Add support for the noCheck OCSP extension. This is

just a NULL and appears in a certificate.

crypto/objects/obj_dat.h

@@ -1016,7 +1016,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2745]),0},
 {"acceptableResponses","Acceptable OCSP Responses",
 	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2754]),0},
-{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0},
+{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0},
 {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
 	9,&(lvalues[2772]),0},
 {"serviceLocator","OCSP Service Locator",
@@ -1517,6 +1517,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[178]),/* "OCSP" */
 &(nid_objs[370]),/* "OCSP Archive Cutoff" */
 &(nid_objs[367]),/* "OCSP CRL ID" */
+&(nid_objs[369]),/* "OCSP No Check" */
 &(nid_objs[366]),/* "OCSP Nonce" */
 &(nid_objs[371]),/* "OCSP Service Locator" */
 &(nid_objs[180]),/* "OCSP Signing" */
@@ -1791,7 +1792,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[96]),/* "mdc2WithRSA" */
 &(nid_objs[51]),/* "messageDigest" */
 &(nid_objs[173]),/* "name" */
-&(nid_objs[369]),/* "noCheck" */
 &(nid_objs[379]),/* "org" */
 &(nid_objs[17]),/* "organizationName" */
 &(nid_objs[18]),/* "organizationalUnitName" */

crypto/objects/obj_mac.h

@@ -1323,6 +1323,7 @@
 #define OBJ_id_pkix_OCSP_acceptableResponses		OBJ_id_pkix_OCSP,4L
 
 #define SN_id_pkix_OCSP_noCheck		"noCheck"
+#define LN_id_pkix_OCSP_noCheck		"OCSP No Check"
 #define NID_id_pkix_OCSP_noCheck		369
 #define OBJ_id_pkix_OCSP_noCheck		OBJ_id_pkix_OCSP,5L
 

crypto/objects/objects.txt

@@ -434,7 +434,7 @@ id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
 id-pkix-OCSP 2		: Nonce			: OCSP Nonce
 id-pkix-OCSP 3		: CrlID			: OCSP CRL ID
 id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses
-id-pkix-OCSP 5		: noCheck
+id-pkix-OCSP 5		: noCheck		: OCSP No Check
 id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff
 id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator
 id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status

crypto/x509v3/ext_dat.h

@@ -62,7 +62,7 @@ extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern X509V3_EXT_METHOD v3_ocsp_crlid;
+extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck;
 
 /* This table will be searched using OBJ_bsearch so it *must* kept in
  * order of the ext_nid values.
@@ -94,6 +94,7 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_ocsp_nonce,
 &v3_ocsp_crlid,
 &v3_ocsp_accresp,
+&v3_ocsp_nocheck,
 &v3_ocsp_acutoff
 };
 

crypto/x509v3/v3_ocsp.c

@@ -75,6 +75,9 @@ static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
 static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
 
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+
 X509V3_EXT_METHOD v3_ocsp_crlid = {
 	NID_id_pkix_OCSP_CrlID, 0, &OCSP_CRLID_it,
 	0,0,0,0,
@@ -105,6 +108,15 @@ X509V3_EXT_METHOD v3_ocsp_nonce = {
 	NULL
 };
 
+X509V3_EXT_METHOD v3_ocsp_nocheck = {
+	NID_id_pkix_OCSP_noCheck, 0, &ASN1_NULL_it,
+	0,0,0,0,
+	0,s2i_ocsp_nocheck,
+	0,0,
+	i2r_ocsp_nocheck,0,
+	NULL
+};
+
 static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
 {
 	OCSP_CRLID *a = in;
@@ -189,4 +201,14 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
 	return 1;
 }
 
+/* Nocheck is just a single NULL. Don't print anything and always set it */
 
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+{
+	return 1;
+}
+
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
+{
+	return ASN1_NULL_new();
+}