/* ocsp_srv.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
return 1;
}
+int OCSP_request_is_signed(OCSP_REQUEST *req)
+ {
+ if(req->optionalSignature) return 1;
+ return 0;
+ }
+
/* Create an OCSP response and encode an optional basic response */
OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
{
if (!bs) return rsp;
if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
- if (!ASN1_item_pack(bs, &OCSP_BASICRESP_it, &rsp->responseBytes->response))
+ if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
goto err;
return rsp;
err:
int i;
OCSP_RESPID *rid;
- if(!(flags & OCSP_NOCERTS) && !OCSP_basic_add1_cert(brsp, signer))
+ if (!X509_check_private_key(signer, key))
+ {
+ OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
goto err;
+ }
- for (i = 0; i < sk_X509_num(certs); i++)
+ if(!(flags & OCSP_NOCERTS))
{
- X509 *tmpcert = sk_X509_value(certs, i);
- if(!OCSP_basic_add1_cert(brsp, tmpcert))
+ if(!OCSP_basic_add1_cert(brsp, signer))
+ goto err;
+ for (i = 0; i < sk_X509_num(certs); i++)
+ {
+ X509 *tmpcert = sk_X509_value(certs, i);
+ if(!OCSP_basic_add1_cert(brsp, tmpcert))
goto err;
+ }
}
rid = brsp->tbsResponseData->responderId;
projects / openssl.git / blobdiff