diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-28 18:55:55 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-28 19:55:14 +0100 |
| commit | efaa2ee176568fcd009ff2ca9daa1b7fdac4c491 (patch) | |
| tree | f1882140fff9f5ced47e9a61c2ead47239820bb7 /lib/x509 | |
| parent | df00c7b030248bc8fc061667e64d21bc3c6fcef7 (diff) | |
| download | gnutls-efaa2ee176568fcd009ff2ca9daa1b7fdac4c491.tar.gz | |
Added gnutls_ocsp_resp_verify() and some sign fixes.
Diffstat (limited to 'lib/x509')
| -rw-r--r-- | lib/x509/ocsp.c | 35 | ||||
| -rw-r--r-- | lib/x509/ocsp_output.c | 4 |
2 files changed, 31 insertions, 8 deletions
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 732a99e04c..aa7ba49240 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -32,6 +32,7 @@ #include "verify-high.h" #include <gnutls/ocsp.h> +#include <auth/cert.h> typedef struct gnutls_ocsp_req_int { @@ -1331,11 +1332,11 @@ gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp, gnutls_datum_t *issuer_name_hash, gnutls_datum_t *issuer_key_hash, gnutls_datum_t *serial_number, - int *cert_status, + unsigned int *cert_status, time_t *this_update, time_t *next_update, time_t *revocation_time, - int *revocation_reason) + unsigned int *revocation_reason) { gnutls_datum_t sa; char name[ASN1_MAX_NAME_SIZE]; @@ -1937,8 +1938,8 @@ find_signercert (gnutls_ocsp_resp_t resp) int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, gnutls_x509_crt_t signercert, - unsigned *verify, - int flags) + unsigned int *verify, + unsigned int flags) { gnutls_datum_t sig = { NULL }; gnutls_datum_t data = { NULL }; @@ -2039,8 +2040,8 @@ gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, gnutls_x509_trust_list_t trustlist, - unsigned *verify, - int flags) + unsigned int *verify, + unsigned int flags) { gnutls_x509_crt_t signercert = NULL; int rc; @@ -2158,3 +2159,25 @@ gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, return rc; } + +/** + * gnutls_ocsp_resp_verify_cred: + * @resp: should contain a #gnutls_ocsp_resp_t structure + * @trustlist: the certificate credentials structure + * @verify: output variable with verification status, an #gnutls_ocsp_cert_status_t + * @flags: verification flags, 0 for now. + * + * This function is identical to gnutls_ocsp_resp_verify() but would + * use the trusted anchors from the certificate credentials structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + **/ +int +gnutls_ocsp_resp_verify_cred (gnutls_ocsp_resp_t resp, + gnutls_certificate_credentials_t cred, + unsigned int*verify, + unsigned int flags) +{ + return gnutls_ocsp_resp_verify( resp, cred->tlist, verify, flags); +} diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c index 0a0601fee3..737b227a37 100644 --- a/lib/x509/ocsp_output.c +++ b/lib/x509/ocsp_output.c @@ -321,11 +321,11 @@ print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp, { gnutls_digest_algorithm_t digest; gnutls_datum_t in, ik, sn; - int cert_status; + unsigned int cert_status; time_t this_update; time_t next_update; time_t revocation_time; - int revocation_reason; + unsigned int revocation_reason; ret = gnutls_ocsp_resp_get_single (resp, indx, |