static VALUE ossl_ocspreq_add_certid(VALUE self, VALUE certid) { OCSP_REQUEST *req; OCSP_CERTID *id; GetOCSPReq(self, req); GetOCSPCertId(certid, id); if(!OCSP_request_add0_id(req, OCSP_CERTID_dup(id))) ossl_raise(eOCSPError, NULL); return self; }
static VALUE ossl_ocspbres_get_status(VALUE self) { OCSP_BASICRESP *bs; OCSP_SINGLERESP *single; OCSP_CERTID *cid; ASN1_TIME *revtime, *thisupd, *nextupd; int status, reason; X509_EXTENSION *x509ext; VALUE ret, ary, ext; int count, ext_count, i, j; GetOCSPBasicRes(self, bs); ret = rb_ary_new(); count = OCSP_resp_count(bs); for(i = 0; i < count; i++) { single = OCSP_resp_get0(bs, i); if(!single) continue; revtime = thisupd = nextupd = NULL; status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd); if(status < 0) continue; if(!(cid = OCSP_CERTID_dup(single->certId))) ossl_raise(eOCSPError, NULL); ary = rb_ary_new(); rb_ary_push(ary, ossl_ocspcertid_new(cid)); rb_ary_push(ary, INT2NUM(status)); rb_ary_push(ary, INT2NUM(reason)); rb_ary_push(ary, revtime ? asn1time_to_time(revtime) : Qnil); rb_ary_push(ary, thisupd ? asn1time_to_time(thisupd) : Qnil); rb_ary_push(ary, nextupd ? asn1time_to_time(nextupd) : Qnil); ext = rb_ary_new(); ext_count = OCSP_SINGLERESP_get_ext_count(single); for(j = 0; j < ext_count; j++) { x509ext = OCSP_SINGLERESP_get_ext(single, j); rb_ary_push(ext, ossl_x509ext_new(x509ext)); } rb_ary_push(ary, ext); rb_ary_push(ret, ary); } return ret; }
static VALUE ossl_ocspreq_get_certid(VALUE self) { OCSP_REQUEST *req; OCSP_ONEREQ *one; OCSP_CERTID *id; VALUE ary, tmp; int i, count; GetOCSPReq(self, req); count = OCSP_request_onereq_count(req); ary = (count > 0) ? rb_ary_new() : Qnil; for(i = 0; i < count; i++) { one = OCSP_request_onereq_get0(req, i); if(!(id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one)))) ossl_raise(eOCSPError, NULL); WrapOCSPCertId(cOCSPCertId, tmp, id); rb_ary_push(ary, tmp); } return ary; }
int SslOcspStapling::getRequestData(unsigned char *pReqData) { int len = -1; OCSP_REQUEST *ocsp; OCSP_CERTID *id; if (m_pCertId == NULL) return LS_FAIL; ocsp = OCSP_REQUEST_new(); if (ocsp == NULL) return LS_FAIL; id = OCSP_CERTID_dup(m_pCertId); if (OCSP_request_add0_id(ocsp, id) != NULL) { len = i2d_OCSP_REQUEST(ocsp, &pReqData); if (len > 0) *pReqData = 0; } OCSP_REQUEST_free(ocsp); return len; }
OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, ASN1_TIME *nextupd) { OCSP_SINGLERESP *single = NULL; OCSP_CERTSTATUS *cs; OCSP_REVOKEDINFO *ri; if(!rsp->tbsResponseData->responses && !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) goto err; if (!(single = OCSP_SINGLERESP_new())) goto err; if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) goto err; if (nextupd && !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) goto err; OCSP_CERTID_free(single->certId); if(!(single->certId = OCSP_CERTID_dup(cid))) goto err; cs = single->certStatus; switch(cs->type = status) { case V_OCSP_CERTSTATUS_REVOKED: if (!revtime) { OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME); goto err; } if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err; if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) goto err; if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { if (!(ri->revocationReason = ASN1_ENUMERATED_new())) goto err; if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) goto err; } break; case V_OCSP_CERTSTATUS_GOOD: cs->value.good = ASN1_NULL_new(); break; case V_OCSP_CERTSTATUS_UNKNOWN: cs->value.unknown = ASN1_NULL_new(); break; default: goto err; } if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) goto err; return single; err: OCSP_SINGLERESP_free(single); return NULL; }
const char* bud_context_get_ocsp_req(bud_context_t* context, size_t* size, char** ocsp_request, size_t* ocsp_request_len) { STACK_OF(OPENSSL_STRING)* urls; OCSP_REQUEST* req; OCSP_CERTID* id; char* encoded; unsigned char* pencoded; size_t encoded_len; urls = NULL; id = NULL; encoded = NULL; /* Cached url */ if (context->ocsp_url != NULL) goto has_url; urls = X509_get1_ocsp(context->cert); if (urls == NULL) goto done; context->ocsp_url = sk_OPENSSL_STRING_pop(urls); context->ocsp_url_len = strlen(context->ocsp_url); has_url: if (context->ocsp_url == NULL) goto done; id = OCSP_CERTID_dup(context->ocsp_id); if (id == NULL) goto done; /* Create request */ req = OCSP_REQUEST_new(); if (req == NULL) goto done; if (!OCSP_request_add0_id(req, id)) goto done; id = NULL; encoded_len = i2d_OCSP_REQUEST(req, NULL); encoded = malloc(encoded_len); if (encoded == NULL) goto done; pencoded = (unsigned char*) encoded; i2d_OCSP_REQUEST(req, &pencoded); OCSP_REQUEST_free(req); *ocsp_request = encoded; *ocsp_request_len = encoded_len; encoded = NULL; done: if (id != NULL) OCSP_CERTID_free(id); if (urls != NULL) X509_email_free(urls); if (encoded != NULL) free(encoded); *size = context->ocsp_url_len; return context->ocsp_url; }