blob: 42059e1c6fe36db647fe6b3a1ca69575d5d2491e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
/**
* @file ocsp.h
*
* @brief Interface of ocsp_t
*
*/
/* Support of the Online Certificate Status Protocol (OCSP) Support
* Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
* Copyright (C) 2007 Andreas Steffen
* Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
*/
#ifndef OCSP_H_
#define OCSP_H_
typedef struct ocsp_t ocsp_t;
#include <credential_store.h>
#include <utils/linked_list.h>
#include "certinfo.h"
/* constants */
#define OCSP_BASIC_RESPONSE_VERSION 1
#define OCSP_DEFAULT_VALID_TIME 120 /* validity of one-time response in seconds */
#define OCSP_WARNING_INTERVAL 2 /* days */
/* OCSP response status */
typedef enum {
STATUS_SUCCESSFUL = 0,
STATUS_MALFORMEDREQUEST = 1,
STATUS_INTERNALERROR = 2,
STATUS_TRYLATER = 3,
STATUS_SIGREQUIRED = 5,
STATUS_UNAUTHORIZED= 6
} response_status;
/**
* @brief Online Certficate Status Protocol (OCSP)
*
* @ingroup transforms
*/
struct ocsp_t {
/**
* @brief Fetches the actual certificate status via OCSP
*
* @param uris linked list of ocsp uris
* @param certinfo certificate status info to be updated
* @param credentials credential store needed for trust path verification
*/
void (*fetch) (ocsp_t *this, certinfo_t *certinfo, credential_store_t *credentials);
/**
* @brief Destroys the ocsp_t object.
*
* @param this ocsp object to destroy
*/
void (*destroy) (ocsp_t *this);
};
/**
* @brief Create an ocsp_t object.
*
* @param cacert ca certificate
* @param uris linked list of ocsp uris
* @return created ocsp_t object
*
* @ingroup transforms
*/
ocsp_t *ocsp_create(x509_t *cacert, linked_list_t *uris);
#endif /* OCSP_H_ */
|
