static int def_crl_lookup(X509_CRL *crl,
X509_REVOKED **ret, ASN1_INTEGER *serial,
X509_NAME *issuer)
{
X509_REVOKED rtmp, *rev;
int idx;
rtmp.serialNumber = *serial;
/*
* Sort revoked into serial number order if not already sorted. Do this
* under a lock to avoid race condition.
*/
if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
sk_X509_REVOKED_sort(crl->crl.revoked);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
}
idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
if (idx < 0)
return 0;
/* Need to look for matching name */
for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {
rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
return 0;
if (crl_revoked_issuer_match(crl, issuer, rev)) {
if (ret)
*ret = rev;
if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
return 2;
return 1;
}
}
return 0;
}
STACK_OF(X509_REVOKED) *ocspd_build_crl_entries_list ( CA_LIST_ENTRY *ca, PKI_X509_CRL *crl )
{
long rev_num = 0;
STACK_OF(X509_REVOKED) *ret = NULL;
PKI_X509_CRL_VALUE *crl_val = NULL;
if ( !ca || !crl || !crl->value )
{
return NULL;
}
crl_val = crl->value;
ret = X509_CRL_get_REVOKED(crl_val);
rev_num = sk_X509_REVOKED_num(ret);
// if( ocspd_conf->verbose )
PKI_log( PKI_LOG_INFO, "INFO::CRL::%ld Entries [ %s ]", rev_num, ca->ca_id );
ca->crl_list = ret;
ca->entries_num = (unsigned long) rev_num;
if ((rev_num > -1 ) &&
(ca->crl_list == NULL))
{
PKI_ERROR( PKI_ERR_MEMORY_ALLOC, NULL );
return NULL;
}
sk_X509_REVOKED_sort(ca->crl_list);
return (ca->crl_list);
}
int
X509_CRL_sort(X509_CRL *c)
{
int i;
X509_REVOKED *r;
/* sort the data so it will be written in serial
* number order */
sk_X509_REVOKED_sort(c->crl->revoked);
for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) {
r=sk_X509_REVOKED_value(c->crl->revoked, i);
r->sequence=i;
}
return 1;
}
