Additional functionality in ocsp utility: print summary

of status info. Check nonce values. Option to disable verify. Update usage message. Rename status to string functions and make them global.
2001-01-19 01:32:23 +00:00
parent 90f63e8f83
commit 73758d435b
6 changed files with 165 additions and 25 deletions
--- a/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
@@ -100,6 +100,8 @@ typedef struct ocsp_cert_id_st
 	ASN1_INTEGER *serialNumber;
 	} OCSP_CERTID;

+DECLARE_STACK_OF(OCSP_CERTID)
+
 /*   Request ::=     SEQUENCE {
 *       reqCert                    CertID,
 *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
@@ -538,6 +540,10 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)

+char *OCSP_response_status_str(long s);
+char *OCSP_cert_status_str(long s);
+char *OCSP_crl_reason_str(long s);
+
 int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
 int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);

--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -97,7 +97,7 @@ static char *table2string(long s, OCSP_TBLSTR *ts, int len)
 	return "(UNKNOWN)";
 }

-static char* ocspResponseStatus2string(long s)
+char *OCSP_response_status_str(long s)
        {
 	static OCSP_TBLSTR rstat_tbl[] = {
 	        { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
@@ -109,7 +109,7 @@ static char* ocspResponseStatus2string(long s)
 	return table2string(s, rstat_tbl, 6);
 	} 

-static char* ocspCertStatus2string(long s)
+char *OCSP_cert_status_str(long s)
        {
 	static OCSP_TBLSTR cstat_tbl[] = {
 	        { V_OCSP_CERTSTATUS_GOOD, "good" },
@@ -118,7 +118,7 @@ static char* ocspCertStatus2string(long s)
 	return table2string(s, cstat_tbl, 3);
 	} 

-static char * cRLReason2string(long s)
+char *OCSP_crl_reason_str(long s)
        {
 	OCSP_TBLSTR reason_tbl[] = {
 	  { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
@@ -195,7 +195,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 	if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
 	l=ASN1_ENUMERATED_get(o->responseStatus);
 	if (BIO_printf(bp,"    OCSP Response Status: %s (0x%x)\n",
-		       ocspResponseStatus2string(l), l) <= 0) goto err;
+		       OCSP_response_status_str(l), l) <= 0) goto err;
 	if (rb == NULL) return 1;
        if (BIO_puts(bp,"    Response Type: ") <= 0)
 	        goto err;
@@ -237,8 +237,8 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 		cid = single->certId;
 		if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
 		cst = single->certStatus;
-		if (BIO_printf(bp,"\n    Cert Status: %s",
-			       ocspCertStatus2string(cst->type)) <= 0)
+		if (BIO_printf(bp,"    Cert Status: %s",
+			       OCSP_cert_status_str(cst->type)) <= 0)
 		        goto err;
 		if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
 		        {
@@ -253,7 +253,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 				l=ASN1_ENUMERATED_get(rev->revocationReason);
 				if (BIO_printf(bp, 
 					 "\n    Revocation Reason: %s (0x%x)",
-					       cRLReason2string(l), l) <= 0)
+					       OCSP_crl_reason_str(l), l) <= 0)
 				        goto err;
 				}
 			}
@@ -271,6 +271,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 					"Response Single Extensions",
 					single->singleExtensions, flags, 8))
 							goto err;
+		if (!BIO_write(bp,"\n",1)) goto err;
 		}
 	if (!X509V3_extensions_print(bp, "Response Extensions",
 					rd->responseExtensions, flags, 4))
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -144,7 +144,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,

 	end:
 	if(chain) sk_X509_pop_free(chain, X509_free);
-	return 1;
+	return ret;
 	}


--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -504,6 +504,26 @@ STACK_OF(type) \
 #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))

+#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
+#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
+#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
+#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
+#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
+#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
+#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
+#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
+#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
+#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
+
 #define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
 #define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))