ_ERROR                        116
 #define OCSP_R_SERVER_RESPONSE_ERROR                    117
 #define OCSP_R_SERVER_RESPONSE_PARSE_ERROR              118
@@ -586,6 +602,7 @@ void ERR_load_OCSP_strings(void);
 #define OCSP_R_SIGNATURE_FAILURE                        124
 #define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND             125
 #define OCSP_R_UNEXPECTED_NONCE_IN_RESPONSE             123
+#define OCSP_R_UNKNOWN_MESSAGE_DIGEST                   130
 #define OCSP_R_UNKNOWN_NID                              107
 #define OCSP_R_UNSUPPORTED_OPTION                       113
 #define OCSP_R_VALUE_ALREADY                            114