[svn] ksba - r253 - in trunk: . src tests

Wed Aug 30 22:39:53 CEST 2006

Author: wk
Date: 2006-08-30 22:39:53 +0200 (Wed, 30 Aug 2006)
New Revision: 253

Modified:
   trunk/NEWS
   trunk/TODO
   trunk/src/ChangeLog
   trunk/src/ksba.h
   trunk/src/libksba.vers
   trunk/src/ocsp.c
   trunk/tests/t-ocsp.c
Log:
More OCSP fixes and one new API


Modified: trunk/NEWS
===================================================================

--- trunk/NEWS	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/NEWS	2006-08-30 20:39:53 UTC (rev 253)
@@ -1,9 +1,15 @@
 Noteworthy changes in version 0.9.17
 -------------------------------------------------
 
- * OCSP nonces are now checked to detact replay attacks.
+ * OCSP nonces are now checked to detect replay attacks.
 
+ * OCSP extensions may no be retrieved.
 
+ * Interface changes relative to the 0.9.16 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ksba_ocsp_get_extension        NEW
+
+
 Noteworthy changes in version 0.9.16 (2006-08-01)
 -------------------------------------------------
 

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/TODO	2006-08-30 20:39:53 UTC (rev 253)
@@ -51,3 +51,4 @@
 ** The ASN.1 parse tree is not released in all places
 ** Some memory is not released in case of errors.
 
+* Implement ksba_ocsp_get_extension!!!!

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/src/ChangeLog	2006-08-30 20:39:53 UTC (rev 253)
@@ -2,6 +2,8 @@
 
 	* ocsp.c (extract_nonce): New.
 	(ksba_ocsp_parse_response): Set status to replay on bad nonce.
+	(ksba_ocsp_get_extension): New.
+	(parse_response): Fixed storing of received_certs.
 
 	* util.c (ksba_calloc): Protect against integer overflow.
 

Modified: trunk/src/ksba.h
===================================================================
--- trunk/src/ksba.h	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/src/ksba.h	2006-08-30 20:39:53 UTC (rev 253)
@@ -399,9 +399,12 @@
                                   ksba_isotime_t r_next_update,
                                   ksba_isotime_t r_revocation_time,
                                   ksba_crl_reason_t *r_reason);
+gpg_error_t ksba_ocsp_get_extension (ksba_ocsp_t ocsp, ksba_cert_t cert,
+                                     int idx,
+                                     char const **r_oid, int *r_crit,
+                                     size_t *r_deroff, size_t *r_derlen);
 
 
-
 /*-- certreq.c --*/
 gpg_error_t ksba_certreq_new (ksba_certreq_t *r_cr);
 void        ksba_certreq_release (ksba_certreq_t cr);

Modified: trunk/src/libksba.vers
===================================================================
--- trunk/src/libksba.vers	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/src/libksba.vers	2006-08-30 20:39:53 UTC (rev 253)
@@ -77,7 +77,7 @@
     ksba_ocsp_get_status; ksba_ocsp_hash_request; ksba_ocsp_hash_response;
     ksba_ocsp_new; ksba_ocsp_parse_response; ksba_ocsp_prepare_request;
     ksba_ocsp_release; ksba_ocsp_set_digest_algo; ksba_ocsp_set_nonce;
-    ksba_ocsp_set_requestor; ksba_ocsp_set_sig_val;
+    ksba_ocsp_set_requestor; ksba_ocsp_set_sig_val; ksba_ocsp_get_extension;
 
     ksba_oid_from_str; ksba_oid_to_str;
 

Modified: trunk/src/ocsp.c
===================================================================
--- trunk/src/ocsp.c	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/src/ocsp.c	2006-08-30 20:39:53 UTC (rev 253)
@@ -1412,7 +1412,7 @@
         cl->cert = cert;
 
         *cl_tail = cl;
-        cl_tail = &ocsp->received_certs;
+        cl_tail = &cl->next;
       }
   }
 
@@ -1607,7 +1607,7 @@
   /* Find the certificate.  We don't care about the issuer certificate
      and stop at the first match.  The implementation may be optimized
      by keeping track of the last certificate found to start with the
-     next one the.  Given that a usual request consiost only of a few
+     next one then.  Given that a usual request consists only of a few
      certificates, this does not make much sense in reality. */
   for (ri=ocsp->requestlist; ri; ri = ri->next)
     if (ri->cert == cert)
@@ -1626,3 +1626,42 @@
     *r_reason = ri->revocation_reason;
   return 0;
 }
+
+
+gpg_error_t
+ksba_ocsp_get_extension (ksba_ocsp_t ocsp, ksba_cert_t cert, int idx,
+                         char const **r_oid, int *r_crit,
+                         size_t *r_deroff, size_t *r_derlen)
+{
+  gpg_error_t err;
+
+  if (!ocsp)
+    return gpg_error (GPG_ERR_INV_VALUE);
+  if (!ocsp->requestlist)
+    return gpg_error (GPG_ERR_MISSING_ACTION);
+
+  if (cert)
+    {
+      /* Return extensions for the certificate (singleExtensions).  */
+/*       for (ri=ocsp->requestlist; ri; ri = ri->next) */
+/*         if (ri->cert == cert) */
+/*           break; */
+/*       if (!ri) */
+/*         return gpg_error (GPG_ERR_NOT_FOUND); */
+
+
+    }
+  else
+    {
+      /* Return extensions for the response (responseExtensions).  */
+
+
+
+    }
+
+  return gpg_error (GPG_ERR_EOF); 
+
+/*   if (idx < 0 || idx >= cert->cache.n_extns) */
+/*     return gpg_error (GPG_ERR_INV_INDEX); */
+}
+

Modified: trunk/tests/t-ocsp.c
===================================================================
--- trunk/tests/t-ocsp.c	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/tests/t-ocsp.c	2006-08-30 20:39:53 UTC (rev 253)
@@ -203,7 +203,8 @@
     }
   printf ("response status ..: %s\n", t);
 
-  if (response_status == KSBA_OCSP_RSPSTATUS_SUCCESS)
+  if (response_status == KSBA_OCSP_RSPSTATUS_SUCCESS
+      || response_status == KSBA_OCSP_RSPSTATUS_REPLAYED)
     {
       ksba_status_t status;
       ksba_crl_reason_t reason;
@@ -216,7 +217,9 @@
       printf ("\nproduced at ......: ");
       print_time (produced_at);
       putchar ('\n');
+      
 
+
       err = ksba_ocsp_get_status (ocsp, cert,
                                   &status, this_update, next_update,
                                   revocation_time, &reason);
@@ -252,6 +255,15 @@
       printf ("\nnext update ......: ");
       print_time (next_update);
       putchar ('\n');
+      {
+        int cert_idx;
+        ksba_cert_t acert;
+
+        for (cert_idx=0; (acert = ksba_ocsp_get_cert (ocsp, cert_idx));
+             cert_idx++)
+          ksba_cert_release (acert);
+        printf ("extra certificates: %d\n", cert_idx );
+      }
     }
   
 


