1*de0e0e4dSAntonio Huete Jimenez /* $OpenBSD: ocsp_local.h,v 1.2 2022/01/14 08:32:26 tb Exp $ */ 2*de0e0e4dSAntonio Huete Jimenez /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL 3*de0e0e4dSAntonio Huete Jimenez * project. */ 4*de0e0e4dSAntonio Huete Jimenez 5*de0e0e4dSAntonio Huete Jimenez /* History: 6*de0e0e4dSAntonio Huete Jimenez This file was transfered to Richard Levitte from CertCo by Kathy 7*de0e0e4dSAntonio Huete Jimenez Weinhold in mid-spring 2000 to be included in OpenSSL or released 8*de0e0e4dSAntonio Huete Jimenez as a patch kit. */ 9*de0e0e4dSAntonio Huete Jimenez 10*de0e0e4dSAntonio Huete Jimenez /* ==================================================================== 11*de0e0e4dSAntonio Huete Jimenez * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 12*de0e0e4dSAntonio Huete Jimenez * 13*de0e0e4dSAntonio Huete Jimenez * Redistribution and use in source and binary forms, with or without 14*de0e0e4dSAntonio Huete Jimenez * modification, are permitted provided that the following conditions 15*de0e0e4dSAntonio Huete Jimenez * are met: 16*de0e0e4dSAntonio Huete Jimenez * 17*de0e0e4dSAntonio Huete Jimenez * 1. Redistributions of source code must retain the above copyright 18*de0e0e4dSAntonio Huete Jimenez * notice, this list of conditions and the following disclaimer. 19*de0e0e4dSAntonio Huete Jimenez * 20*de0e0e4dSAntonio Huete Jimenez * 2. Redistributions in binary form must reproduce the above copyright 21*de0e0e4dSAntonio Huete Jimenez * notice, this list of conditions and the following disclaimer in 22*de0e0e4dSAntonio Huete Jimenez * the documentation and/or other materials provided with the 23*de0e0e4dSAntonio Huete Jimenez * distribution. 24*de0e0e4dSAntonio Huete Jimenez * 25*de0e0e4dSAntonio Huete Jimenez * 3. All advertising materials mentioning features or use of this 26*de0e0e4dSAntonio Huete Jimenez * software must display the following acknowledgment: 27*de0e0e4dSAntonio Huete Jimenez * "This product includes software developed by the OpenSSL Project 28*de0e0e4dSAntonio Huete Jimenez * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 29*de0e0e4dSAntonio Huete Jimenez * 30*de0e0e4dSAntonio Huete Jimenez * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 31*de0e0e4dSAntonio Huete Jimenez * endorse or promote products derived from this software without 32*de0e0e4dSAntonio Huete Jimenez * prior written permission. For written permission, please contact 33*de0e0e4dSAntonio Huete Jimenez * openssl-core@openssl.org. 34*de0e0e4dSAntonio Huete Jimenez * 35*de0e0e4dSAntonio Huete Jimenez * 5. Products derived from this software may not be called "OpenSSL" 36*de0e0e4dSAntonio Huete Jimenez * nor may "OpenSSL" appear in their names without prior written 37*de0e0e4dSAntonio Huete Jimenez * permission of the OpenSSL Project. 38*de0e0e4dSAntonio Huete Jimenez * 39*de0e0e4dSAntonio Huete Jimenez * 6. Redistributions of any form whatsoever must retain the following 40*de0e0e4dSAntonio Huete Jimenez * acknowledgment: 41*de0e0e4dSAntonio Huete Jimenez * "This product includes software developed by the OpenSSL Project 42*de0e0e4dSAntonio Huete Jimenez * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 43*de0e0e4dSAntonio Huete Jimenez * 44*de0e0e4dSAntonio Huete Jimenez * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 45*de0e0e4dSAntonio Huete Jimenez * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 46*de0e0e4dSAntonio Huete Jimenez * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 47*de0e0e4dSAntonio Huete Jimenez * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 48*de0e0e4dSAntonio Huete Jimenez * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 49*de0e0e4dSAntonio Huete Jimenez * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 50*de0e0e4dSAntonio Huete Jimenez * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 51*de0e0e4dSAntonio Huete Jimenez * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52*de0e0e4dSAntonio Huete Jimenez * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 53*de0e0e4dSAntonio Huete Jimenez * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 54*de0e0e4dSAntonio Huete Jimenez * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 55*de0e0e4dSAntonio Huete Jimenez * OF THE POSSIBILITY OF SUCH DAMAGE. 56*de0e0e4dSAntonio Huete Jimenez * ==================================================================== 57*de0e0e4dSAntonio Huete Jimenez * 58*de0e0e4dSAntonio Huete Jimenez * This product includes cryptographic software written by Eric Young 59*de0e0e4dSAntonio Huete Jimenez * (eay@cryptsoft.com). This product includes software written by Tim 60*de0e0e4dSAntonio Huete Jimenez * Hudson (tjh@cryptsoft.com). 61*de0e0e4dSAntonio Huete Jimenez * 62*de0e0e4dSAntonio Huete Jimenez */ 63*de0e0e4dSAntonio Huete Jimenez 64*de0e0e4dSAntonio Huete Jimenez #ifndef HEADER_OCSP_LOCAL_H 65*de0e0e4dSAntonio Huete Jimenez #define HEADER_OCSP_LOCAL_H 66*de0e0e4dSAntonio Huete Jimenez 67*de0e0e4dSAntonio Huete Jimenez __BEGIN_HIDDEN_DECLS 68*de0e0e4dSAntonio Huete Jimenez 69*de0e0e4dSAntonio Huete Jimenez /* CertID ::= SEQUENCE { 70*de0e0e4dSAntonio Huete Jimenez * hashAlgorithm AlgorithmIdentifier, 71*de0e0e4dSAntonio Huete Jimenez * issuerNameHash OCTET STRING, -- Hash of Issuer's DN 72*de0e0e4dSAntonio Huete Jimenez * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) 73*de0e0e4dSAntonio Huete Jimenez * serialNumber CertificateSerialNumber } 74*de0e0e4dSAntonio Huete Jimenez */ 75*de0e0e4dSAntonio Huete Jimenez struct ocsp_cert_id_st { 76*de0e0e4dSAntonio Huete Jimenez X509_ALGOR *hashAlgorithm; 77*de0e0e4dSAntonio Huete Jimenez ASN1_OCTET_STRING *issuerNameHash; 78*de0e0e4dSAntonio Huete Jimenez ASN1_OCTET_STRING *issuerKeyHash; 79*de0e0e4dSAntonio Huete Jimenez ASN1_INTEGER *serialNumber; 80*de0e0e4dSAntonio Huete Jimenez } /* OCSP_CERTID */; 81*de0e0e4dSAntonio Huete Jimenez 82*de0e0e4dSAntonio Huete Jimenez /* Request ::= SEQUENCE { 83*de0e0e4dSAntonio Huete Jimenez * reqCert CertID, 84*de0e0e4dSAntonio Huete Jimenez * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 85*de0e0e4dSAntonio Huete Jimenez */ 86*de0e0e4dSAntonio Huete Jimenez struct ocsp_one_request_st { 87*de0e0e4dSAntonio Huete Jimenez OCSP_CERTID *reqCert; 88*de0e0e4dSAntonio Huete Jimenez STACK_OF(X509_EXTENSION) *singleRequestExtensions; 89*de0e0e4dSAntonio Huete Jimenez } /* OCSP_ONEREQ */; 90*de0e0e4dSAntonio Huete Jimenez 91*de0e0e4dSAntonio Huete Jimenez /* TBSRequest ::= SEQUENCE { 92*de0e0e4dSAntonio Huete Jimenez * version [0] EXPLICIT Version DEFAULT v1, 93*de0e0e4dSAntonio Huete Jimenez * requestorName [1] EXPLICIT GeneralName OPTIONAL, 94*de0e0e4dSAntonio Huete Jimenez * requestList SEQUENCE OF Request, 95*de0e0e4dSAntonio Huete Jimenez * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 96*de0e0e4dSAntonio Huete Jimenez */ 97*de0e0e4dSAntonio Huete Jimenez struct ocsp_req_info_st { 98*de0e0e4dSAntonio Huete Jimenez ASN1_INTEGER *version; 99*de0e0e4dSAntonio Huete Jimenez GENERAL_NAME *requestorName; 100*de0e0e4dSAntonio Huete Jimenez STACK_OF(OCSP_ONEREQ) *requestList; 101*de0e0e4dSAntonio Huete Jimenez STACK_OF(X509_EXTENSION) *requestExtensions; 102*de0e0e4dSAntonio Huete Jimenez } /* OCSP_REQINFO */; 103*de0e0e4dSAntonio Huete Jimenez 104*de0e0e4dSAntonio Huete Jimenez /* Signature ::= SEQUENCE { 105*de0e0e4dSAntonio Huete Jimenez * signatureAlgorithm AlgorithmIdentifier, 106*de0e0e4dSAntonio Huete Jimenez * signature BIT STRING, 107*de0e0e4dSAntonio Huete Jimenez * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 108*de0e0e4dSAntonio Huete Jimenez */ 109*de0e0e4dSAntonio Huete Jimenez struct ocsp_signature_st { 110*de0e0e4dSAntonio Huete Jimenez X509_ALGOR *signatureAlgorithm; 111*de0e0e4dSAntonio Huete Jimenez ASN1_BIT_STRING *signature; 112*de0e0e4dSAntonio Huete Jimenez STACK_OF(X509) *certs; 113*de0e0e4dSAntonio Huete Jimenez } /* OCSP_SIGNATURE */; 114*de0e0e4dSAntonio Huete Jimenez 115*de0e0e4dSAntonio Huete Jimenez /* OCSPRequest ::= SEQUENCE { 116*de0e0e4dSAntonio Huete Jimenez * tbsRequest TBSRequest, 117*de0e0e4dSAntonio Huete Jimenez * optionalSignature [0] EXPLICIT Signature OPTIONAL } 118*de0e0e4dSAntonio Huete Jimenez */ 119*de0e0e4dSAntonio Huete Jimenez struct ocsp_request_st { 120*de0e0e4dSAntonio Huete Jimenez OCSP_REQINFO *tbsRequest; 121*de0e0e4dSAntonio Huete Jimenez OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ 122*de0e0e4dSAntonio Huete Jimenez } /* OCSP_REQUEST */; 123*de0e0e4dSAntonio Huete Jimenez 124*de0e0e4dSAntonio Huete Jimenez /* OCSPResponseStatus ::= ENUMERATED { 125*de0e0e4dSAntonio Huete Jimenez * successful (0), --Response has valid confirmations 126*de0e0e4dSAntonio Huete Jimenez * malformedRequest (1), --Illegal confirmation request 127*de0e0e4dSAntonio Huete Jimenez * internalError (2), --Internal error in issuer 128*de0e0e4dSAntonio Huete Jimenez * tryLater (3), --Try again later 129*de0e0e4dSAntonio Huete Jimenez * --(4) is not used 130*de0e0e4dSAntonio Huete Jimenez * sigRequired (5), --Must sign the request 131*de0e0e4dSAntonio Huete Jimenez * unauthorized (6) --Request unauthorized 132*de0e0e4dSAntonio Huete Jimenez * } 133*de0e0e4dSAntonio Huete Jimenez */ 134*de0e0e4dSAntonio Huete Jimenez 135*de0e0e4dSAntonio Huete Jimenez /* ResponseBytes ::= SEQUENCE { 136*de0e0e4dSAntonio Huete Jimenez * responseType OBJECT IDENTIFIER, 137*de0e0e4dSAntonio Huete Jimenez * response OCTET STRING } 138*de0e0e4dSAntonio Huete Jimenez */ 139*de0e0e4dSAntonio Huete Jimenez struct ocsp_resp_bytes_st { 140*de0e0e4dSAntonio Huete Jimenez ASN1_OBJECT *responseType; 141*de0e0e4dSAntonio Huete Jimenez ASN1_OCTET_STRING *response; 142*de0e0e4dSAntonio Huete Jimenez } /* OCSP_RESPBYTES */; 143*de0e0e4dSAntonio Huete Jimenez 144*de0e0e4dSAntonio Huete Jimenez /* OCSPResponse ::= SEQUENCE { 145*de0e0e4dSAntonio Huete Jimenez * responseStatus OCSPResponseStatus, 146*de0e0e4dSAntonio Huete Jimenez * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 147*de0e0e4dSAntonio Huete Jimenez */ 148*de0e0e4dSAntonio Huete Jimenez struct ocsp_response_st { 149*de0e0e4dSAntonio Huete Jimenez ASN1_ENUMERATED *responseStatus; 150*de0e0e4dSAntonio Huete Jimenez OCSP_RESPBYTES *responseBytes; 151*de0e0e4dSAntonio Huete Jimenez }; 152*de0e0e4dSAntonio Huete Jimenez 153*de0e0e4dSAntonio Huete Jimenez /* ResponderID ::= CHOICE { 154*de0e0e4dSAntonio Huete Jimenez * byName [1] Name, 155*de0e0e4dSAntonio Huete Jimenez * byKey [2] KeyHash } 156*de0e0e4dSAntonio Huete Jimenez */ 157*de0e0e4dSAntonio Huete Jimenez struct ocsp_responder_id_st { 158*de0e0e4dSAntonio Huete Jimenez int type; 159*de0e0e4dSAntonio Huete Jimenez union { 160*de0e0e4dSAntonio Huete Jimenez X509_NAME* byName; 161*de0e0e4dSAntonio Huete Jimenez ASN1_OCTET_STRING *byKey; 162*de0e0e4dSAntonio Huete Jimenez } value; 163*de0e0e4dSAntonio Huete Jimenez }; 164*de0e0e4dSAntonio Huete Jimenez 165*de0e0e4dSAntonio Huete Jimenez /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key 166*de0e0e4dSAntonio Huete Jimenez * --(excluding the tag and length fields) 167*de0e0e4dSAntonio Huete Jimenez */ 168*de0e0e4dSAntonio Huete Jimenez 169*de0e0e4dSAntonio Huete Jimenez /* RevokedInfo ::= SEQUENCE { 170*de0e0e4dSAntonio Huete Jimenez * revocationTime GeneralizedTime, 171*de0e0e4dSAntonio Huete Jimenez * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 172*de0e0e4dSAntonio Huete Jimenez */ 173*de0e0e4dSAntonio Huete Jimenez struct ocsp_revoked_info_st { 174*de0e0e4dSAntonio Huete Jimenez ASN1_GENERALIZEDTIME *revocationTime; 175*de0e0e4dSAntonio Huete Jimenez ASN1_ENUMERATED *revocationReason; 176*de0e0e4dSAntonio Huete Jimenez } /* OCSP_REVOKEDINFO */; 177*de0e0e4dSAntonio Huete Jimenez 178*de0e0e4dSAntonio Huete Jimenez /* CertStatus ::= CHOICE { 179*de0e0e4dSAntonio Huete Jimenez * good [0] IMPLICIT NULL, 180*de0e0e4dSAntonio Huete Jimenez * revoked [1] IMPLICIT RevokedInfo, 181*de0e0e4dSAntonio Huete Jimenez * unknown [2] IMPLICIT UnknownInfo } 182*de0e0e4dSAntonio Huete Jimenez */ 183*de0e0e4dSAntonio Huete Jimenez struct ocsp_cert_status_st { 184*de0e0e4dSAntonio Huete Jimenez int type; 185*de0e0e4dSAntonio Huete Jimenez union { 186*de0e0e4dSAntonio Huete Jimenez ASN1_NULL *good; 187*de0e0e4dSAntonio Huete Jimenez OCSP_REVOKEDINFO *revoked; 188*de0e0e4dSAntonio Huete Jimenez ASN1_NULL *unknown; 189*de0e0e4dSAntonio Huete Jimenez } value; 190*de0e0e4dSAntonio Huete Jimenez } /* OCSP_CERTSTATUS */; 191*de0e0e4dSAntonio Huete Jimenez 192*de0e0e4dSAntonio Huete Jimenez /* SingleResponse ::= SEQUENCE { 193*de0e0e4dSAntonio Huete Jimenez * certID CertID, 194*de0e0e4dSAntonio Huete Jimenez * certStatus CertStatus, 195*de0e0e4dSAntonio Huete Jimenez * thisUpdate GeneralizedTime, 196*de0e0e4dSAntonio Huete Jimenez * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 197*de0e0e4dSAntonio Huete Jimenez * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 198*de0e0e4dSAntonio Huete Jimenez */ 199*de0e0e4dSAntonio Huete Jimenez struct ocsp_single_response_st { 200*de0e0e4dSAntonio Huete Jimenez OCSP_CERTID *certId; 201*de0e0e4dSAntonio Huete Jimenez OCSP_CERTSTATUS *certStatus; 202*de0e0e4dSAntonio Huete Jimenez ASN1_GENERALIZEDTIME *thisUpdate; 203*de0e0e4dSAntonio Huete Jimenez ASN1_GENERALIZEDTIME *nextUpdate; 204*de0e0e4dSAntonio Huete Jimenez STACK_OF(X509_EXTENSION) *singleExtensions; 205*de0e0e4dSAntonio Huete Jimenez } /* OCSP_SINGLERESP */; 206*de0e0e4dSAntonio Huete Jimenez 207*de0e0e4dSAntonio Huete Jimenez /* ResponseData ::= SEQUENCE { 208*de0e0e4dSAntonio Huete Jimenez * version [0] EXPLICIT Version DEFAULT v1, 209*de0e0e4dSAntonio Huete Jimenez * responderID ResponderID, 210*de0e0e4dSAntonio Huete Jimenez * producedAt GeneralizedTime, 211*de0e0e4dSAntonio Huete Jimenez * responses SEQUENCE OF SingleResponse, 212*de0e0e4dSAntonio Huete Jimenez * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 213*de0e0e4dSAntonio Huete Jimenez */ 214*de0e0e4dSAntonio Huete Jimenez struct ocsp_response_data_st { 215*de0e0e4dSAntonio Huete Jimenez ASN1_INTEGER *version; 216*de0e0e4dSAntonio Huete Jimenez OCSP_RESPID *responderId; 217*de0e0e4dSAntonio Huete Jimenez ASN1_GENERALIZEDTIME *producedAt; 218*de0e0e4dSAntonio Huete Jimenez STACK_OF(OCSP_SINGLERESP) *responses; 219*de0e0e4dSAntonio Huete Jimenez STACK_OF(X509_EXTENSION) *responseExtensions; 220*de0e0e4dSAntonio Huete Jimenez } /* OCSP_RESPDATA */; 221*de0e0e4dSAntonio Huete Jimenez 222*de0e0e4dSAntonio Huete Jimenez /* BasicOCSPResponse ::= SEQUENCE { 223*de0e0e4dSAntonio Huete Jimenez * tbsResponseData ResponseData, 224*de0e0e4dSAntonio Huete Jimenez * signatureAlgorithm AlgorithmIdentifier, 225*de0e0e4dSAntonio Huete Jimenez * signature BIT STRING, 226*de0e0e4dSAntonio Huete Jimenez * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 227*de0e0e4dSAntonio Huete Jimenez */ 228*de0e0e4dSAntonio Huete Jimenez /* Note 1: 229*de0e0e4dSAntonio Huete Jimenez The value for "signature" is specified in the OCSP rfc2560 as follows: 230*de0e0e4dSAntonio Huete Jimenez "The value for the signature SHALL be computed on the hash of the DER 231*de0e0e4dSAntonio Huete Jimenez encoding ResponseData." This means that you must hash the DER-encoded 232*de0e0e4dSAntonio Huete Jimenez tbsResponseData, and then run it through a crypto-signing function, which 233*de0e0e4dSAntonio Huete Jimenez will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems 234*de0e0e4dSAntonio Huete Jimenez a bit odd, but that's the spec. Also note that the data structures do not 235*de0e0e4dSAntonio Huete Jimenez leave anywhere to independently specify the algorithm used for the initial 236*de0e0e4dSAntonio Huete Jimenez hash. So, we look at the signature-specification algorithm, and try to do 237*de0e0e4dSAntonio Huete Jimenez something intelligent. -- Kathy Weinhold, CertCo */ 238*de0e0e4dSAntonio Huete Jimenez /* Note 2: 239*de0e0e4dSAntonio Huete Jimenez It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open 240*de0e0e4dSAntonio Huete Jimenez for interpretation. I've done tests against another responder, and found 241*de0e0e4dSAntonio Huete Jimenez that it doesn't do the double hashing that the RFC seems to say one 242*de0e0e4dSAntonio Huete Jimenez should. Therefore, all relevant functions take a flag saying which 243*de0e0e4dSAntonio Huete Jimenez variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ 244*de0e0e4dSAntonio Huete Jimenez struct ocsp_basic_response_st { 245*de0e0e4dSAntonio Huete Jimenez OCSP_RESPDATA *tbsResponseData; 246*de0e0e4dSAntonio Huete Jimenez X509_ALGOR *signatureAlgorithm; 247*de0e0e4dSAntonio Huete Jimenez ASN1_BIT_STRING *signature; 248*de0e0e4dSAntonio Huete Jimenez STACK_OF(X509) *certs; 249*de0e0e4dSAntonio Huete Jimenez } /* OCSP_BASICRESP */; 250*de0e0e4dSAntonio Huete Jimenez 251*de0e0e4dSAntonio Huete Jimenez /* CrlID ::= SEQUENCE { 252*de0e0e4dSAntonio Huete Jimenez * crlUrl [0] EXPLICIT IA5String OPTIONAL, 253*de0e0e4dSAntonio Huete Jimenez * crlNum [1] EXPLICIT INTEGER OPTIONAL, 254*de0e0e4dSAntonio Huete Jimenez * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } 255*de0e0e4dSAntonio Huete Jimenez */ 256*de0e0e4dSAntonio Huete Jimenez struct ocsp_crl_id_st { 257*de0e0e4dSAntonio Huete Jimenez ASN1_IA5STRING *crlUrl; 258*de0e0e4dSAntonio Huete Jimenez ASN1_INTEGER *crlNum; 259*de0e0e4dSAntonio Huete Jimenez ASN1_GENERALIZEDTIME *crlTime; 260*de0e0e4dSAntonio Huete Jimenez } /* OCSP_CRLID */; 261*de0e0e4dSAntonio Huete Jimenez 262*de0e0e4dSAntonio Huete Jimenez /* ServiceLocator ::= SEQUENCE { 263*de0e0e4dSAntonio Huete Jimenez * issuer Name, 264*de0e0e4dSAntonio Huete Jimenez * locator AuthorityInfoAccessSyntax OPTIONAL } 265*de0e0e4dSAntonio Huete Jimenez */ 266*de0e0e4dSAntonio Huete Jimenez struct ocsp_service_locator_st { 267*de0e0e4dSAntonio Huete Jimenez X509_NAME* issuer; 268*de0e0e4dSAntonio Huete Jimenez STACK_OF(ACCESS_DESCRIPTION) *locator; 269*de0e0e4dSAntonio Huete Jimenez } /* OCSP_SERVICELOC */; 270*de0e0e4dSAntonio Huete Jimenez 271*de0e0e4dSAntonio Huete Jimenez #define OCSP_REQUEST_sign(o,pkey,md) \ 272*de0e0e4dSAntonio Huete Jimenez ASN1_item_sign(&OCSP_REQINFO_it, \ 273*de0e0e4dSAntonio Huete Jimenez (o)->optionalSignature->signatureAlgorithm, NULL, \ 274*de0e0e4dSAntonio Huete Jimenez (o)->optionalSignature->signature,o->tbsRequest, (pkey), (md)) 275*de0e0e4dSAntonio Huete Jimenez 276*de0e0e4dSAntonio Huete Jimenez #define OCSP_BASICRESP_sign(o,pkey,md,d) \ 277*de0e0e4dSAntonio Huete Jimenez ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \ 278*de0e0e4dSAntonio Huete Jimenez (o)->signature,(o)->tbsResponseData,(pkey),(md)) 279*de0e0e4dSAntonio Huete Jimenez 280*de0e0e4dSAntonio Huete Jimenez #define OCSP_REQUEST_verify(a,r) \ 281*de0e0e4dSAntonio Huete Jimenez ASN1_item_verify(&OCSP_REQINFO_it, \ 282*de0e0e4dSAntonio Huete Jimenez (a)->optionalSignature->signatureAlgorithm, \ 283*de0e0e4dSAntonio Huete Jimenez (a)->optionalSignature->signature, (a)->tbsRequest, (r)) 284*de0e0e4dSAntonio Huete Jimenez 285*de0e0e4dSAntonio Huete Jimenez #define OCSP_BASICRESP_verify(a,r,d) \ 286*de0e0e4dSAntonio Huete Jimenez ASN1_item_verify(&OCSP_RESPDATA_it, \ 287*de0e0e4dSAntonio Huete Jimenez (a)->signatureAlgorithm, (a)->signature, (a)->tbsResponseData, (r)) 288*de0e0e4dSAntonio Huete Jimenez 289*de0e0e4dSAntonio Huete Jimenez __END_HIDDEN_DECLS 290*de0e0e4dSAntonio Huete Jimenez 291*de0e0e4dSAntonio Huete Jimenez #endif /* !HEADER_OCSP_LOCAL_H */ 292