ocsp.h 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484
  1. /* $OpenBSD: ocsp.h,v 1.20 2022/07/12 14:42:49 kn Exp $ */
  2. /* Written by Tom Titchener <[email protected]> for the OpenSSL
  3. * project. */
  4. /* History:
  5. This file was transfered to Richard Levitte from CertCo by Kathy
  6. Weinhold in mid-spring 2000 to be included in OpenSSL or released
  7. as a patch kit. */
  8. /* ====================================================================
  9. * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
  10. *
  11. * Redistribution and use in source and binary forms, with or without
  12. * modification, are permitted provided that the following conditions
  13. * are met:
  14. *
  15. * 1. Redistributions of source code must retain the above copyright
  16. * notice, this list of conditions and the following disclaimer.
  17. *
  18. * 2. Redistributions in binary form must reproduce the above copyright
  19. * notice, this list of conditions and the following disclaimer in
  20. * the documentation and/or other materials provided with the
  21. * distribution.
  22. *
  23. * 3. All advertising materials mentioning features or use of this
  24. * software must display the following acknowledgment:
  25. * "This product includes software developed by the OpenSSL Project
  26. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  27. *
  28. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  29. * endorse or promote products derived from this software without
  30. * prior written permission. For written permission, please contact
  31. * [email protected].
  32. *
  33. * 5. Products derived from this software may not be called "OpenSSL"
  34. * nor may "OpenSSL" appear in their names without prior written
  35. * permission of the OpenSSL Project.
  36. *
  37. * 6. Redistributions of any form whatsoever must retain the following
  38. * acknowledgment:
  39. * "This product includes software developed by the OpenSSL Project
  40. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  41. *
  42. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  43. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  44. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  45. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  46. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  47. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  48. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  49. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  50. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  51. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  52. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  53. * OF THE POSSIBILITY OF SUCH DAMAGE.
  54. * ====================================================================
  55. *
  56. * This product includes cryptographic software written by Eric Young
  57. * ([email protected]). This product includes software written by Tim
  58. * Hudson ([email protected]).
  59. *
  60. */
  61. #ifndef HEADER_OCSP_H
  62. #define HEADER_OCSP_H
  63. #include <openssl/ossl_typ.h>
  64. #include <openssl/x509.h>
  65. #include <openssl/x509v3.h>
  66. #include <openssl/safestack.h>
  67. #ifdef __cplusplus
  68. extern "C" {
  69. #endif
  70. /*
  71. * CRLReason ::= ENUMERATED {
  72. * unspecified (0),
  73. * keyCompromise (1),
  74. * cACompromise (2),
  75. * affiliationChanged (3),
  76. * superseded (4),
  77. * cessationOfOperation (5),
  78. * certificateHold (6),
  79. * removeFromCRL (8) }
  80. */
  81. #define OCSP_REVOKED_STATUS_NOSTATUS -1
  82. #define OCSP_REVOKED_STATUS_UNSPECIFIED 0
  83. #define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
  84. #define OCSP_REVOKED_STATUS_CACOMPROMISE 2
  85. #define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
  86. #define OCSP_REVOKED_STATUS_SUPERSEDED 4
  87. #define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
  88. #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
  89. #define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
  90. /* Various flags and values */
  91. #define OCSP_DEFAULT_NONCE_LENGTH 16
  92. #define OCSP_NOCERTS 0x1
  93. #define OCSP_NOINTERN 0x2
  94. #define OCSP_NOSIGS 0x4
  95. #define OCSP_NOCHAIN 0x8
  96. #define OCSP_NOVERIFY 0x10
  97. #define OCSP_NOEXPLICIT 0x20
  98. #define OCSP_NOCASIGN 0x40
  99. #define OCSP_NODELEGATED 0x80
  100. #define OCSP_NOCHECKS 0x100
  101. #define OCSP_TRUSTOTHER 0x200
  102. #define OCSP_RESPID_KEY 0x400
  103. #define OCSP_NOTIME 0x800
  104. typedef struct ocsp_cert_id_st OCSP_CERTID;
  105. DECLARE_STACK_OF(OCSP_CERTID)
  106. typedef struct ocsp_one_request_st OCSP_ONEREQ;
  107. DECLARE_STACK_OF(OCSP_ONEREQ)
  108. typedef struct ocsp_req_info_st OCSP_REQINFO;
  109. typedef struct ocsp_signature_st OCSP_SIGNATURE;
  110. typedef struct ocsp_request_st OCSP_REQUEST;
  111. #define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
  112. #define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
  113. #define OCSP_RESPONSE_STATUS_INTERNALERROR 2
  114. #define OCSP_RESPONSE_STATUS_TRYLATER 3
  115. #define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
  116. #define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
  117. typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
  118. #define V_OCSP_RESPID_NAME 0
  119. #define V_OCSP_RESPID_KEY 1
  120. DECLARE_STACK_OF(OCSP_RESPID)
  121. OCSP_RESPID *OCSP_RESPID_new(void);
  122. void OCSP_RESPID_free(OCSP_RESPID *a);
  123. OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len);
  124. int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out);
  125. extern const ASN1_ITEM OCSP_RESPID_it;
  126. typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
  127. #define V_OCSP_CERTSTATUS_GOOD 0
  128. #define V_OCSP_CERTSTATUS_REVOKED 1
  129. #define V_OCSP_CERTSTATUS_UNKNOWN 2
  130. typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
  131. typedef struct ocsp_single_response_st OCSP_SINGLERESP;
  132. DECLARE_STACK_OF(OCSP_SINGLERESP)
  133. typedef struct ocsp_response_data_st OCSP_RESPDATA;
  134. typedef struct ocsp_basic_response_st OCSP_BASICRESP;
  135. typedef struct ocsp_crl_id_st OCSP_CRLID;
  136. typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
  137. #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
  138. #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
  139. #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) \
  140. (OCSP_REQUEST *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_REQUEST, \
  141. PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
  142. #define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) \
  143. (OCSP_RESPONSE *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_RESPONSE, \
  144. PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
  145. #define PEM_write_bio_OCSP_REQUEST(bp,o) \
  146. PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
  147. bp,(char *)o, NULL,NULL,0,NULL,NULL)
  148. #define PEM_write_bio_OCSP_RESPONSE(bp,o) \
  149. PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
  150. bp,(char *)o, NULL,NULL,0,NULL,NULL)
  151. #define ASN1_BIT_STRING_digest(data,type,md,len) \
  152. ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len)
  153. #define OCSP_CERTSTATUS_dup(cs) \
  154. ASN1_item_dup(&OCSP_CERTSTATUS_it, cs)
  155. OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
  156. OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
  157. OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
  158. int maxline);
  159. int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
  160. void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
  161. int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
  162. int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name,
  163. const char *value);
  164. OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
  165. const X509 *issuer);
  166. OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,
  167. const ASN1_BIT_STRING *issuerKey, const ASN1_INTEGER *serialNumber);
  168. OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
  169. int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
  170. int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
  171. int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
  172. int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
  173. int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
  174. int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
  175. int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
  176. const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);
  177. int OCSP_response_status(OCSP_RESPONSE *resp);
  178. OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
  179. const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
  180. const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
  181. const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
  182. int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
  183. STACK_OF(X509) *extra_certs);
  184. int OCSP_resp_count(OCSP_BASICRESP *bs);
  185. OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
  186. const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs);
  187. const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
  188. int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
  189. const ASN1_OCTET_STRING **pid, const X509_NAME **pname);
  190. int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
  191. int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
  192. ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd,
  193. ASN1_GENERALIZEDTIME **nextupd);
  194. int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
  195. int *reason, ASN1_GENERALIZEDTIME **revtime,
  196. ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd);
  197. int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
  198. ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
  199. int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
  200. X509_STORE *store, unsigned long flags);
  201. int OCSP_parse_url(const char *url, char **phost, char **pport,
  202. char **ppath, int *pssl);
  203. int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
  204. int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
  205. int OCSP_request_onereq_count(OCSP_REQUEST *req);
  206. OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
  207. OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
  208. int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
  209. ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial,
  210. OCSP_CERTID *cid);
  211. int OCSP_request_is_signed(OCSP_REQUEST *req);
  212. OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
  213. OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid,
  214. int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd,
  215. ASN1_TIME *nextupd);
  216. int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
  217. int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
  218. const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);
  219. X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
  220. X509_EXTENSION *OCSP_accept_responses_new(char **oids);
  221. X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
  222. X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls);
  223. int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
  224. int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
  225. int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
  226. int lastpos);
  227. int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit,
  228. int lastpos);
  229. X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
  230. X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
  231. void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
  232. int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value,
  233. int crit, unsigned long flags);
  234. int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
  235. int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
  236. int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
  237. int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
  238. int lastpos);
  239. int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
  240. X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
  241. X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
  242. void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
  243. int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
  244. unsigned long flags);
  245. int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
  246. int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
  247. int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
  248. int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
  249. int lastpos);
  250. int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
  251. int lastpos);
  252. X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
  253. X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
  254. void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
  255. int *idx);
  256. int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
  257. int crit, unsigned long flags);
  258. int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
  259. int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
  260. int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid,
  261. int lastpos);
  262. int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x,
  263. const ASN1_OBJECT *obj, int lastpos);
  264. int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
  265. int lastpos);
  266. X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
  267. X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
  268. void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
  269. int *idx);
  270. int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
  271. int crit, unsigned long flags);
  272. int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex,
  273. int loc);
  274. const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x);
  275. OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
  276. void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
  277. OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, const unsigned char **in, long len);
  278. int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **out);
  279. extern const ASN1_ITEM OCSP_SINGLERESP_it;
  280. OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
  281. void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a);
  282. OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, const unsigned char **in, long len);
  283. int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **out);
  284. extern const ASN1_ITEM OCSP_CERTSTATUS_it;
  285. OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void);
  286. void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a);
  287. OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, const unsigned char **in, long len);
  288. int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **out);
  289. extern const ASN1_ITEM OCSP_REVOKEDINFO_it;
  290. OCSP_BASICRESP *OCSP_BASICRESP_new(void);
  291. void OCSP_BASICRESP_free(OCSP_BASICRESP *a);
  292. OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, const unsigned char **in, long len);
  293. int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **out);
  294. extern const ASN1_ITEM OCSP_BASICRESP_it;
  295. OCSP_RESPDATA *OCSP_RESPDATA_new(void);
  296. void OCSP_RESPDATA_free(OCSP_RESPDATA *a);
  297. OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, const unsigned char **in, long len);
  298. int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **out);
  299. extern const ASN1_ITEM OCSP_RESPDATA_it;
  300. OCSP_RESPID *OCSP_RESPID_new(void);
  301. void OCSP_RESPID_free(OCSP_RESPID *a);
  302. OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len);
  303. int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out);
  304. extern const ASN1_ITEM OCSP_RESPID_it;
  305. OCSP_RESPONSE *OCSP_RESPONSE_new(void);
  306. void OCSP_RESPONSE_free(OCSP_RESPONSE *a);
  307. OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, const unsigned char **in, long len);
  308. int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **out);
  309. OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE **a);
  310. int i2d_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE *a);
  311. extern const ASN1_ITEM OCSP_RESPONSE_it;
  312. OCSP_RESPBYTES *OCSP_RESPBYTES_new(void);
  313. void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a);
  314. OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, const unsigned char **in, long len);
  315. int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **out);
  316. extern const ASN1_ITEM OCSP_RESPBYTES_it;
  317. OCSP_ONEREQ *OCSP_ONEREQ_new(void);
  318. void OCSP_ONEREQ_free(OCSP_ONEREQ *a);
  319. OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, const unsigned char **in, long len);
  320. int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **out);
  321. extern const ASN1_ITEM OCSP_ONEREQ_it;
  322. OCSP_CERTID *OCSP_CERTID_new(void);
  323. void OCSP_CERTID_free(OCSP_CERTID *a);
  324. OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, const unsigned char **in, long len);
  325. int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **out);
  326. extern const ASN1_ITEM OCSP_CERTID_it;
  327. OCSP_REQUEST *OCSP_REQUEST_new(void);
  328. void OCSP_REQUEST_free(OCSP_REQUEST *a);
  329. OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, const unsigned char **in, long len);
  330. int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **out);
  331. OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST **a);
  332. int i2d_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST *a);
  333. extern const ASN1_ITEM OCSP_REQUEST_it;
  334. OCSP_SIGNATURE *OCSP_SIGNATURE_new(void);
  335. void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a);
  336. OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, const unsigned char **in, long len);
  337. int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **out);
  338. extern const ASN1_ITEM OCSP_SIGNATURE_it;
  339. OCSP_REQINFO *OCSP_REQINFO_new(void);
  340. void OCSP_REQINFO_free(OCSP_REQINFO *a);
  341. OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, const unsigned char **in, long len);
  342. int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **out);
  343. extern const ASN1_ITEM OCSP_REQINFO_it;
  344. OCSP_CRLID *OCSP_CRLID_new(void);
  345. void OCSP_CRLID_free(OCSP_CRLID *a);
  346. OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, const unsigned char **in, long len);
  347. int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **out);
  348. extern const ASN1_ITEM OCSP_CRLID_it;
  349. OCSP_SERVICELOC *OCSP_SERVICELOC_new(void);
  350. void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a);
  351. OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, const unsigned char **in, long len);
  352. int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **out);
  353. extern const ASN1_ITEM OCSP_SERVICELOC_it;
  354. const char *OCSP_response_status_str(long s);
  355. const char *OCSP_cert_status_str(long s);
  356. const char *OCSP_crl_reason_str(long s);
  357. int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
  358. int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
  359. int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
  360. X509_STORE *st, unsigned long flags);
  361. void ERR_load_OCSP_strings(void);
  362. /* Error codes for the OCSP functions. */
  363. /* Function codes. */
  364. #define OCSP_F_ASN1_STRING_ENCODE 100
  365. #define OCSP_F_D2I_OCSP_NONCE 102
  366. #define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
  367. #define OCSP_F_OCSP_BASIC_SIGN 104
  368. #define OCSP_F_OCSP_BASIC_VERIFY 105
  369. #define OCSP_F_OCSP_CERT_ID_NEW 101
  370. #define OCSP_F_OCSP_CHECK_DELEGATED 106
  371. #define OCSP_F_OCSP_CHECK_IDS 107
  372. #define OCSP_F_OCSP_CHECK_ISSUER 108
  373. #define OCSP_F_OCSP_CHECK_VALIDITY 115
  374. #define OCSP_F_OCSP_MATCH_ISSUERID 109
  375. #define OCSP_F_OCSP_PARSE_URL 114
  376. #define OCSP_F_OCSP_REQUEST_SIGN 110
  377. #define OCSP_F_OCSP_REQUEST_VERIFY 116
  378. #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
  379. #define OCSP_F_OCSP_SENDREQ_BIO 112
  380. #define OCSP_F_OCSP_SENDREQ_NBIO 117
  381. #define OCSP_F_PARSE_HTTP_LINE1 118
  382. #define OCSP_F_REQUEST_VERIFY 113
  383. /* Reason codes. */
  384. #define OCSP_R_BAD_DATA 100
  385. #define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
  386. #define OCSP_R_DIGEST_ERR 102
  387. #define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
  388. #define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123
  389. #define OCSP_R_ERROR_PARSING_URL 121
  390. #define OCSP_R_MISSING_OCSPSIGNING_USAGE 103
  391. #define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
  392. #define OCSP_R_NOT_BASIC_RESPONSE 104
  393. #define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
  394. #define OCSP_R_NO_CONTENT 106
  395. #define OCSP_R_NO_PUBLIC_KEY 107
  396. #define OCSP_R_NO_RESPONSE_DATA 108
  397. #define OCSP_R_NO_REVOKED_TIME 109
  398. #define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110
  399. #define OCSP_R_REQUEST_NOT_SIGNED 128
  400. #define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
  401. #define OCSP_R_ROOT_CA_NOT_TRUSTED 112
  402. #define OCSP_R_SERVER_READ_ERROR 113
  403. #define OCSP_R_SERVER_RESPONSE_ERROR 114
  404. #define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115
  405. #define OCSP_R_SERVER_WRITE_ERROR 116
  406. #define OCSP_R_SIGNATURE_FAILURE 117
  407. #define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
  408. #define OCSP_R_STATUS_EXPIRED 125
  409. #define OCSP_R_STATUS_NOT_YET_VALID 126
  410. #define OCSP_R_STATUS_TOO_OLD 127
  411. #define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119
  412. #define OCSP_R_UNKNOWN_NID 120
  413. #define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
  414. #ifdef __cplusplus
  415. }
  416. #endif
  417. #endif