#define OCSP_NOCERTS 0x1
#define OCSP_NOINTERN 0x2
#define OCSP_NOSIGS 0x4
+#define OCSP_NOCHAIN 0x8
+#define OCSP_NOVERIFY 0x10
+#define OCSP_NOEXPLICIT 0x20
+#define OCSP_NOCASIGN 0x40
+#define OCSP_NODELEGATED 0x80
+#define OCSP_NOCHECKS 0x100
+#define OCSP_TRUSTOTHER 0x200
+#define OCSP_RESPID_KEY 0x400
+#define OCSP_NOTIME 0x800
/* CertID ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
ASN1_INTEGER *serialNumber;
} OCSP_CERTID;
+DECLARE_STACK_OF(OCSP_CERTID)
+
/* Request ::= SEQUENCE {
* reqCert CertID,
* singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey);
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-OCSP_BASICRESP *OCSP_basic_response_new(int tag,
- X509* cert);
-
-int OCSP_basic_response_add(OCSP_BASICRESP *rsp,
- OCSP_CERTID *cid,
- OCSP_CERTSTATUS *cst,
- char *thisUpdate,
- char *nextUpdate);
-
-int OCSP_basic_response_sign(OCSP_BASICRESP *brsp,
- EVP_PKEY *key,
- const EVP_MD *dgst,
- STACK_OF(X509) *certs);
-
-int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey);
-
-int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey);
-
-
-OCSP_RESPONSE *OCSP_response_new(int status,
- int nid,
- int (*i2d)(),
- char *data);
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+ ASN1_OCTET_STRING **pikeyHash,
+ ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+ OCSP_CERTID *cid,
+ int status, int reason,
+ ASN1_TIME *revtime,
+ ASN1_TIME *thisupd, ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+ X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+ STACK_OF(X509) *certs, unsigned long flags);
ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(),
char *data, STACK_OF(ASN1_OBJECT) *sk);
DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+char *OCSP_response_status_str(long s);
+char *OCSP_cert_status_str(long s);
+char *OCSP_crl_reason_str(long s);
+
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
#define OCSP_F_CERT_ID_NEW 102
#define OCSP_F_CERT_STATUS_NEW 103
#define OCSP_F_D2I_OCSP_NONCE 109
+#define OCSP_F_OCSP_BASIC_ADD1_STATUS 118
+#define OCSP_F_OCSP_BASIC_SIGN 119
#define OCSP_F_OCSP_BASIC_VERIFY 113
+#define OCSP_F_OCSP_CHECK_DELEGATED 117
+#define OCSP_F_OCSP_CHECK_IDS 114
+#define OCSP_F_OCSP_CHECK_ISSUER 115
#define OCSP_F_OCSP_CHECK_NONCE 112
+#define OCSP_F_OCSP_MATCH_ISSUERID 116
+#define OCSP_F_OCSP_REQUEST_SIGN 120
#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
#define OCSP_F_OCSP_SENDREQ_BIO 110
#define OCSP_F_REQUEST_VERIFY 104
/* Reason codes. */
#define OCSP_R_BAD_DATA 108
#define OCSP_R_BAD_TAG 100
+#define OCSP_R_CERTIFICATE_VERIFY_ERROR 126
#define OCSP_R_DIGEST_ERR 101
#define OCSP_R_FAILED_TO_OPEN 109
#define OCSP_R_FAILED_TO_READ 110
#define OCSP_R_FAILED_TO_STAT 111
+#define OCSP_R_MISSING_OCSPSIGNING_USAGE 131
#define OCSP_R_MISSING_VALUE 112
#define OCSP_R_NONCE_MISSING_IN_RESPONSE 121
#define OCSP_R_NONCE_VALUE_MISMATCH 122
#define OCSP_R_NOT_BASIC_RESPONSE 120
#define OCSP_R_NO_CERTIFICATE 102
+#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 128
#define OCSP_R_NO_CONTENT 115
#define OCSP_R_NO_PUBLIC_KEY 103
#define OCSP_R_NO_RESPONSE_DATA 104
+#define OCSP_R_NO_REVOKED_TIME 132
#define OCSP_R_NO_SIGNATURE 105
+#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 133
+#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 129
#define OCSP_R_REVOKED_NO_TIME 106
+#define OCSP_R_ROOT_CA_NOT_TRUSTED 127
#define OCSP_R_SERVER_READ_ERROR 116
#define OCSP_R_SERVER_RESPONSE_ERROR 117
#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 118
#define OCSP_R_SIGNATURE_FAILURE 124
#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 125
#define OCSP_R_UNEXPECTED_NONCE_IN_RESPONSE 123
+#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 130
#define OCSP_R_UNKNOWN_NID 107
#define OCSP_R_UNSUPPORTED_OPTION 113
#define OCSP_R_VALUE_ALREADY 114