diff options
Diffstat (limited to 'lib/x509/ocsp.c')
-rw-r--r-- | lib/x509/ocsp.c | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 732a99e04c..aa7ba49240 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -32,6 +32,7 @@ #include "verify-high.h" #include <gnutls/ocsp.h> +#include <auth/cert.h> typedef struct gnutls_ocsp_req_int { @@ -1331,11 +1332,11 @@ gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp, gnutls_datum_t *issuer_name_hash, gnutls_datum_t *issuer_key_hash, gnutls_datum_t *serial_number, - int *cert_status, + unsigned int *cert_status, time_t *this_update, time_t *next_update, time_t *revocation_time, - int *revocation_reason) + unsigned int *revocation_reason) { gnutls_datum_t sa; char name[ASN1_MAX_NAME_SIZE]; @@ -1937,8 +1938,8 @@ find_signercert (gnutls_ocsp_resp_t resp) int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, gnutls_x509_crt_t signercert, - unsigned *verify, - int flags) + unsigned int *verify, + unsigned int flags) { gnutls_datum_t sig = { NULL }; gnutls_datum_t data = { NULL }; @@ -2039,8 +2040,8 @@ gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, gnutls_x509_trust_list_t trustlist, - unsigned *verify, - int flags) + unsigned int *verify, + unsigned int flags) { gnutls_x509_crt_t signercert = NULL; int rc; @@ -2158,3 +2159,25 @@ gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, return rc; } + +/** + * gnutls_ocsp_resp_verify_cred: + * @resp: should contain a #gnutls_ocsp_resp_t structure + * @trustlist: the certificate credentials structure + * @verify: output variable with verification status, an #gnutls_ocsp_cert_status_t + * @flags: verification flags, 0 for now. + * + * This function is identical to gnutls_ocsp_resp_verify() but would + * use the trusted anchors from the certificate credentials structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + **/ +int +gnutls_ocsp_resp_verify_cred (gnutls_ocsp_resp_t resp, + gnutls_certificate_credentials_t cred, + unsigned int*verify, + unsigned int flags) +{ + return gnutls_ocsp_resp_verify( resp, cred->tlist, verify, flags); +} |