65     OCSPBasicOCSPResponse ocsp;
124 free_ocsp(struct revoke_ocsp *ocsp)
126     free(ocsp->path);
127     free_OCSPBasicOCSPResponse(&ocsp->ocsp);
128     hx509_certs_free(&ocsp->certs);
129     hx509_cert_free(ocsp->signer);
171 	    struct revoke_ocsp *ocsp,
185      * the www.openvalidation.org test's ocsp validator.
191     switch(ocsp->ocsp.tbsResponseData.responderID.element) {
194 	q.subject_name = &ocsp->ocsp.tbsResponseData.responderID.u.byName;
198 	q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey;
203     if (ret && ocsp->certs)
204 	ret = hx509_certs_find(context, ocsp->certs, &q, &signer);
244 					    &ocsp->ocsp.signatureAlgorithm,
245 					    &ocsp->ocsp.tbsResponseData._save,
246 					    &ocsp->ocsp.signature);
253     ocsp->signer = signer;
326 load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
335     ret = rk_undumpdata(ocsp->path, &data, &length);
339     ret = stat(ocsp->path, &sb);
354 	ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
375     ocsp->last_modfied = sb.st_mtime;
377     free_OCSPBasicOCSPResponse(&ocsp->ocsp);
378     hx509_certs_free(&ocsp->certs);
379     hx509_cert_free(ocsp->signer);
381     ocsp->ocsp = basic;
382     ocsp->certs = certs;
383     ocsp->signer = NULL;
694 	struct revoke_ocsp *ocsp = &ctx->ocsps.val[i];
697 	/* check this ocsp apply to this cert */
700 	ret = stat(ocsp->path, &sb);
701 	if (ret == 0 && ocsp->last_modfied != sb.st_mtime) {
702 	    ret = load_ocsp(context, ocsp);
707 	/* verify signature in ocsp if not already done */
708 	if (ocsp->signer == NULL) {
709 	    ret = verify_ocsp(context, ocsp, now, certs, parent_cert);
714 	for (j = 0; j < ocsp->ocsp.tbsResponseData.responses.len; j++) {
717 	    ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[j].certID.serialNumber,
725 					  &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
727 					  &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash);
736 					  &ocsp->ocsp.tbsResponseData.responses.val[j].certID.hashAlgorithm,
738 					  &ocsp->ocsp.tbsResponseData.responses.val[j].certID.issuerKeyHash);
742 	    switch (ocsp->ocsp.tbsResponseData.responses.val[j].certStatus.element) {
755 	    if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate >
760 	    if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
761 		if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
953  * @param reqcerts list of certificates to request ocsp data for
1082     struct revoke_ocsp ocsp;
1089     memset(&ocsp, 0, sizeof(ocsp));
1091     ocsp.path = strdup(path);
1092     if (ocsp.path == NULL)
1095     ret = load_ocsp(context, &ocsp);
1097 	free_ocsp(&ocsp);
1103     switch(ocsp.ocsp.tbsResponseData.responderID.element) {
1107 	_hx509_name_from_Name(&ocsp.ocsp.tbsResponseData.responderID.u.byName, &n);
1116 	hex_encode(ocsp.ocsp.tbsResponseData.responderID.u.byKey.data,
1117 		   ocsp.ocsp.tbsResponseData.responderID.u.byKey.length,
1129 	    printable_time(ocsp.ocsp.tbsResponseData.producedAt));
1131     fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len);
1133     for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) {
1135 	switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) {
1152 		printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
1153 	if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate)
1155 		    printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
1160     if (ocsp.certs)
1161 	ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out);
1163     free_ocsp(&ocsp);
1176  * @param data pointer to the encode ocsp reply
1177  * @param length the length of the encode ocsp reply

Indexes created Wed Jul 03 21:38:27 MDT 2024