Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1245)

Unified Diff: lib/certhigh/ocsp.h

Issue 201830043: Bug 1118245 - Apply uniform style across NSS
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « lib/certhigh/crlv2.c ('k') | lib/certhigh/ocsp.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/certhigh/ocsp.h
===================================================================
--- a/lib/certhigh/ocsp.h
+++ b/lib/certhigh/ocsp.h
@@ -4,114 +4,105 @@
/*
* Interface to the OCSP implementation.
*/
#ifndef _OCSP_H_
#define _OCSP_H_
-
#include "plarena.h"
#include "seccomon.h"
#include "secoidt.h"
#include "keyt.h"
#include "certt.h"
#include "ocspt.h"
-
/************************************************************************/
SEC_BEGIN_PROTOS
/*
* This function registers the HttpClient with whose functions the
* HttpClientFcn structure has been populated as the default Http
* client.
*
* The function table must be a global object.
* The caller must ensure that NSS will be able to call
* the registered functions for the lifetime of the process.
*/
-extern SECStatus
-SEC_RegisterDefaultHttpClient(const SEC_HttpClientFcn *fcnTable);
+extern SECStatus SEC_RegisterDefaultHttpClient(
+ const SEC_HttpClientFcn *fcnTable);
/*
* This function obtains the HttpClient which has been registered
* by an earlier call to SEC_RegisterDefaultHttpClient.
*/
-extern const SEC_HttpClientFcn *
-SEC_GetRegisteredHttpClient(void);
+extern const SEC_HttpClientFcn *SEC_GetRegisteredHttpClient(void);
/*
* Sets parameters that control NSS' internal OCSP cache.
* maxCacheEntries, special varlues are:
* -1 disable cache
* 0 unlimited cache entries
* minimumSecondsToNextFetchAttempt:
* whenever an OCSP request was attempted or completed over the network,
* wait at least this number of seconds before trying to fetch again.
* maximumSecondsToNextFetchAttempt:
* this is the maximum age of a cached response we allow, until we try
* to fetch an updated response, even if the OCSP responder expects
* that newer information update will not be available yet.
*/
-extern SECStatus
-CERT_OCSPCacheSettings(PRInt32 maxCacheEntries,
- PRUint32 minimumSecondsToNextFetchAttempt,
- PRUint32 maximumSecondsToNextFetchAttempt);
+extern SECStatus CERT_OCSPCacheSettings(
+ PRInt32 maxCacheEntries, PRUint32 minimumSecondsToNextFetchAttempt,
+ PRUint32 maximumSecondsToNextFetchAttempt);
/*
* Set the desired behaviour on OCSP failures.
* See definition of ocspFailureMode for allowed choices.
*/
-extern SECStatus
-CERT_SetOCSPFailureMode(SEC_OcspFailureMode ocspFailureMode);
+extern SECStatus CERT_SetOCSPFailureMode(SEC_OcspFailureMode ocspFailureMode);
/*
* Configure the maximum time NSS will wait for an OCSP response.
*/
-extern SECStatus
-CERT_SetOCSPTimeout(PRUint32 seconds);
+extern SECStatus CERT_SetOCSPTimeout(PRUint32 seconds);
/*
* Removes all items currently stored in the OCSP cache.
*/
-extern SECStatus
-CERT_ClearOCSPCache(void);
+extern SECStatus CERT_ClearOCSPCache(void);
/*
* FUNCTION: CERT_EnableOCSPChecking
* Turns on OCSP checking for the given certificate database.
* INPUTS:
* CERTCertDBHandle *handle
* Certificate database for which OCSP checking will be enabled.
* RETURN:
* Returns SECFailure if an error occurred (likely only problem
* allocating memory); SECSuccess otherwise.
*/
-extern SECStatus
-CERT_EnableOCSPChecking(CERTCertDBHandle *handle);
+extern SECStatus CERT_EnableOCSPChecking(CERTCertDBHandle *handle);
/*
* FUNCTION: CERT_DisableOCSPChecking
* Turns off OCSP checking for the given certificate database.
* This routine disables OCSP checking. Though it will return
* SECFailure if OCSP checking is not enabled, it is "safe" to
* call it that way and just ignore the return value, if it is
* easier to just call it than to "remember" whether it is enabled.
* INPUTS:
* CERTCertDBHandle *handle
* Certificate database for which OCSP checking will be disabled.
* RETURN:
* Returns SECFailure if an error occurred (usually means that OCSP
* checking was not enabled or status contexts were not initialized --
* error set will be SEC_ERROR_OCSP_NOT_ENABLED); SECSuccess otherwise.
*/
-extern SECStatus
-CERT_DisableOCSPChecking(CERTCertDBHandle *handle);
+extern SECStatus CERT_DisableOCSPChecking(CERTCertDBHandle *handle);
/*
* FUNCTION: CERT_SetOCSPDefaultResponder
* Specify the location and cert of the default responder.
* If OCSP checking is already enabled *and* use of a default responder
* is also already enabled, all OCSP checking from now on will go directly
* to the specified responder. If OCSP checking is not enabled, or if
* it is but use of a default responder is not enabled, the information
@@ -127,19 +118,19 @@ CERT_DisableOCSPChecking(CERTCertDBHandl
* The nickname of the cert to trust (expected) to sign the OCSP responses.
* If the corresponding cert cannot be found, SECFailure is returned.
* RETURN:
* Returns SECFailure if an error occurred; SECSuccess otherwise.
* The most likely error is that the cert for "name" could not be found
* (probably SEC_ERROR_UNKNOWN_CERT). Other errors are low-level (no memory,
* bad database, etc.).
*/
-extern SECStatus
-CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
- const char *url, const char *name);
+extern SECStatus CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
+ const char *url,
+ const char *name);
/*
* FUNCTION: CERT_EnableOCSPDefaultResponder
* Turns on use of a default responder when OCSP checking.
* If OCSP checking is already enabled, this will make subsequent checks
* go directly to the default responder. (The location of the responder
* and the nickname of the responder cert must already be specified.)
* If OCSP checking is not enabled, this will be recorded and take effect
@@ -148,87 +139,85 @@ CERT_SetOCSPDefaultResponder(CERTCertDBH
* CERTCertDBHandle *handle
* Cert database on which OCSP checking should use the default responder.
* RETURN:
* Returns SECFailure if an error occurred; SECSuccess otherwise.
* No errors are especially likely unless the caller did not previously
* perform a successful call to SetOCSPDefaultResponder (in which case
* the error set will be SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER).
*/
-extern SECStatus
-CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle);
+extern SECStatus CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle);
/*
* FUNCTION: CERT_DisableOCSPDefaultResponder
* Turns off use of a default responder when OCSP checking.
* (Does nothing if use of a default responder is not enabled.)
* INPUTS:
* CERTCertDBHandle *handle
* Cert database on which OCSP checking should stop using a default
* responder.
* RETURN:
* Returns SECFailure if an error occurred; SECSuccess otherwise.
* Errors very unlikely (like random memory corruption...).
*/
-extern SECStatus
-CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle);
+extern SECStatus CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle);
/* If forcePost is set, OCSP requests will only be sent using the HTTP POST
* method. When forcePost is not set, OCSP requests will be sent using the
* HTTP GET method, with a fallback to POST when we fail to receive a response
- * and/or when we receive an uncacheable response like "Unknown."
+ * and/or when we receive an uncacheable response like "Unknown."
*
* The default is to use GET and fallback to POST.
*/
extern SECStatus CERT_ForcePostMethodForOCSP(PRBool forcePost);
/*
* -------------------------------------------------------
* The Functions above are those expected to be used by a client
* providing OCSP status checking along with every cert verification.
* The functions below are for OCSP testing, debugging, or clients
* or servers performing more specialized OCSP tasks.
* -------------------------------------------------------
*/
/*
* FUNCTION: CERT_CreateOCSPRequest
- * Creates a CERTOCSPRequest, requesting the status of the certs in
+ * Creates a CERTOCSPRequest, requesting the status of the certs in
* the given list.
* INPUTS:
* CERTCertList *certList
* A list of certs for which status will be requested.
* Note that all of these certificates should have the same issuer,
* or it's expected the response will be signed by a trusted responder.
* If the certs need to be broken up into multiple requests, that
* must be handled by the caller (and thus by having multiple calls
* to this routine), who knows about where the request(s) are being
* sent and whether there are any trusted responders in place.
* PRTime time
- * Indicates the time for which the certificate status is to be
+ * Indicates the time for which the certificate status is to be
* determined -- this may be used in the search for the cert's issuer
* but has no effect on the request itself.
* PRBool addServiceLocator
* If true, the Service Locator extension should be added to the
* single request(s) for each cert.
* CERTCertificate *signerCert
* If non-NULL, means sign the request using this cert. Otherwise,
* do not sign.
* XXX note that request signing is not yet supported; see comment in code
* RETURN:
* A pointer to a CERTOCSPRequest structure containing an OCSP request
* for the cert list. On error, null is returned, with an error set
* indicating the reason. This is likely SEC_ERROR_UNKNOWN_ISSUER.
* (The issuer is needed to create a request for the certificate.)
* Other errors are low-level problems (no memory, bad database, etc.).
*/
-extern CERTOCSPRequest *
-CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert);
+extern CERTOCSPRequest *CERT_CreateOCSPRequest(CERTCertList *certList,
+ PRTime time,
+ PRBool addServiceLocator,
+ CERTCertificate *signerCert);
/*
* FUNCTION: CERT_AddOCSPAcceptableResponses
* Add the AcceptableResponses extension to an OCSP Request.
* INPUTS:
* CERTOCSPRequest *request
* The request to which the extension should be added.
* SECOidTag responseType0, ...
@@ -236,95 +225,89 @@ CERT_CreateOCSPRequest(CERTCertList *cer
* to be added. The last OID *must* be SEC_OID_PKIX_OCSP_BASIC_RESPONSE.
* (This marks the end of the list, and it must be specified because a
* client conforming to the OCSP standard is required to handle the basic
* response type.) The OIDs are not checked in any way.
* RETURN:
* SECSuccess if the extension is added; SECFailure if anything goes wrong.
* All errors are internal or low-level problems (e.g. no memory).
*/
-extern SECStatus
-CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request,
- SECOidTag responseType0, ...);
+extern SECStatus CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request,
+ SECOidTag responseType0, ...);
-/*
+/*
* FUNCTION: CERT_EncodeOCSPRequest
* DER encodes an OCSP Request, possibly adding a signature as well.
* XXX Signing is not yet supported, however; see comments in code.
- * INPUTS:
+ * INPUTS:
* PLArenaPool *arena
* The return value is allocated from here.
* If a NULL is passed in, allocation is done from the heap instead.
* CERTOCSPRequest *request
* The request to be encoded.
* void *pwArg
* Pointer to argument for password prompting, if needed. (Definitely
* not needed if not signing.)
* RETURN:
* Returns a NULL on error and a pointer to the SECItem with the
* encoded value otherwise. Any error is likely to be low-level
* (e.g. no memory).
*/
-extern SECItem *
-CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
- void *pwArg);
+extern SECItem *CERT_EncodeOCSPRequest(PLArenaPool *arena,
+ CERTOCSPRequest *request, void *pwArg);
/*
* FUNCTION: CERT_DecodeOCSPRequest
* Decode a DER encoded OCSP Request.
* INPUTS:
* SECItem *src
* Pointer to a SECItem holding DER encoded OCSP Request.
* RETURN:
* Returns a pointer to a CERTOCSPRequest containing the decoded request.
* On error, returns NULL. Most likely error is trouble decoding
* (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
*/
-extern CERTOCSPRequest *
-CERT_DecodeOCSPRequest(const SECItem *src);
+extern CERTOCSPRequest *CERT_DecodeOCSPRequest(const SECItem *src);
/*
* FUNCTION: CERT_DestroyOCSPRequest
* Frees an OCSP Request structure.
* INPUTS:
* CERTOCSPRequest *request
* Pointer to CERTOCSPRequest to be freed.
* RETURN:
* No return value; no errors.
*/
-extern void
-CERT_DestroyOCSPRequest(CERTOCSPRequest *request);
+extern void CERT_DestroyOCSPRequest(CERTOCSPRequest *request);
/*
* FUNCTION: CERT_DecodeOCSPResponse
* Decode a DER encoded OCSP Response.
* INPUTS:
* SECItem *src
* Pointer to a SECItem holding DER encoded OCSP Response.
* RETURN:
* Returns a pointer to a CERTOCSPResponse (the decoded OCSP Response);
* the caller is responsible for destroying it. Or NULL if error (either
* response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
* it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
* or a low-level or internal error occurred).
*/
-extern CERTOCSPResponse *
-CERT_DecodeOCSPResponse(const SECItem *src);
+extern CERTOCSPResponse *CERT_DecodeOCSPResponse(const SECItem *src);
/*
* FUNCTION: CERT_DestroyOCSPResponse
* Frees an OCSP Response structure.
* INPUTS:
* CERTOCSPResponse *request
* Pointer to CERTOCSPResponse to be freed.
* RETURN:
* No return value; no errors.
*/
-extern void
-CERT_DestroyOCSPResponse(CERTOCSPResponse *response);
+extern void CERT_DestroyOCSPResponse(CERTOCSPResponse *response);
/*
* FUNCTION: CERT_GetEncodedOCSPResponse
* Creates and sends a request to an OCSP responder, then reads and
* returns the (encoded) response.
* INPUTS:
* PLArenaPool *arena
* Pointer to arena from which return value will be allocated.
@@ -336,17 +319,17 @@ CERT_DestroyOCSPResponse(CERTOCSPRespons
* or it's expected the response will be signed by a trusted responder.
* If the certs need to be broken up into multiple requests, that
* must be handled by the caller (and thus by having multiple calls
* to this routine), who knows about where the request(s) are being
* sent and whether there are any trusted responders in place.
* const char *location
* The location of the OCSP responder (a URL).
* PRTime time
- * Indicates the time for which the certificate status is to be
+ * Indicates the time for which the certificate status is to be
* determined -- this may be used in the search for the cert's issuer
* but has no other bearing on the operation.
* PRBool addServiceLocator
* If true, the Service Locator extension should be added to the
* single request(s) for each cert.
* CERTCertificate *signerCert
* If non-NULL, means sign the request using this cert. Otherwise,
* do not sign.
@@ -362,22 +345,20 @@ CERT_DestroyOCSPResponse(CERTOCSPRespons
* RETURN:
* Returns a pointer to the SECItem holding the response.
* On error, returns null with error set describing the reason:
* SEC_ERROR_UNKNOWN_ISSUER
* SEC_ERROR_CERT_BAD_ACCESS_LOCATION
* SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
* Other errors are low-level problems (no memory, bad database, etc.).
*/
-extern SECItem *
-CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
- const char *location, PRTime time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert, void *pwArg,
- CERTOCSPRequest **pRequest);
+extern SECItem *CERT_GetEncodedOCSPResponse(
+ PLArenaPool *arena, CERTCertList *certList, const char *location,
+ PRTime time, PRBool addServiceLocator, CERTCertificate *signerCert,
+ void *pwArg, CERTOCSPRequest **pRequest);
/*
* FUNCTION: CERT_VerifyOCSPResponseSignature
* Check the signature on an OCSP Response. Will also perform a
* verification of the signer's certificate. Note, however, that a
* successful verification does not make any statement about the
* signer's *authority* to provide status for the certificate(s),
* that must be checked individually for each certificate.
@@ -400,59 +381,57 @@ CERT_GetEncodedOCSPResponse(PLArenaPool
* SEC_ERROR_OCSP_MALFORMED_RESPONSE - unknown type of ResponderID
* SEC_ERROR_INVALID_TIME - bad format of "ProducedAt" time
* SEC_ERROR_UNKNOWN_SIGNER - signer's cert could not be found
* SEC_ERROR_BAD_SIGNATURE - the signature did not verify
* Other errors are any of the many possible failures in cert verification
* (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
* verifying the signer's cert, or low-level problems (no memory, etc.)
*/
-extern SECStatus
-CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
- CERTCertDBHandle *handle, void *pwArg,
- CERTCertificate **pSignerCert,
- CERTCertificate *issuerCert);
+extern SECStatus CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
+ CERTCertDBHandle *handle,
+ void *pwArg,
+ CERTCertificate **pSignerCert,
+ CERTCertificate *issuerCert);
/*
* FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation
* Get the value of the URI of the OCSP responder for the given cert.
* This is found in the (optional) Authority Information Access extension
* in the cert.
* INPUTS:
* CERTCertificate *cert
* The certificate being examined.
* RETURN:
* char *
* A copy of the URI for the OCSP method, if found. If either the
* extension is not present or it does not contain an entry for OCSP,
* SEC_ERROR_EXTENSION_NOT_FOUND will be set and a NULL returned.
* Any other error will also result in a NULL being returned.
- *
+ *
* This result should be freed (via PORT_Free) when no longer in use.
*/
-extern char *
-CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert);
+extern char *CERT_GetOCSPAuthorityInfoAccessLocation(
+ const CERTCertificate *cert);
/*
* FUNCTION: CERT_RegisterAlternateOCSPAIAInfoCallBack
- * This function serves two purposes.
- * 1) It registers the address of a callback function that will be
- * called for certs that have no OCSP AIA extension, to see if the
+ * This function serves two purposes.
+ * 1) It registers the address of a callback function that will be
+ * called for certs that have no OCSP AIA extension, to see if the
* callback wishes to supply an alternative URL for such an OCSP inquiry.
- * 2) It outputs the previously registered function's address to the
+ * 2) It outputs the previously registered function's address to the
* address supplied by the caller, unless that is NULL.
- * The registered callback function returns NULL, or an allocated string
+ * The registered callback function returns NULL, or an allocated string
* that may be subsequently freed by calling PORT_Free().
* RETURN:
* SECSuccess or SECFailure (if the library is not yet intialized)
*/
-extern SECStatus
-CERT_RegisterAlternateOCSPAIAInfoCallBack(
- CERT_StringFromCertFcn newCallback,
- CERT_StringFromCertFcn * oldCallback);
+extern SECStatus CERT_RegisterAlternateOCSPAIAInfoCallBack(
+ CERT_StringFromCertFcn newCallback, CERT_StringFromCertFcn *oldCallback);
/*
* FUNCTION: CERT_ParseURL
* Parse a URI into hostname, port, and path. The scheme in the URI must
* be "http".
* INPUTS:
* const char *url
* The URI to be parsed
@@ -464,18 +443,18 @@ CERT_RegisterAlternateOCSPAIAInfoCallBac
* Pointer to store the port number obtained from the URI.
* char **pPath
* Pointer to store the path obtained from the URI.
* This result should be freed (via PORT_Free) when no longer in use.
* RETURN:
* Returns SECSuccess when parsing was successful. Returns SECFailure when
* problems were encountered.
*/
-extern SECStatus
-CERT_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath);
+extern SECStatus CERT_ParseURL(const char *url, char **pHostname,
+ PRUint16 *pPort, char **pPath);
/*
* FUNCTION: CERT_CheckOCSPStatus
* Checks the status of a certificate via OCSP. Will only check status for
* a certificate that has an AIA (Authority Information Access) extension
* for OCSP *or* when a "default responder" is specified and enabled.
* (If no AIA extension for OCSP and no default responder in place, the
* cert is considered to have a good status and SECSuccess is returned.)
@@ -516,20 +495,20 @@ CERT_ParseURL(const char *url, char **pH
* SEC_ERROR_REVOKED_CERTIFICATE
* SEC_ERROR_UNKNOWN_ISSUER
* SEC_ERROR_UNKNOWN_SIGNER
*
* Other errors are any of the many possible failures in cert verification
* (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
* verifying the signer's cert, or low-level problems (error allocating
* memory, error performing ASN.1 decoding, etc.).
- */
-extern SECStatus
-CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRTime time, void *pwArg);
+ */
+extern SECStatus CERT_CheckOCSPStatus(CERTCertDBHandle *handle,
+ CERTCertificate *cert, PRTime time,
+ void *pwArg);
/*
* FUNCTION: CERT_CacheOCSPResponseFromSideChannel
* First, this function checks the OCSP cache to see if a good response
* for the given certificate already exists. If it does, then the function
* returns successfully.
*
* If not, then it validates that the given OCSP response is a valid,
@@ -549,22 +528,19 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *h
* SECItem *encodedResponse
* the DER encoded bytes of the OCSP response
* void *pwArg
* argument for password prompting, if needed
* RETURN:
* SECSuccess if the cert was found in the cache, or if the OCSP response was
* found to be valid and inserted into the cache. SECFailure otherwise.
*/
-extern SECStatus
-CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
- CERTCertificate *cert,
- PRTime time,
- const SECItem *encodedResponse,
- void *pwArg);
+extern SECStatus CERT_CacheOCSPResponseFromSideChannel(
+ CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time,
+ const SECItem *encodedResponse, void *pwArg);
/*
* FUNCTION: CERT_GetOCSPStatusForCertID
* Returns the OCSP status contained in the passed in parameter response
* that corresponds to the certID passed in.
* INPUTS:
* CERTCertDBHandle *handle
* certificate DB of the cert that is being checked
@@ -575,22 +551,21 @@ CERT_CacheOCSPResponseFromSideChannel(CE
* CERTCertificate *signerCert
* the certificate that was used to sign the OCSP response.
* must be obtained via a call to CERT_VerifyOCSPResponseSignature.
* PRTime time
* The time at which we're checking the status for.
* RETURN:
* Return values are the same as those for CERT_CheckOCSPStatus
*/
-extern SECStatus
-CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
- CERTOCSPResponse *response,
- CERTOCSPCertID *certID,
- CERTCertificate *signerCert,
- PRTime time);
+extern SECStatus CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
+ CERTOCSPResponse *response,
+ CERTOCSPCertID *certID,
+ CERTCertificate *signerCert,
+ PRTime time);
/*
* FUNCTION CERT_GetOCSPResponseStatus
* Returns the response status for the response passed.
* INPUTS:
* CERTOCSPResponse *response
* The response to query for status
* RETURN:
@@ -599,82 +574,67 @@ CERT_GetOCSPStatusForCertID(CERTCertDBHa
* codes via PORT_SetError
* SEC_ERROR_OCSP_MALFORMED_REQUEST
* SEC_ERROR_OCSP_SERVER_ERROR
* SEC_ERROR_OCSP_TRY_SERVER_LATER
* SEC_ERROR_OCSP_REQUEST_NEEDS_SIG
* SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
* SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS
*/
-extern SECStatus
-CERT_GetOCSPResponseStatus(CERTOCSPResponse *response);
+extern SECStatus CERT_GetOCSPResponseStatus(CERTOCSPResponse *response);
/*
* FUNCTION CERT_CreateOCSPCertID
* Returns the OCSP certID for the certificate passed in.
* INPUTS:
* CERTCertificate *cert
* The certificate for which to create the certID for.
* PRTime time
* The time at which the id is requested for. This is used
* to determine the appropriate issuer for the cert since
* the issuing CA may be an older expired certificate.
* RETURN:
* A new copy of a CERTOCSPCertID*. The memory for this certID
- * should be freed by calling CERT_DestroyOCSPCertID when the
+ * should be freed by calling CERT_DestroyOCSPCertID when the
* certID is no longer necessary.
*/
-extern CERTOCSPCertID*
-CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time);
+extern CERTOCSPCertID *CERT_CreateOCSPCertID(CERTCertificate *cert,
+ PRTime time);
/*
* FUNCTION: CERT_DestroyOCSPCertID
* Frees the memory associated with the certID passed in.
* INPUTS:
* CERTOCSPCertID* certID
- * The certID that the caller no longer needs and wants to
+ * The certID that the caller no longer needs and wants to
* free the associated memory.
* RETURN:
* SECSuccess if freeing the memory was successful. Returns
* SECFailure if the memory passed in was not allocated with
* a call to CERT_CreateOCSPCertID.
*/
-extern SECStatus
-CERT_DestroyOCSPCertID(CERTOCSPCertID* certID);
+extern SECStatus CERT_DestroyOCSPCertID(CERTOCSPCertID *certID);
+extern CERTOCSPSingleResponse *CERT_CreateOCSPSingleResponseGood(
+ PLArenaPool *arena, CERTOCSPCertID *id, PRTime thisUpdate,
+ const PRTime *nextUpdate);
-extern CERTOCSPSingleResponse*
-CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena,
- CERTOCSPCertID *id,
- PRTime thisUpdate,
- const PRTime *nextUpdate);
+extern CERTOCSPSingleResponse *CERT_CreateOCSPSingleResponseUnknown(
+ PLArenaPool *arena, CERTOCSPCertID *id, PRTime thisUpdate,
+ const PRTime *nextUpdate);
-extern CERTOCSPSingleResponse*
-CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena,
- CERTOCSPCertID *id,
- PRTime thisUpdate,
- const PRTime *nextUpdate);
+extern CERTOCSPSingleResponse *CERT_CreateOCSPSingleResponseRevoked(
+ PLArenaPool *arena, CERTOCSPCertID *id, PRTime thisUpdate,
+ const PRTime *nextUpdate, PRTime revocationTime,
+ const CERTCRLEntryReasonCode *revocationReason);
-extern CERTOCSPSingleResponse*
-CERT_CreateOCSPSingleResponseRevoked(
- PLArenaPool *arena,
- CERTOCSPCertID *id,
- PRTime thisUpdate,
- const PRTime *nextUpdate,
- PRTime revocationTime,
- const CERTCRLEntryReasonCode* revocationReason);
-
-extern SECItem*
-CERT_CreateEncodedOCSPSuccessResponse(
- PLArenaPool *arena,
- CERTCertificate *responderCert,
- CERTOCSPResponderIDType responderIDType,
- PRTime producedAt,
- CERTOCSPSingleResponse **responses,
- void *wincx);
+extern SECItem *CERT_CreateEncodedOCSPSuccessResponse(
+ PLArenaPool *arena, CERTCertificate *responderCert,
+ CERTOCSPResponderIDType responderIDType, PRTime producedAt,
+ CERTOCSPSingleResponse **responses, void *wincx);
/*
* FUNCTION: CERT_CreateEncodedOCSPErrorResponse
* Creates an encoded OCSP response with an error response status.
* INPUTS:
* PLArenaPool *arena
* The return value is allocated from here.
* If a NULL is passed in, allocation is done from the heap instead.
@@ -698,29 +658,29 @@ CERT_CreateEncodedOCSPSuccessResponse(
* unauthorized (6) --Request unauthorized
* }
* RETURN:
* Returns a pointer to the SECItem holding the response.
* On error, returns null with error set describing the reason:
* SEC_ERROR_INVALID_ARGS
* Other errors are low-level problems (no memory, bad database, etc.).
*/
-extern SECItem*
-CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error);
+extern SECItem *CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena,
+ int error);
/* Sends an OCSP request using the HTTP POST method to the location addressed
* by the URL in |location| parameter. The request body will be
* |encodedRequest|, which must be a valid encoded OCSP request. On success,
* the server's response is returned and the caller must free it using
* SECITEM_FreeItem. On failure, NULL is returned. No parsing or validation of
* the HTTP response is done.
*
* If a default HTTP client has been registered with
* SEC_RegisterDefaultHttpClient then that client is used. Otherwise, an
* internal HTTP client is used.
*/
-SECItem* CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
+SECItem *CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
const SECItem *encodedRequest);
/************************************************************************/
SEC_END_PROTOS
#endif /* _OCSP_H_ */
« no previous file with comments | « lib/certhigh/crlv2.c ('k') | lib/certhigh/ocsp.c » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b