#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
return NULL;
OCSP_CERTID_free(one->reqCert);
one->reqCert = cid;
- if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
+ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
+ one->reqCert = NULL; /* do not free on error */
goto err;
+ }
return one;
err:
OCSP_ONEREQ_free(one);
return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
}
-ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs)
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
{
return bs->signature;
}
return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
}
-ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs)
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs)
{
- if (!bs)
- return NULL;
return bs->tbsResponseData.producedAt;
}
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid,
const X509_NAME **pname)
-
{
const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
if (rid->type == V_OCSP_RESPID_NAME) {
*pname = rid->value.byName;
*pid = NULL;
return 1;
}
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+ ASN1_OCTET_STRING **pid,
+ X509_NAME **pname)
+{
+ const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+ if (rid->type == V_OCSP_RESPID_NAME) {
+ *pname = X509_NAME_dup(rid->value.byName);
+ *pid = NULL;
+ } else if (rid->type == V_OCSP_RESPID_KEY) {
+ *pid = ASN1_OCTET_STRING_dup(rid->value.byKey);
+ *pname = NULL;
+ } else {
+ return 0;
+ }
+ if (*pname == NULL && *pid == NULL)
+ return 0;
+ return 1;
+}
+
/* Look single response matching a given certificate ID */
int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
/*
* Check validity of thisUpdate and nextUpdate fields. It is possible that
- * the request will take a few seconds to process and/or the time wont be
+ * the request will take a few seconds to process and/or the time won't be
* totally accurate. Therefore to avoid rejecting otherwise valid time we
* allow the times to be within 'nsec' of the current time. Also to avoid
* accepting very old responses without a nextUpdate field an optional maxage
return ret;
}
-OCSP_CERTID *OCSP_SINGLERESP_get0_id(OCSP_SINGLERESP *single)
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
{
return single->certId;
}