ocsp.h

00001 /* ocsp.h
00002  *
00003  * Copyright (C) 2006-2017 wolfSSL Inc.
00004  *
00005  * This file is part of wolfSSL.
00006  *
00007  * wolfSSL is free software; you can redistribute it and/or modify
00008  * it under the terms of the GNU General Public License as published by
00009  * the Free Software Foundation; either version 2 of the License, or
00010  * (at your option) any later version.
00011  *
00012  * wolfSSL is distributed in the hope that it will be useful,
00013  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00014  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015  * GNU General Public License for more details.
00016  *
00017  * You should have received a copy of the GNU General Public License
00018  * along with this program; if not, write to the Free Software
00019  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
00020  */
00021 
00022 
00023 
00024 /* wolfSSL OCSP API */
00025 
00026 #ifndef WOLFSSL_OCSP_H
00027 #define WOLFSSL_OCSP_H
00028 
00029 #ifdef HAVE_OCSP
00030 
00031 #include <wolfssl/ssl.h>
00032 #include <wolfssl/wolfcrypt/asn.h>
00033 
00034 #ifdef __cplusplus
00035     extern "C" {
00036 #endif
00037 
00038 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
00039 
00040 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
00041 typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP;
00042 
00043 typedef struct OcspRequest WOLFSSL_OCSP_CERTID;
00044 
00045 typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
00046 #endif
00047 
00048 WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
00049 WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
00050 
00051 WOLFSSL_LOCAL int  CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*,
00052                                            WOLFSSL_BUFFER_INFO* responseBuffer);
00053 WOLFSSL_LOCAL int  CheckCertOCSP_ex(WOLFSSL_OCSP*, DecodedCert*,
00054                              WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl);
00055 WOLFSSL_LOCAL int  CheckOcspRequest(WOLFSSL_OCSP* ocsp,
00056                  OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
00057 
00058 
00059 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
00060 
00061 WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
00062     WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
00063     WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd,
00064     WOLFSSL_ASN1_TIME** nextupd);
00065 WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s);
00066 WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd,
00067     WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec);
00068 
00069 WOLFSSL_API void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId);
00070 WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
00071     const WOLFSSL_EVP_MD *dgst, const WOLFSSL_X509 *subject,
00072     const WOLFSSL_X509 *issuer);
00073 
00074 WOLFSSL_API void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse);
00075 WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
00076     WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags);
00077 
00078 WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response);
00079 WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
00080     OcspResponse** response);
00081 WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
00082     const unsigned char** data, int len);
00083 WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
00084     unsigned char** data);
00085 WOLFSSL_API int wolfSSL_OCSP_response_status(OcspResponse *response);
00086 WOLFSSL_API const char *wolfSSL_OCSP_response_status_str(long s);
00087 WOLFSSL_API WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(
00088     OcspResponse* response);
00089 
00090 WOLFSSL_API OcspRequest* wolfSSL_OCSP_REQUEST_new(void);
00091 WOLFSSL_API void wolfSSL_OCSP_REQUEST_free(OcspRequest* request);
00092 WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request,
00093     unsigned char** data);
00094 WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
00095     WOLFSSL_OCSP_CERTID *cid);
00096 
00097 #endif
00098 
00099 
00100 #ifdef __cplusplus
00101     }  /* extern "C" */
00102 #endif
00103 
00104 
00105 #endif /* HAVE_OCSP */
00106 #endif /* WOLFSSL_OCSP_H */
00107 
00108 
00109