[gnutls-devel] GnuTLS | OCSP response manipulation & signing support (#859)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Nov 5 11:07:39 CET 2019
Mario Biberhofer commented:
Alright, I'll once again review it/clean it up (I've let it "rest" for the past few weeks) and then publish the implementation and create an MR.
As a teaser, here's a list of the functions I added to the OCSP implementation:
```
int gnutls_ocsp_resp_set_version(gnutls_ocsp_resp_t resp, unsigned int version);
int gnutls_ocsp_resp_set_responder_raw_id(gnutls_ocsp_resp_t resp, unsigned type, gnutls_datum_t raw);
int gnutls_ocsp_resp_set_produced_at(gnutls_ocsp_resp_t resp, time_t produced_at);
int gnutls_ocsp_resp_append_single_resp(gnutls_ocsp_resp_t resp,
gnutls_digest_algorithm_t digest,
const gnutls_datum_t *issuer_name_hash,
const gnutls_datum_t *issuer_key_hash,
const gnutls_datum_t *serial_number,
gnutls_ocsp_cert_status_t status,
time_t *revocation_time,
gnutls_x509_crl_reason_t revocation_reason,
time_t *next_update, time_t *this_update);
int gnutls_ocsp_resp_set_signature_algorithm(gnutls_ocsp_resp_t resp, gnutls_sign_algorithm_t algo);
int gnutls_ocsp_resp_set_signature(gnutls_ocsp_resp_t resp, gnutls_datum_t sig);
int gnutls_ocsp_resp_sign(gnutls_ocsp_resp_t resp, gnutls_x509_privkey_t sign_key);
int gnutls_ocsp_resp_set_status(gnutls_ocsp_resp_t resp, gnutls_ocsp_resp_status_t status);
int gnutls_ocsp_resp_set_nonce(gnutls_ocsp_resp_t resp, unsigned int critical, gnutls_datum_t * nonce);
int gnutls_ocsp_resp_set_certs(gnutls_ocsp_resp_t resp, gnutls_x509_crt_t * certs, size_t ncerts);
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/859#note_240122107
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191105/8bede2e4/attachment-0001.html>
More information about the Gnutls-devel
mailing list