wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

change CheckOCSP_staple to OCSPResponse, move to ssl.h

Browse Source
This commit is contained in:
Takashi Kojo
2019-03-22 13:56:32 +09:00
parent 5e0a77704b
commit 744c247e92
4 changed files with 39 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/ocsp.c
View File

@@ -266,9 +266,9 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
* entry The OCSP entry for this certificate.
* returns OCSP_LOOKUP_FAIL when the response is bad and 0 otherwise.
*/
static int CheckResponse(WOLFSSL_OCSP* ocsp, byte* response, int responseSz,
buffer* responseBuffer, CertStatus* status,
OcspEntry* entry, OcspRequest* ocspRequest)
WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status,
OcspEntry *entry, OcspRequest *ocspRequest)
{
#ifdef WOLFSSL_SMALL_STACK
CertStatus* newStatus;
@@ -383,24 +383,6 @@ end:
return ret;
}
WOLFSSL_API int wolfSSL_CertManagerCheckOCSP_Staple(WOLFSSL_CERT_MANAGER *cm,
byte *response, int responseSz, buffer *responseBuffer,
CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest)
{
int ret;
WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP_Staple");
if (cm == NULL || response == NULL)
return BAD_FUNC_ARG;
if (cm->ocspEnabled == 0)
return WOLFSSL_SUCCESS;
ret = CheckResponse(cm->ocsp, response, responseSz, responseBuffer, status,
entry, ocspRequest);
return ret == 0 ? WOLFSSL_SUCCESS : ret;
}
/* 0 on success */
int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
buffer* responseBuffer)
@@ -445,7 +427,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
ret = ocsp->statusCb(ssl, ioCtx);
if (ret == 0) {
ret = wolfSSL_get_ocsp_response(ssl, &response);
ret = CheckResponse(ocsp, response, ret, responseBuffer, status,
ret = CheckOcspResponse(ocsp, response, ret, responseBuffer, status,
entry, NULL);
if (response != NULL)
XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -493,7 +475,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
if (responseSz >= 0 && response) {
ret = CheckResponse(ocsp, response, responseSz, responseBuffer, status,
ret = CheckOcspResponse(ocsp, response, responseSz, responseBuffer, status,
entry, ocspRequest);
}

17
src/ssl.c
View File

@@ -5656,6 +5656,23 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
return ret == 0 ? WOLFSSL_SUCCESS : ret;
}
WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *cm,
byte *response, int responseSz, buffer *responseBuffer,
CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest)
{
int ret;
WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP_Staple");
if (cm == NULL || response == NULL)
return BAD_FUNC_ARG;
if (cm->ocspEnabled == 0)
return WOLFSSL_SUCCESS;
ret = CheckOcspResponse(cm->ocsp, response, responseSz, responseBuffer, status,
entry, ocspRequest);
return ret == 0 ? WOLFSSL_SUCCESS : ret;
}
int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
const char* url)

14
wolfssl/ocsp.h
View File

@@ -54,16 +54,16 @@ WOLFSSL_LOCAL int CheckCertOCSP_ex(WOLFSSL_OCSP*, DecodedCert*,
WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl);
WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp,
OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
WOLFSSL_API int wolfSSL_CertManagerCheckOCSP_Staple(WOLFSSL_CERT_MANAGER *,
byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer,
CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest);
WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status,
OcspEntry *entry, OcspRequest *ocspRequest);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd,
WOLFSSL_ASN1_TIME** nextupd);
WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID *id, int *status, int *reason,
WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd,
WOLFSSL_ASN1_TIME **nextupd);
WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s);
WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd,
WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec);

11
wolfssl/ssl.h
View File

@@ -100,7 +100,6 @@
#endif
#endif
#ifdef __cplusplus
extern "C" {
#endif
@@ -414,6 +413,11 @@ enum AlertLevel {
alert_fatal = 2
};
#if defined(HAVE_OCSP)
#include "wolfssl/ocsp.h"
#include "wolfssl/wolfcrypt/asn.h"
#endif
/* Maximum master key length (SECRET_LEN) */
#define WOLFSSL_MAX_MASTER_KEY_LENGTH 48
/* Maximum number of groups that can be set */
@@ -2113,6 +2117,11 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
#ifdef HAVE_CRL_IO
WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*,
CbCrlIO);
#endif
#if defined(HAVE_OCSP)
WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *,
byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer,
CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest);
#endif
WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*,
unsigned char*, int sz);