diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-13 09:31:58 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-01-03 16:23:33 +0100 |
| commit | 27d88686c941eb152c0dafa0b7754fb2d90b3ed2 (patch) | |
| tree | 2d4c6233af46fff3616e3cdc60864939d0529e62 | |
| parent | b1267ce32d31c071fa04761081bdaf377ce73868 (diff) | |
| download | gnutls-27d88686c941eb152c0dafa0b7754fb2d90b3ed2.tar.gz | |
gnutls_ocsp_status_request_get2: added function
The function extends gnutls_ocsp_status_request_get() to
retrieve more than a single responses.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/ext/status_request.c | 36 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 5 | ||||
| -rw-r--r-- | lib/libgnutls.map | 1 |
3 files changed, 39 insertions, 3 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index 452a13ed06..8b16ac0478 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -315,19 +315,49 @@ int gnutls_ocsp_status_request_get(gnutls_session_t session, gnutls_datum_t * response) { + return gnutls_ocsp_status_request_get2(session, 0, response); +} + +/** + * gnutls_ocsp_status_request_get2: + * @session: is a #gnutls_session_t type. + * @idx: the index of peer's certificate + * @response: a #gnutls_datum_t with DER encoded OCSP response + * + * This function returns the OCSP status response received + * from the TLS server for the certificate index provided. + * The index corresponds to certificates as returned by + * gnutls_certificate_get_peers. When index is zero this + * function operates identically to gnutls_ocsp_status_request_get(). + * + * The returned @response should be treated as + * constant. If no OCSP response is available for the + * given index then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + * is returned. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, + * otherwise a negative error code is returned. + * + * Since: 3.6.xx + **/ +int +gnutls_ocsp_status_request_get2(gnutls_session_t session, + unsigned idx, + gnutls_datum_t * response) +{ cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (session->security_parameters.entity == GNUTLS_SERVER) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (info == NULL || info->raw_ocsp_list == NULL || - info->nocsp == 0 || info->raw_ocsp_list[0].size == 0) + idx >= info->nocsp || info->raw_ocsp_list[idx].size == 0) return gnutls_assert_val (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - response->data = info->raw_ocsp_list[0].data; - response->size = info->raw_ocsp_list[0].size; + response->data = info->raw_ocsp_list[idx].data; + response->size = info->raw_ocsp_list[idx].size; return 0; } diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 71c22d0868..e9f724c63b 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1910,6 +1910,11 @@ int gnutls_ocsp_status_request_get(gnutls_session_t session, int gnutls_ocsp_status_request_is_checked(gnutls_session_t session, unsigned int flags); +int +gnutls_ocsp_status_request_get2(gnutls_session_t session, + unsigned idx, + gnutls_datum_t * response); + /* global state functions */ int gnutls_global_init(void); diff --git a/lib/libgnutls.map b/lib/libgnutls.map index b34365fed3..5c65813279 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1198,6 +1198,7 @@ GNUTLS_3_6_xx gnutls_session_key_update; gnutls_ext_get_current_msg; gnutls_reauth; + gnutls_ocsp_status_request_get2; } GNUTLS_3_6_0; GNUTLS_FIPS140_3_4 { |