Add support for the noCheck OCSP extension. This is

[openssl.git] / crypto / x509v3 / v3_ocsp.c

diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
index 7df71f225a4190f3ce19a34582c7e140dee29af2..6a7e6ac31bdcd830d94443ce339aef307cdb346b 100644 (file)
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -75,6 +75,9 @@ static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
 static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
 
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+
 X509V3_EXT_METHOD v3_ocsp_crlid = {
        NID_id_pkix_OCSP_CrlID, 0, &OCSP_CRLID_it,
        0,0,0,0,
@@ -105,6 +108,15 @@ X509V3_EXT_METHOD v3_ocsp_nonce = {
        NULL
 };
 
+X509V3_EXT_METHOD v3_ocsp_nocheck = {
+       NID_id_pkix_OCSP_noCheck, 0, &ASN1_NULL_it,
+       0,0,0,0,
+       0,s2i_ocsp_nocheck,
+       0,0,
+       i2r_ocsp_nocheck,0,
+       NULL
+};
+
 static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
 {
        OCSP_CRLID *a = in;
@@ -189,4 +201,14 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
        return 1;
 }
 
+/* Nocheck is just a single NULL. Don't print anything and always set it */
 
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+{
+       return 1;
+}
+
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
+{
+       return ASN1_NULL_new();
+}