[gnutls-devel] GnuTLS | OCSP response manipulation & signing support (#859)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Nov 5 11:07:39 CET 2019




Mario Biberhofer commented:


Alright, I'll once again review it/clean it up (I've let it "rest" for the past few weeks) and then publish the implementation and create an MR.

As a teaser, here's a list of the functions I added to the OCSP implementation:

```
int gnutls_ocsp_resp_set_version(gnutls_ocsp_resp_t resp, unsigned int version);
int gnutls_ocsp_resp_set_responder_raw_id(gnutls_ocsp_resp_t resp, unsigned type, gnutls_datum_t raw);
int gnutls_ocsp_resp_set_produced_at(gnutls_ocsp_resp_t resp, time_t produced_at);
int gnutls_ocsp_resp_append_single_resp(gnutls_ocsp_resp_t resp,
                                       gnutls_digest_algorithm_t digest,
                                       const gnutls_datum_t *issuer_name_hash,
                                       const gnutls_datum_t *issuer_key_hash,
                                       const gnutls_datum_t *serial_number,
                                       gnutls_ocsp_cert_status_t status,
                                       time_t *revocation_time,
                                       gnutls_x509_crl_reason_t revocation_reason,
                                       time_t *next_update, time_t *this_update);

int gnutls_ocsp_resp_set_signature_algorithm(gnutls_ocsp_resp_t resp, gnutls_sign_algorithm_t algo);
int gnutls_ocsp_resp_set_signature(gnutls_ocsp_resp_t resp, gnutls_datum_t sig);
int gnutls_ocsp_resp_sign(gnutls_ocsp_resp_t resp, gnutls_x509_privkey_t sign_key);
int gnutls_ocsp_resp_set_status(gnutls_ocsp_resp_t resp, gnutls_ocsp_resp_status_t status);
int gnutls_ocsp_resp_set_nonce(gnutls_ocsp_resp_t resp, unsigned int critical, gnutls_datum_t * nonce);
int gnutls_ocsp_resp_set_certs(gnutls_ocsp_resp_t resp, gnutls_x509_crt_t * certs, size_t ncerts);
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/859#note_240122107
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191105/8bede2e4/attachment-0001.html>


More information about the Gnutls-devel mailing list