#define USENONCE 0
-static canl_x509store_t * store_dup(canl_x509store_t *store_from);
static X509_STORE * canl_create_x509store(canl_x509store_t *store);
static OCSP_RESPONSE *send_request(OCSP_REQUEST *req, char *host, char *path,
{
if (!ocspreq)
return 1;
- if (*ocspreq) {
- ocsprequest_free(*ocspreq);
- }
- else {
- *ocspreq = calloc(1, sizeof(**ocspreq));
- if (!(*ocspreq))
- return 1;
- }
-
- return 0;
-}
-
-int canl_x509store_init(canl_x509store_t **cs)
-{
- if (!cs)
+ *ocspreq = calloc(1, sizeof(**ocspreq));
+ if (!(*ocspreq))
return 1;
- if (*cs) {
- canl_x509store_free(*cs);
- }
- else {
- *cs = calloc(1, sizeof(**cs));
- if (!(*cs))
- return 1;
- }
return 0;
}
-void ocsprequest_free(canl_ocsprequest_t *or)
+void ocsprequest_free(canl_ocsprequest_t *ocspreq)
{
- if (!or)
- return;
- if (or->url){
- free(or->url);
- or->url = NULL;
- }
- if (or->cert){
- X509_free(or->cert);
- or->cert = NULL;
- }
- if (or->issuer){
- X509_free(or->issuer);
- or->issuer = NULL;
- }
- if (or->store){
- canl_x509store_free((or->store));
- or->store = NULL;
- }
- if (or->sign_cert){
- X509_free(or->sign_cert);
- or->sign_cert = NULL;
- }
- if (or->sign_key){
- EVP_PKEY_free(or->sign_key);
- or->sign_key = NULL;
- }
- or->skew = 0;
- or->maxage = 0;
-}
-
-void canl_x509store_free(canl_x509store_t *cs)
-{
- if (!cs)
- return;
- if (cs->ca_dir){
- free(cs->ca_dir);
- cs->ca_dir = NULL;
- }
- if (cs->crl_dir){
- free(cs->crl_dir);
- cs->crl_dir = NULL;
- }
- if (cs->ca_file){
- free(cs->ca_file);
- cs->ca_file = NULL;
- }
-}
-
-int set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert)
-{
- if (!ocspreq)
- return 1;
-
- if (cert) {
- if (!ocspreq->cert) {
- X509_free(ocspreq->cert);
- ocspreq->cert = NULL;
- }
- ocspreq->cert = X509_dup(cert);
- if (!ocspreq->cert)
- return 1;
- }
- return 0;
+ if (ocspreq)
+ free(ocspreq);
}
int set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url)
return 0;
}
-int set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer)
-{
- if (!ocspreq)
- return 1;
- if (issuer) {
- if (!ocspreq->issuer) {
- X509_free (ocspreq->issuer);
- ocspreq->issuer = NULL;
- }
- ocspreq->issuer = X509_dup(issuer);
- if (!ocspreq->issuer)
- return 1;
- }
- return 0;
-}
-
int set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert)
{
if (!ocspreq)
return 0;
}
-int set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew)
-{
- if (!ocspreq)
- return 1;
- if (skew)
- ocspreq->skew = skew;
- return 0;
-}
-
-int set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage)
-{
- if (!ocspreq)
- return 1;
- if (maxage)
- ocspreq->maxage = maxage;
- return 0;
-}
-
-int set_ocsp_timeout(canl_ocsprequest_t *ocspreq, int timeout)
-{
- if (!ocspreq)
- return 1;
- if (timeout)
- ocspreq->timeout = timeout;
- return 0;
-}
-
-int set_ocsp_chain(canl_ocsprequest_t *ocspreq, STACK_OF(X509) *chain)
-{
- if (!ocspreq)
- return 1;
- if (chain)
- ocspreq->cert_chain = chain;
- return 0;
-}
-
-static canl_x509store_t *
-store_dup(canl_x509store_t *store_from)
-{
- canl_x509store_t *store_to = NULL;
- if (!store_from)
- return NULL;
-
- store_to = calloc(1, sizeof(*store_to));
- if (!store_to)
- return NULL;
-
- if (store_from->ca_dir) {
- int len = strlen(store_from->ca_dir);
- store_to->ca_dir = (char *) malloc((len + 1) * sizeof (char));
- if (!store_to->ca_dir)
- return NULL;
- strncpy (store_to->ca_dir, store_from->ca_dir, len + 1);
- }
- if (store_from->crl_dir) {
- int len = strlen(store_from->crl_dir);
- store_to->crl_dir = (char *) malloc((len + 1) * sizeof (char));
- if (!store_to->crl_dir)
- return NULL;
- strncpy (store_to->crl_dir, store_from->crl_dir, len + 1);
- }
- return store_to;
-}
-
-int
-set_ocsp_store(canl_ocsprequest_t *ocspreq, canl_x509store_t *store)
-{
- if (!ocspreq)
- return 1;
- if (store){
- if (ocspreq->store)
- canl_x509store_free(ocspreq->store);
- ocspreq->store = store_dup(store);
- if (!ocspreq->store)
- return 1;
- }
- return 0;
-}
-
static X509_STORE *
canl_create_x509store(canl_x509store_t *c_store)
{
if (USENONCE && OCSP_check_nonce(req, basic) <= 0)
goto end;
/* TODO is this compulsory? */
- store = canl_create_x509store(data->store);
+ store = canl_create_x509store(&data->store);
if (!store)
goto end;
X509 *cert;
X509 *issuer;
STACK_OF(X509) *cert_chain;
- canl_x509store_t *store;
+ canl_x509store_t store;
X509 *sign_cert;
EVP_PKEY *sign_key;
long skew;
/* Methods to access canl_ocsprequest_t */
int set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert);
int set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key);
-int set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert);
-int set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew);
-int set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage);
int set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url);
-int set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer);
-int set_ocsp_store(canl_ocsprequest_t *ocspreq, canl_x509store_t *store);
-int set_ocsp_chain(canl_ocsprequest_t *ocspreq, STACK_OF(X509) *chain);
int ocsprequest_init(canl_ocsprequest_t **ocspreq);
-void ocsprequest_free(canl_ocsprequest_t *or);
-int canl_x509store_init(canl_x509store_t **cs);
-void canl_x509store_free(canl_x509store_t *cs);
+void ocsprequest_free(canl_ocsprequest_t *ocspreq);
int do_ocsp_verify (canl_ocsprequest_t *data);
ocsprequest_init(&ocsp_data);
if (ocsp_data) {
if (ctx->current_cert)
- set_ocsp_cert(ocsp_data, ctx->current_cert);
+ ocsp_data->cert = ctx->current_cert;
if (ctx->current_issuer)
- set_ocsp_issuer(ocsp_data, ctx->current_issuer);
- if (cert_dir){
- canl_x509store_t *c_store = NULL;
- if (!canl_x509store_init(&c_store)) {
- c_store->ca_dir = strdup(cert_dir);
- set_ocsp_store(ocsp_data, c_store);
- canl_x509store_free(c_store);
- c_store = NULL;
- }
- }
- set_ocsp_skew(ocsp_data, MAX_VALIDITY_PERIOD);
- set_ocsp_maxage(ocsp_data, -1);
- set_ocsp_chain(ocsp_data, ctx->chain);
+ ocsp_data->issuer = ctx->current_issuer;
+ if (cert_dir)
+ ocsp_data->store.ca_dir = cert_dir;
+
+ ocsp_data->skew = MAX_VALIDITY_PERIOD;
+ ocsp_data->maxage = -1;
+ if (ctx->chain)
+ ocsp_data->cert_chain = ctx->chain;
/*Timeout should be set here
- set_ocsp_timeout(pvd->timeout, -1); */
+ ocsp_data->timeout = -1; */
do_ocsp_verify (ocsp_data);
/* TODO sign key and cert */
+ ocsprequest_free(ocsp_data);
+ ocsp_data = NULL;
}
EVP_PKEY_free(key);
if (objset)
- X509_OBJECT_free_contents(&obj);
+ X509_OBJECT_free_contents(&obj);
return(ok);
git://scientific.zcu.cz / jra1mw.git / commitdiff