ocsp.h

00001 /* ocsp.h */
00002 /* Written by Tom Titchener <[email protected]> for the OpenSSL
00003  * project. */
00004 
00005 /* History:
00006    This file was transfered to Richard Levitte from CertCo by Kathy
00007    Weinhold in mid-spring 2000 to be included in OpenSSL or released
00008    as a patch kit. */
00009 
00010 /* ====================================================================
00011  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
00012  *
00013  * Redistribution and use in source and binary forms, with or without
00014  * modification, are permitted provided that the following conditions
00015  * are met:
00016  *
00017  * 1. Redistributions of source code must retain the above copyright
00018  *    notice, this list of conditions and the following disclaimer. 
00019  *
00020  * 2. Redistributions in binary form must reproduce the above copyright
00021  *    notice, this list of conditions and the following disclaimer in
00022  *    the documentation and/or other materials provided with the
00023  *    distribution.
00024  *
00025  * 3. All advertising materials mentioning features or use of this
00026  *    software must display the following acknowledgment:
00027  *    "This product includes software developed by the OpenSSL Project
00028  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
00029  *
00030  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
00031  *    endorse or promote products derived from this software without
00032  *    prior written permission. For written permission, please contact
00033  *    [email protected].
00034  *
00035  * 5. Products derived from this software may not be called "OpenSSL"
00036  *    nor may "OpenSSL" appear in their names without prior written
00037  *    permission of the OpenSSL Project.
00038  *
00039  * 6. Redistributions of any form whatsoever must retain the following
00040  *    acknowledgment:
00041  *    "This product includes software developed by the OpenSSL Project
00042  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
00043  *
00044  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
00045  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00046  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
00047  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
00048  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00049  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00050  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
00051  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00052  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
00053  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00054  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
00055  * OF THE POSSIBILITY OF SUCH DAMAGE.
00056  * ====================================================================
00057  *
00058  * This product includes cryptographic software written by Eric Young
00059  * ([email protected]).  This product includes software written by Tim
00060  * Hudson ([email protected]).
00061  *
00062  */
00063 /*
00064  © Portions copyright (c) 2006 Nokia Corporation.  All rights reserved.
00065  */
00066 
00067 #ifndef HEADER_OCSP_H
00068 #define HEADER_OCSP_H
00069 
00070 #if (defined(__SYMBIAN32__) && !defined(SYMBIAN))
00071 #define SYMBIAN
00072 #endif
00073 
00074 #ifdef SYMBIAN
00075 #include <e32def.h>
00076 #endif
00077 #include <openssl/x509.h>
00078 #include <openssl/x509v3.h>
00079 #include <openssl/safestack.h>
00080 
00081 #ifdef  __cplusplus
00082 extern "C" {
00083 #endif
00084 
00085 /* Various flags and values */
00086 
00087 #define OCSP_DEFAULT_NONCE_LENGTH       16
00088 
00089 #define OCSP_NOCERTS                    0x1
00090 #define OCSP_NOINTERN                   0x2
00091 #define OCSP_NOSIGS                     0x4
00092 #define OCSP_NOCHAIN                    0x8
00093 #define OCSP_NOVERIFY                   0x10
00094 #define OCSP_NOEXPLICIT                 0x20
00095 #define OCSP_NOCASIGN                   0x40
00096 #define OCSP_NODELEGATED                0x80
00097 #define OCSP_NOCHECKS                   0x100
00098 #define OCSP_TRUSTOTHER                 0x200
00099 #define OCSP_RESPID_KEY                 0x400
00100 #define OCSP_NOTIME                     0x800
00101 
00102 /*   CertID ::= SEQUENCE {
00103  *       hashAlgorithm            AlgorithmIdentifier,
00104  *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
00105  *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
00106  *       serialNumber       CertificateSerialNumber }
00107  */
00108 typedef struct ocsp_cert_id_st
00109         {
00110         X509_ALGOR *hashAlgorithm;
00111         ASN1_OCTET_STRING *issuerNameHash;
00112         ASN1_OCTET_STRING *issuerKeyHash;
00113         ASN1_INTEGER *serialNumber;
00114         } OCSP_CERTID;
00115 
00116 DECLARE_STACK_OF(OCSP_CERTID)
00117 
00118 /*   Request ::=     SEQUENCE {
00119  *       reqCert                    CertID,
00120  *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
00121  */
00122 typedef struct ocsp_one_request_st
00123         {
00124         OCSP_CERTID *reqCert;
00125         STACK_OF(X509_EXTENSION) *singleRequestExtensions;
00126         } OCSP_ONEREQ;
00127 
00128 DECLARE_STACK_OF(OCSP_ONEREQ)
00129 DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
00130 
00131 
00132 /*   TBSRequest      ::=     SEQUENCE {
00133  *       version             [0] EXPLICIT Version DEFAULT v1,
00134  *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
00135  *       requestList             SEQUENCE OF Request,
00136  *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
00137  */
00138 typedef struct ocsp_req_info_st
00139         {
00140         ASN1_INTEGER *version;
00141         GENERAL_NAME *requestorName;
00142         STACK_OF(OCSP_ONEREQ) *requestList;
00143         STACK_OF(X509_EXTENSION) *requestExtensions;
00144         } OCSP_REQINFO;
00145 
00146 /*   Signature       ::=     SEQUENCE {
00147  *       signatureAlgorithm   AlgorithmIdentifier,
00148  *       signature            BIT STRING,
00149  *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
00150  */
00151 typedef struct ocsp_signature_st
00152         {
00153         X509_ALGOR *signatureAlgorithm;
00154         ASN1_BIT_STRING *signature;
00155         STACK_OF(X509) *certs;
00156         } OCSP_SIGNATURE;
00157 
00158 /*   OCSPRequest     ::=     SEQUENCE {
00159  *       tbsRequest                  TBSRequest,
00160  *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
00161  */
00162 typedef struct ocsp_request_st
00163         {
00164         OCSP_REQINFO *tbsRequest;
00165         OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
00166         } OCSP_REQUEST;
00167 
00168 /*   OCSPResponseStatus ::= ENUMERATED {
00169  *       successful            (0),      --Response has valid confirmations
00170  *       malformedRequest      (1),      --Illegal confirmation request
00171  *       internalError         (2),      --Internal error in issuer
00172  *       tryLater              (3),      --Try again later
00173  *                                       --(4) is not used
00174  *       sigRequired           (5),      --Must sign the request
00175  *       unauthorized          (6)       --Request unauthorized
00176  *   }
00177  */
00178 #define OCSP_RESPONSE_STATUS_SUCCESSFUL          0
00179 #define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
00180 #define OCSP_RESPONSE_STATUS_INTERNALERROR        2
00181 #define OCSP_RESPONSE_STATUS_TRYLATER             3
00182 #define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
00183 #define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
00184 
00185 /*   ResponseBytes ::=       SEQUENCE {
00186  *       responseType   OBJECT IDENTIFIER,
00187  *       response       OCTET STRING }
00188  */
00189 typedef struct ocsp_resp_bytes_st
00190         {
00191         ASN1_OBJECT *responseType;
00192         ASN1_OCTET_STRING *response;
00193         } OCSP_RESPBYTES;
00194 
00195 /*   OCSPResponse ::= SEQUENCE {
00196  *      responseStatus         OCSPResponseStatus,
00197  *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
00198  */
00199 typedef struct ocsp_response_st
00200         {
00201         ASN1_ENUMERATED *responseStatus;
00202         OCSP_RESPBYTES  *responseBytes;
00203         } OCSP_RESPONSE;
00204 
00205 /*   ResponderID ::= CHOICE {
00206  *      byName   [1] Name,
00207  *      byKey    [2] KeyHash }
00208  */
00209 #define V_OCSP_RESPID_NAME 0
00210 #define V_OCSP_RESPID_KEY  1
00211 typedef struct ocsp_responder_id_st
00212         {
00213         int type;
00214         union   {
00215                 X509_NAME* byName;
00216                 ASN1_OCTET_STRING *byKey;
00217                 } value;
00218         } OCSP_RESPID;
00219 /*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
00220  *                            --(excluding the tag and length fields)
00221  */
00222 
00223 /*   RevokedInfo ::= SEQUENCE {
00224  *       revocationTime              GeneralizedTime,
00225  *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
00226  */
00227 typedef struct ocsp_revoked_info_st
00228         {
00229         ASN1_GENERALIZEDTIME *revocationTime;
00230         ASN1_ENUMERATED *revocationReason;
00231         } OCSP_REVOKEDINFO;
00232 
00233 /*   CertStatus ::= CHOICE {
00234  *       good                [0]     IMPLICIT NULL,
00235  *       revoked             [1]     IMPLICIT RevokedInfo,
00236  *       unknown             [2]     IMPLICIT UnknownInfo }
00237  */
00238 #define V_OCSP_CERTSTATUS_GOOD    0
00239 #define V_OCSP_CERTSTATUS_REVOKED 1
00240 #define V_OCSP_CERTSTATUS_UNKNOWN 2
00241 typedef struct ocsp_cert_status_st
00242         {
00243         int type;
00244         union   {
00245                 ASN1_NULL *good;
00246                 OCSP_REVOKEDINFO *revoked;
00247                 ASN1_NULL *unknown;
00248                 } value;
00249         } OCSP_CERTSTATUS;
00250 
00251 /*   SingleResponse ::= SEQUENCE {
00252  *      certID                       CertID,
00253  *      certStatus                   CertStatus,
00254  *      thisUpdate                   GeneralizedTime,
00255  *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
00256  *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
00257  */
00258 typedef struct ocsp_single_response_st
00259         {
00260         OCSP_CERTID *certId;
00261         OCSP_CERTSTATUS *certStatus;
00262         ASN1_GENERALIZEDTIME *thisUpdate;
00263         ASN1_GENERALIZEDTIME *nextUpdate;
00264         STACK_OF(X509_EXTENSION) *singleExtensions;
00265         } OCSP_SINGLERESP;
00266 
00267 DECLARE_STACK_OF(OCSP_SINGLERESP)
00268 DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
00269 
00270 /*   ResponseData ::= SEQUENCE {
00271  *      version              [0] EXPLICIT Version DEFAULT v1,
00272  *      responderID              ResponderID,
00273  *      producedAt               GeneralizedTime,
00274  *      responses                SEQUENCE OF SingleResponse,
00275  *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
00276  */
00277 typedef struct ocsp_response_data_st
00278         {
00279         ASN1_INTEGER *version;
00280         OCSP_RESPID  *responderId;
00281         ASN1_GENERALIZEDTIME *producedAt;
00282         STACK_OF(OCSP_SINGLERESP) *responses;
00283         STACK_OF(X509_EXTENSION) *responseExtensions;
00284         } OCSP_RESPDATA;
00285 
00286 /*   BasicOCSPResponse       ::= SEQUENCE {
00287  *      tbsResponseData      ResponseData,
00288  *      signatureAlgorithm   AlgorithmIdentifier,
00289  *      signature            BIT STRING,
00290  *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
00291  */
00292   /* Note 1:
00293      The value for "signature" is specified in the OCSP rfc2560 as follows:
00294      "The value for the signature SHALL be computed on the hash of the DER
00295      encoding ResponseData."  This means that you must hash the DER-encoded
00296      tbsResponseData, and then run it through a crypto-signing function, which
00297      will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
00298      a bit odd, but that's the spec.  Also note that the data structures do not
00299      leave anywhere to independently specify the algorithm used for the initial
00300      hash. So, we look at the signature-specification algorithm, and try to do
00301      something intelligent.     -- Kathy Weinhold, CertCo */
00302   /* Note 2:
00303      It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
00304      for interpretation.  I've done tests against another responder, and found
00305      that it doesn't do the double hashing that the RFC seems to say one
00306      should.  Therefore, all relevant functions take a flag saying which
00307      variant should be used.    -- Richard Levitte, OpenSSL team and CeloCom */
00308 typedef struct ocsp_basic_response_st
00309         {
00310         OCSP_RESPDATA *tbsResponseData;
00311         X509_ALGOR *signatureAlgorithm;
00312         ASN1_BIT_STRING *signature;
00313         STACK_OF(X509) *certs;
00314         } OCSP_BASICRESP;
00315 
00316 /*
00317  *   CRLReason ::= ENUMERATED {
00318  *        unspecified             (0),
00319  *        keyCompromise           (1),
00320  *        cACompromise            (2),
00321  *        affiliationChanged      (3),
00322  *        superseded              (4),
00323  *        cessationOfOperation    (5),
00324  *        certificateHold         (6),
00325  *        removeFromCRL           (8) }
00326  */
00327 #define OCSP_REVOKED_STATUS_NOSTATUS               -1
00328 #define OCSP_REVOKED_STATUS_UNSPECIFIED             0
00329 #define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
00330 #define OCSP_REVOKED_STATUS_CACOMPROMISE            2
00331 #define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
00332 #define OCSP_REVOKED_STATUS_SUPERSEDED              4
00333 #define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
00334 #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
00335 #define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
00336 
00337 /* CrlID ::= SEQUENCE {
00338  *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
00339  *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
00340  *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
00341  */
00342 typedef struct ocsp_crl_id_st
00343         {
00344         ASN1_IA5STRING *crlUrl;
00345         ASN1_INTEGER *crlNum;
00346         ASN1_GENERALIZEDTIME *crlTime;
00347         } OCSP_CRLID;
00348 
00349 /* ServiceLocator ::= SEQUENCE {
00350  *      issuer    Name,
00351  *      locator   AuthorityInfoAccessSyntax OPTIONAL }
00352  */
00353 typedef struct ocsp_service_locator_st
00354         {
00355         X509_NAME* issuer;
00356         STACK_OF(ACCESS_DESCRIPTION) *locator;
00357         } OCSP_SERVICELOC;
00358  
00359 #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
00360 #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
00361 
00362 #define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
00363 
00364 #define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
00365 
00366 #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
00367      (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
00368 
00369 #define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
00370      (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
00371 
00372 #define PEM_write_bio_OCSP_REQUEST(bp,o) \
00373     PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
00374                         bp,(char *)o, NULL,NULL,0,NULL,NULL)
00375 
00376 #define PEM_write_bio_OCSP_RESPONSE(bp,o) \
00377     PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
00378                         bp,(char *)o, NULL,NULL,0,NULL,NULL)
00379 
00380 #define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
00381 
00382 #define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
00383 
00384 #define OCSP_REQUEST_sign(o,pkey,md) \
00385         ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
00386                 o->optionalSignature->signatureAlgorithm,NULL,\
00387                 o->optionalSignature->signature,o->tbsRequest,pkey,md)
00388 
00389 #define OCSP_BASICRESP_sign(o,pkey,md,d) \
00390         ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
00391                 o->signature,o->tbsResponseData,pkey,md)
00392 
00393 #define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
00394         a->optionalSignature->signatureAlgorithm,\
00395         a->optionalSignature->signature,a->tbsRequest,r)
00396 
00397 #define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
00398         a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
00399 
00400 #define ASN1_BIT_STRING_digest(data,type,md,len) \
00401         ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
00402 
00403 #define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
00404 
00405 #define OCSP_CERTSTATUS_dup(cs)\
00406                 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
00407                 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
00408 
00409 IMPORT_C OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
00410 
00411 IMPORT_C OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
00412 
00413 IMPORT_C OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
00414                               X509_NAME *issuerName, 
00415                               ASN1_BIT_STRING* issuerKey, 
00416                               ASN1_INTEGER *serialNumber);
00417 
00418 IMPORT_C OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
00419 
00420 IMPORT_C int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
00421 IMPORT_C int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
00422 IMPORT_C int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
00423 IMPORT_C int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
00424 
00425 IMPORT_C int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
00426 IMPORT_C int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
00427 
00428 IMPORT_C int OCSP_request_sign(OCSP_REQUEST   *req,
00429                       X509           *signer,
00430                       EVP_PKEY       *key,
00431                       const EVP_MD   *dgst,
00432                       STACK_OF(X509) *certs,
00433                       unsigned long flags);
00434 
00435 IMPORT_C int OCSP_response_status(OCSP_RESPONSE *resp);
00436 IMPORT_C OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
00437 
00438 IMPORT_C int OCSP_resp_count(OCSP_BASICRESP *bs);
00439 IMPORT_C OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
00440 IMPORT_C int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
00441 IMPORT_C int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
00442                                 ASN1_GENERALIZEDTIME **revtime,
00443                                 ASN1_GENERALIZEDTIME **thisupd,
00444                                 ASN1_GENERALIZEDTIME **nextupd);
00445 IMPORT_C int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
00446                                 int *reason,
00447                                 ASN1_GENERALIZEDTIME **revtime,
00448                                 ASN1_GENERALIZEDTIME **thisupd,
00449                                 ASN1_GENERALIZEDTIME **nextupd);
00450 IMPORT_C int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
00451                         ASN1_GENERALIZEDTIME *nextupd,
00452                         long sec, long maxsec);
00453 
00454 IMPORT_C int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
00455 
00456 IMPORT_C int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
00457 
00458 IMPORT_C int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
00459 IMPORT_C int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
00460 
00461 IMPORT_C int OCSP_request_onereq_count(OCSP_REQUEST *req);
00462 IMPORT_C OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
00463 IMPORT_C OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
00464 IMPORT_C int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
00465                         ASN1_OCTET_STRING **pikeyHash,
00466                         ASN1_INTEGER **pserial, OCSP_CERTID *cid);
00467 IMPORT_C int OCSP_request_is_signed(OCSP_REQUEST *req);
00468 IMPORT_C OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
00469 IMPORT_C OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
00470                                                 OCSP_CERTID *cid,
00471                                                 int status, int reason,
00472                                                 ASN1_TIME *revtime,
00473                                         ASN1_TIME *thisupd, ASN1_TIME *nextupd);
00474 IMPORT_C int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
00475 IMPORT_C int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
00476                         X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
00477                         STACK_OF(X509) *certs, unsigned long flags);
00478 
00479 IMPORT_C ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
00480                                 void *data, STACK_OF(ASN1_OBJECT) *sk);
00481 #define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
00482 ((ASN1_STRING *(*)(ASN1_STRING *,I2D_OF(type),type *,STACK_OF(ASN1_OBJECT) *))openssl_fcast(ASN1_STRING_encode))(s,i2d,data,sk)
00483 
00484 IMPORT_C X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
00485 
00486 IMPORT_C X509_EXTENSION *OCSP_accept_responses_new(char **oids);
00487 
00488 IMPORT_C X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
00489 
00490 IMPORT_C X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
00491 
00492 IMPORT_C int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
00493 IMPORT_C int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
00494 IMPORT_C int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
00495 IMPORT_C int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
00496 IMPORT_C X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
00497 IMPORT_C X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
00498 IMPORT_C void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
00499 IMPORT_C int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
00500                                                         unsigned long flags);
00501 IMPORT_C int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
00502 
00503 IMPORT_C int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
00504 IMPORT_C int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
00505 IMPORT_C int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
00506 IMPORT_C int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
00507 IMPORT_C X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
00508 IMPORT_C X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
00509 IMPORT_C void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
00510 IMPORT_C int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
00511                                                         unsigned long flags);
00512 IMPORT_C int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
00513 
00514 IMPORT_C int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
00515 IMPORT_C int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
00516 IMPORT_C int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
00517 IMPORT_C int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
00518 IMPORT_C X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
00519 IMPORT_C X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
00520 IMPORT_C void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
00521 IMPORT_C int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
00522                                                         unsigned long flags);
00523 IMPORT_C int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
00524 
00525 IMPORT_C int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
00526 IMPORT_C int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
00527 IMPORT_C int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
00528 IMPORT_C int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
00529 IMPORT_C X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
00530 IMPORT_C X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
00531 IMPORT_C void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
00532 IMPORT_C int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
00533                                                         unsigned long flags);
00534 IMPORT_C int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
00535 
00536 DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
00537 DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
00538 DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
00539 DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
00540 DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
00541 DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
00542 DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
00543 DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
00544 DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
00545 DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
00546 DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
00547 DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
00548 DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
00549 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
00550 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
00551 
00552 IMPORT_C char *OCSP_response_status_str(long s);
00553 IMPORT_C char *OCSP_cert_status_str(long s);
00554 IMPORT_C char *OCSP_crl_reason_str(long s);
00555 
00556 IMPORT_C int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
00557 IMPORT_C int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
00558 
00559 IMPORT_C int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
00560                                 X509_STORE *st, unsigned long flags);
00561 
00562 /* BEGIN ERROR CODES */
00563 /* The following lines are auto generated by the script mkerr.pl. Any changes
00564  * made after this point may be overwritten when the script is next run.
00565  */
00566 IMPORT_C void ERR_load_OCSP_strings(void);
00567 
00568 /* Error codes for the OCSP functions. */
00569 
00570 /* Function codes. */
00571 #define OCSP_F_ASN1_STRING_ENCODE                        100
00572 #define OCSP_F_D2I_OCSP_NONCE                            102
00573 #define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
00574 #define OCSP_F_OCSP_BASIC_SIGN                           104
00575 #define OCSP_F_OCSP_BASIC_VERIFY                         105
00576 #define OCSP_F_OCSP_CERT_ID_NEW                          101
00577 #define OCSP_F_OCSP_CHECK_DELEGATED                      106
00578 #define OCSP_F_OCSP_CHECK_IDS                            107
00579 #define OCSP_F_OCSP_CHECK_ISSUER                         108
00580 #define OCSP_F_OCSP_CHECK_VALIDITY                       115
00581 #define OCSP_F_OCSP_MATCH_ISSUERID                       109
00582 #define OCSP_F_OCSP_PARSE_URL                            114
00583 #define OCSP_F_OCSP_REQUEST_SIGN                         110
00584 #define OCSP_F_OCSP_REQUEST_VERIFY                       116
00585 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
00586 #define OCSP_F_OCSP_SENDREQ_BIO                          112
00587 #define OCSP_F_REQUEST_VERIFY                            113
00588 
00589 /* Reason codes. */
00590 #define OCSP_R_BAD_DATA                                  100
00591 #define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
00592 #define OCSP_R_DIGEST_ERR                                102
00593 #define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
00594 #define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
00595 #define OCSP_R_ERROR_PARSING_URL                         121
00596 #define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
00597 #define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
00598 #define OCSP_R_NOT_BASIC_RESPONSE                        104
00599 #define OCSP_R_NO_CERTIFICATES_IN_CHAIN                  105
00600 #define OCSP_R_NO_CONTENT                                106
00601 #define OCSP_R_NO_PUBLIC_KEY                             107
00602 #define OCSP_R_NO_RESPONSE_DATA                          108
00603 #define OCSP_R_NO_REVOKED_TIME                           109
00604 #define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110
00605 #define OCSP_R_REQUEST_NOT_SIGNED                        128
00606 #define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
00607 #define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
00608 #define OCSP_R_SERVER_READ_ERROR                         113
00609 #define OCSP_R_SERVER_RESPONSE_ERROR                     114
00610 #define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
00611 #define OCSP_R_SERVER_WRITE_ERROR                        116
00612 #define OCSP_R_SIGNATURE_FAILURE                         117
00613 #define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
00614 #define OCSP_R_STATUS_EXPIRED                            125
00615 #define OCSP_R_STATUS_NOT_YET_VALID                      126
00616 #define OCSP_R_STATUS_TOO_OLD                            127
00617 #define OCSP_R_UNKNOWN_MESSAGE_DIGEST                    119
00618 #define OCSP_R_UNKNOWN_NID                               120
00619 #define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE            129
00620 
00621 #ifdef  __cplusplus
00622 }
00623 #endif
00624 #endif