Index: lib/certhigh/ocsp.h |
=================================================================== |
--- a/lib/certhigh/ocsp.h |
+++ b/lib/certhigh/ocsp.h |
@@ -4,114 +4,105 @@ |
/* |
* Interface to the OCSP implementation. |
*/ |
#ifndef _OCSP_H_ |
#define _OCSP_H_ |
- |
#include "plarena.h" |
#include "seccomon.h" |
#include "secoidt.h" |
#include "keyt.h" |
#include "certt.h" |
#include "ocspt.h" |
- |
/************************************************************************/ |
SEC_BEGIN_PROTOS |
/* |
* This function registers the HttpClient with whose functions the |
* HttpClientFcn structure has been populated as the default Http |
* client. |
* |
* The function table must be a global object. |
* The caller must ensure that NSS will be able to call |
* the registered functions for the lifetime of the process. |
*/ |
-extern SECStatus |
-SEC_RegisterDefaultHttpClient(const SEC_HttpClientFcn *fcnTable); |
+extern SECStatus SEC_RegisterDefaultHttpClient( |
+ const SEC_HttpClientFcn *fcnTable); |
/* |
* This function obtains the HttpClient which has been registered |
* by an earlier call to SEC_RegisterDefaultHttpClient. |
*/ |
-extern const SEC_HttpClientFcn * |
-SEC_GetRegisteredHttpClient(void); |
+extern const SEC_HttpClientFcn *SEC_GetRegisteredHttpClient(void); |
/* |
* Sets parameters that control NSS' internal OCSP cache. |
* maxCacheEntries, special varlues are: |
* -1 disable cache |
* 0 unlimited cache entries |
* minimumSecondsToNextFetchAttempt: |
* whenever an OCSP request was attempted or completed over the network, |
* wait at least this number of seconds before trying to fetch again. |
* maximumSecondsToNextFetchAttempt: |
* this is the maximum age of a cached response we allow, until we try |
* to fetch an updated response, even if the OCSP responder expects |
* that newer information update will not be available yet. |
*/ |
-extern SECStatus |
-CERT_OCSPCacheSettings(PRInt32 maxCacheEntries, |
- PRUint32 minimumSecondsToNextFetchAttempt, |
- PRUint32 maximumSecondsToNextFetchAttempt); |
+extern SECStatus CERT_OCSPCacheSettings( |
+ PRInt32 maxCacheEntries, PRUint32 minimumSecondsToNextFetchAttempt, |
+ PRUint32 maximumSecondsToNextFetchAttempt); |
/* |
* Set the desired behaviour on OCSP failures. |
* See definition of ocspFailureMode for allowed choices. |
*/ |
-extern SECStatus |
-CERT_SetOCSPFailureMode(SEC_OcspFailureMode ocspFailureMode); |
+extern SECStatus CERT_SetOCSPFailureMode(SEC_OcspFailureMode ocspFailureMode); |
/* |
* Configure the maximum time NSS will wait for an OCSP response. |
*/ |
-extern SECStatus |
-CERT_SetOCSPTimeout(PRUint32 seconds); |
+extern SECStatus CERT_SetOCSPTimeout(PRUint32 seconds); |
/* |
* Removes all items currently stored in the OCSP cache. |
*/ |
-extern SECStatus |
-CERT_ClearOCSPCache(void); |
+extern SECStatus CERT_ClearOCSPCache(void); |
/* |
* FUNCTION: CERT_EnableOCSPChecking |
* Turns on OCSP checking for the given certificate database. |
* INPUTS: |
* CERTCertDBHandle *handle |
* Certificate database for which OCSP checking will be enabled. |
* RETURN: |
* Returns SECFailure if an error occurred (likely only problem |
* allocating memory); SECSuccess otherwise. |
*/ |
-extern SECStatus |
-CERT_EnableOCSPChecking(CERTCertDBHandle *handle); |
+extern SECStatus CERT_EnableOCSPChecking(CERTCertDBHandle *handle); |
/* |
* FUNCTION: CERT_DisableOCSPChecking |
* Turns off OCSP checking for the given certificate database. |
* This routine disables OCSP checking. Though it will return |
* SECFailure if OCSP checking is not enabled, it is "safe" to |
* call it that way and just ignore the return value, if it is |
* easier to just call it than to "remember" whether it is enabled. |
* INPUTS: |
* CERTCertDBHandle *handle |
* Certificate database for which OCSP checking will be disabled. |
* RETURN: |
* Returns SECFailure if an error occurred (usually means that OCSP |
* checking was not enabled or status contexts were not initialized -- |
* error set will be SEC_ERROR_OCSP_NOT_ENABLED); SECSuccess otherwise. |
*/ |
-extern SECStatus |
-CERT_DisableOCSPChecking(CERTCertDBHandle *handle); |
+extern SECStatus CERT_DisableOCSPChecking(CERTCertDBHandle *handle); |
/* |
* FUNCTION: CERT_SetOCSPDefaultResponder |
* Specify the location and cert of the default responder. |
* If OCSP checking is already enabled *and* use of a default responder |
* is also already enabled, all OCSP checking from now on will go directly |
* to the specified responder. If OCSP checking is not enabled, or if |
* it is but use of a default responder is not enabled, the information |
@@ -127,19 +118,19 @@ CERT_DisableOCSPChecking(CERTCertDBHandl |
* The nickname of the cert to trust (expected) to sign the OCSP responses. |
* If the corresponding cert cannot be found, SECFailure is returned. |
* RETURN: |
* Returns SECFailure if an error occurred; SECSuccess otherwise. |
* The most likely error is that the cert for "name" could not be found |
* (probably SEC_ERROR_UNKNOWN_CERT). Other errors are low-level (no memory, |
* bad database, etc.). |
*/ |
-extern SECStatus |
-CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle, |
- const char *url, const char *name); |
+extern SECStatus CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle, |
+ const char *url, |
+ const char *name); |
/* |
* FUNCTION: CERT_EnableOCSPDefaultResponder |
* Turns on use of a default responder when OCSP checking. |
* If OCSP checking is already enabled, this will make subsequent checks |
* go directly to the default responder. (The location of the responder |
* and the nickname of the responder cert must already be specified.) |
* If OCSP checking is not enabled, this will be recorded and take effect |
@@ -148,87 +139,85 @@ CERT_SetOCSPDefaultResponder(CERTCertDBH |
* CERTCertDBHandle *handle |
* Cert database on which OCSP checking should use the default responder. |
* RETURN: |
* Returns SECFailure if an error occurred; SECSuccess otherwise. |
* No errors are especially likely unless the caller did not previously |
* perform a successful call to SetOCSPDefaultResponder (in which case |
* the error set will be SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER). |
*/ |
-extern SECStatus |
-CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle); |
+extern SECStatus CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle); |
/* |
* FUNCTION: CERT_DisableOCSPDefaultResponder |
* Turns off use of a default responder when OCSP checking. |
* (Does nothing if use of a default responder is not enabled.) |
* INPUTS: |
* CERTCertDBHandle *handle |
* Cert database on which OCSP checking should stop using a default |
* responder. |
* RETURN: |
* Returns SECFailure if an error occurred; SECSuccess otherwise. |
* Errors very unlikely (like random memory corruption...). |
*/ |
-extern SECStatus |
-CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle); |
+extern SECStatus CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle); |
/* If forcePost is set, OCSP requests will only be sent using the HTTP POST |
* method. When forcePost is not set, OCSP requests will be sent using the |
* HTTP GET method, with a fallback to POST when we fail to receive a response |
- * and/or when we receive an uncacheable response like "Unknown." |
+ * and/or when we receive an uncacheable response like "Unknown." |
* |
* The default is to use GET and fallback to POST. |
*/ |
extern SECStatus CERT_ForcePostMethodForOCSP(PRBool forcePost); |
/* |
* ------------------------------------------------------- |
* The Functions above are those expected to be used by a client |
* providing OCSP status checking along with every cert verification. |
* The functions below are for OCSP testing, debugging, or clients |
* or servers performing more specialized OCSP tasks. |
* ------------------------------------------------------- |
*/ |
/* |
* FUNCTION: CERT_CreateOCSPRequest |
- * Creates a CERTOCSPRequest, requesting the status of the certs in |
+ * Creates a CERTOCSPRequest, requesting the status of the certs in |
* the given list. |
* INPUTS: |
* CERTCertList *certList |
* A list of certs for which status will be requested. |
* Note that all of these certificates should have the same issuer, |
* or it's expected the response will be signed by a trusted responder. |
* If the certs need to be broken up into multiple requests, that |
* must be handled by the caller (and thus by having multiple calls |
* to this routine), who knows about where the request(s) are being |
* sent and whether there are any trusted responders in place. |
* PRTime time |
- * Indicates the time for which the certificate status is to be |
+ * Indicates the time for which the certificate status is to be |
* determined -- this may be used in the search for the cert's issuer |
* but has no effect on the request itself. |
* PRBool addServiceLocator |
* If true, the Service Locator extension should be added to the |
* single request(s) for each cert. |
* CERTCertificate *signerCert |
* If non-NULL, means sign the request using this cert. Otherwise, |
* do not sign. |
* XXX note that request signing is not yet supported; see comment in code |
* RETURN: |
* A pointer to a CERTOCSPRequest structure containing an OCSP request |
* for the cert list. On error, null is returned, with an error set |
* indicating the reason. This is likely SEC_ERROR_UNKNOWN_ISSUER. |
* (The issuer is needed to create a request for the certificate.) |
* Other errors are low-level problems (no memory, bad database, etc.). |
*/ |
-extern CERTOCSPRequest * |
-CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time, |
- PRBool addServiceLocator, |
- CERTCertificate *signerCert); |
+extern CERTOCSPRequest *CERT_CreateOCSPRequest(CERTCertList *certList, |
+ PRTime time, |
+ PRBool addServiceLocator, |
+ CERTCertificate *signerCert); |
/* |
* FUNCTION: CERT_AddOCSPAcceptableResponses |
* Add the AcceptableResponses extension to an OCSP Request. |
* INPUTS: |
* CERTOCSPRequest *request |
* The request to which the extension should be added. |
* SECOidTag responseType0, ... |
@@ -236,95 +225,89 @@ CERT_CreateOCSPRequest(CERTCertList *cer |
* to be added. The last OID *must* be SEC_OID_PKIX_OCSP_BASIC_RESPONSE. |
* (This marks the end of the list, and it must be specified because a |
* client conforming to the OCSP standard is required to handle the basic |
* response type.) The OIDs are not checked in any way. |
* RETURN: |
* SECSuccess if the extension is added; SECFailure if anything goes wrong. |
* All errors are internal or low-level problems (e.g. no memory). |
*/ |
-extern SECStatus |
-CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request, |
- SECOidTag responseType0, ...); |
+extern SECStatus CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request, |
+ SECOidTag responseType0, ...); |
-/* |
+/* |
* FUNCTION: CERT_EncodeOCSPRequest |
* DER encodes an OCSP Request, possibly adding a signature as well. |
* XXX Signing is not yet supported, however; see comments in code. |
- * INPUTS: |
+ * INPUTS: |
* PLArenaPool *arena |
* The return value is allocated from here. |
* If a NULL is passed in, allocation is done from the heap instead. |
* CERTOCSPRequest *request |
* The request to be encoded. |
* void *pwArg |
* Pointer to argument for password prompting, if needed. (Definitely |
* not needed if not signing.) |
* RETURN: |
* Returns a NULL on error and a pointer to the SECItem with the |
* encoded value otherwise. Any error is likely to be low-level |
* (e.g. no memory). |
*/ |
-extern SECItem * |
-CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request, |
- void *pwArg); |
+extern SECItem *CERT_EncodeOCSPRequest(PLArenaPool *arena, |
+ CERTOCSPRequest *request, void *pwArg); |
/* |
* FUNCTION: CERT_DecodeOCSPRequest |
* Decode a DER encoded OCSP Request. |
* INPUTS: |
* SECItem *src |
* Pointer to a SECItem holding DER encoded OCSP Request. |
* RETURN: |
* Returns a pointer to a CERTOCSPRequest containing the decoded request. |
* On error, returns NULL. Most likely error is trouble decoding |
* (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory). |
*/ |
-extern CERTOCSPRequest * |
-CERT_DecodeOCSPRequest(const SECItem *src); |
+extern CERTOCSPRequest *CERT_DecodeOCSPRequest(const SECItem *src); |
/* |
* FUNCTION: CERT_DestroyOCSPRequest |
* Frees an OCSP Request structure. |
* INPUTS: |
* CERTOCSPRequest *request |
* Pointer to CERTOCSPRequest to be freed. |
* RETURN: |
* No return value; no errors. |
*/ |
-extern void |
-CERT_DestroyOCSPRequest(CERTOCSPRequest *request); |
+extern void CERT_DestroyOCSPRequest(CERTOCSPRequest *request); |
/* |
* FUNCTION: CERT_DecodeOCSPResponse |
* Decode a DER encoded OCSP Response. |
* INPUTS: |
* SECItem *src |
* Pointer to a SECItem holding DER encoded OCSP Response. |
* RETURN: |
* Returns a pointer to a CERTOCSPResponse (the decoded OCSP Response); |
* the caller is responsible for destroying it. Or NULL if error (either |
* response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE), |
* it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE), |
* or a low-level or internal error occurred). |
*/ |
-extern CERTOCSPResponse * |
-CERT_DecodeOCSPResponse(const SECItem *src); |
+extern CERTOCSPResponse *CERT_DecodeOCSPResponse(const SECItem *src); |
/* |
* FUNCTION: CERT_DestroyOCSPResponse |
* Frees an OCSP Response structure. |
* INPUTS: |
* CERTOCSPResponse *request |
* Pointer to CERTOCSPResponse to be freed. |
* RETURN: |
* No return value; no errors. |
*/ |
-extern void |
-CERT_DestroyOCSPResponse(CERTOCSPResponse *response); |
+extern void CERT_DestroyOCSPResponse(CERTOCSPResponse *response); |
/* |
* FUNCTION: CERT_GetEncodedOCSPResponse |
* Creates and sends a request to an OCSP responder, then reads and |
* returns the (encoded) response. |
* INPUTS: |
* PLArenaPool *arena |
* Pointer to arena from which return value will be allocated. |
@@ -336,17 +319,17 @@ CERT_DestroyOCSPResponse(CERTOCSPRespons |
* or it's expected the response will be signed by a trusted responder. |
* If the certs need to be broken up into multiple requests, that |
* must be handled by the caller (and thus by having multiple calls |
* to this routine), who knows about where the request(s) are being |
* sent and whether there are any trusted responders in place. |
* const char *location |
* The location of the OCSP responder (a URL). |
* PRTime time |
- * Indicates the time for which the certificate status is to be |
+ * Indicates the time for which the certificate status is to be |
* determined -- this may be used in the search for the cert's issuer |
* but has no other bearing on the operation. |
* PRBool addServiceLocator |
* If true, the Service Locator extension should be added to the |
* single request(s) for each cert. |
* CERTCertificate *signerCert |
* If non-NULL, means sign the request using this cert. Otherwise, |
* do not sign. |
@@ -362,22 +345,20 @@ CERT_DestroyOCSPResponse(CERTOCSPRespons |
* RETURN: |
* Returns a pointer to the SECItem holding the response. |
* On error, returns null with error set describing the reason: |
* SEC_ERROR_UNKNOWN_ISSUER |
* SEC_ERROR_CERT_BAD_ACCESS_LOCATION |
* SEC_ERROR_OCSP_BAD_HTTP_RESPONSE |
* Other errors are low-level problems (no memory, bad database, etc.). |
*/ |
-extern SECItem * |
-CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList, |
- const char *location, PRTime time, |
- PRBool addServiceLocator, |
- CERTCertificate *signerCert, void *pwArg, |
- CERTOCSPRequest **pRequest); |
+extern SECItem *CERT_GetEncodedOCSPResponse( |
+ PLArenaPool *arena, CERTCertList *certList, const char *location, |
+ PRTime time, PRBool addServiceLocator, CERTCertificate *signerCert, |
+ void *pwArg, CERTOCSPRequest **pRequest); |
/* |
* FUNCTION: CERT_VerifyOCSPResponseSignature |
* Check the signature on an OCSP Response. Will also perform a |
* verification of the signer's certificate. Note, however, that a |
* successful verification does not make any statement about the |
* signer's *authority* to provide status for the certificate(s), |
* that must be checked individually for each certificate. |
@@ -400,59 +381,57 @@ CERT_GetEncodedOCSPResponse(PLArenaPool |
* SEC_ERROR_OCSP_MALFORMED_RESPONSE - unknown type of ResponderID |
* SEC_ERROR_INVALID_TIME - bad format of "ProducedAt" time |
* SEC_ERROR_UNKNOWN_SIGNER - signer's cert could not be found |
* SEC_ERROR_BAD_SIGNATURE - the signature did not verify |
* Other errors are any of the many possible failures in cert verification |
* (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when |
* verifying the signer's cert, or low-level problems (no memory, etc.) |
*/ |
-extern SECStatus |
-CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response, |
- CERTCertDBHandle *handle, void *pwArg, |
- CERTCertificate **pSignerCert, |
- CERTCertificate *issuerCert); |
+extern SECStatus CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response, |
+ CERTCertDBHandle *handle, |
+ void *pwArg, |
+ CERTCertificate **pSignerCert, |
+ CERTCertificate *issuerCert); |
/* |
* FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation |
* Get the value of the URI of the OCSP responder for the given cert. |
* This is found in the (optional) Authority Information Access extension |
* in the cert. |
* INPUTS: |
* CERTCertificate *cert |
* The certificate being examined. |
* RETURN: |
* char * |
* A copy of the URI for the OCSP method, if found. If either the |
* extension is not present or it does not contain an entry for OCSP, |
* SEC_ERROR_EXTENSION_NOT_FOUND will be set and a NULL returned. |
* Any other error will also result in a NULL being returned. |
- * |
+ * |
* This result should be freed (via PORT_Free) when no longer in use. |
*/ |
-extern char * |
-CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert); |
+extern char *CERT_GetOCSPAuthorityInfoAccessLocation( |
+ const CERTCertificate *cert); |
/* |
* FUNCTION: CERT_RegisterAlternateOCSPAIAInfoCallBack |
- * This function serves two purposes. |
- * 1) It registers the address of a callback function that will be |
- * called for certs that have no OCSP AIA extension, to see if the |
+ * This function serves two purposes. |
+ * 1) It registers the address of a callback function that will be |
+ * called for certs that have no OCSP AIA extension, to see if the |
* callback wishes to supply an alternative URL for such an OCSP inquiry. |
- * 2) It outputs the previously registered function's address to the |
+ * 2) It outputs the previously registered function's address to the |
* address supplied by the caller, unless that is NULL. |
- * The registered callback function returns NULL, or an allocated string |
+ * The registered callback function returns NULL, or an allocated string |
* that may be subsequently freed by calling PORT_Free(). |
* RETURN: |
* SECSuccess or SECFailure (if the library is not yet intialized) |
*/ |
-extern SECStatus |
-CERT_RegisterAlternateOCSPAIAInfoCallBack( |
- CERT_StringFromCertFcn newCallback, |
- CERT_StringFromCertFcn * oldCallback); |
+extern SECStatus CERT_RegisterAlternateOCSPAIAInfoCallBack( |
+ CERT_StringFromCertFcn newCallback, CERT_StringFromCertFcn *oldCallback); |
/* |
* FUNCTION: CERT_ParseURL |
* Parse a URI into hostname, port, and path. The scheme in the URI must |
* be "http". |
* INPUTS: |
* const char *url |
* The URI to be parsed |
@@ -464,18 +443,18 @@ CERT_RegisterAlternateOCSPAIAInfoCallBac |
* Pointer to store the port number obtained from the URI. |
* char **pPath |
* Pointer to store the path obtained from the URI. |
* This result should be freed (via PORT_Free) when no longer in use. |
* RETURN: |
* Returns SECSuccess when parsing was successful. Returns SECFailure when |
* problems were encountered. |
*/ |
-extern SECStatus |
-CERT_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath); |
+extern SECStatus CERT_ParseURL(const char *url, char **pHostname, |
+ PRUint16 *pPort, char **pPath); |
/* |
* FUNCTION: CERT_CheckOCSPStatus |
* Checks the status of a certificate via OCSP. Will only check status for |
* a certificate that has an AIA (Authority Information Access) extension |
* for OCSP *or* when a "default responder" is specified and enabled. |
* (If no AIA extension for OCSP and no default responder in place, the |
* cert is considered to have a good status and SECSuccess is returned.) |
@@ -516,20 +495,20 @@ CERT_ParseURL(const char *url, char **pH |
* SEC_ERROR_REVOKED_CERTIFICATE |
* SEC_ERROR_UNKNOWN_ISSUER |
* SEC_ERROR_UNKNOWN_SIGNER |
* |
* Other errors are any of the many possible failures in cert verification |
* (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when |
* verifying the signer's cert, or low-level problems (error allocating |
* memory, error performing ASN.1 decoding, etc.). |
- */ |
-extern SECStatus |
-CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert, |
- PRTime time, void *pwArg); |
+ */ |
+extern SECStatus CERT_CheckOCSPStatus(CERTCertDBHandle *handle, |
+ CERTCertificate *cert, PRTime time, |
+ void *pwArg); |
/* |
* FUNCTION: CERT_CacheOCSPResponseFromSideChannel |
* First, this function checks the OCSP cache to see if a good response |
* for the given certificate already exists. If it does, then the function |
* returns successfully. |
* |
* If not, then it validates that the given OCSP response is a valid, |
@@ -549,22 +528,19 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *h |
* SECItem *encodedResponse |
* the DER encoded bytes of the OCSP response |
* void *pwArg |
* argument for password prompting, if needed |
* RETURN: |
* SECSuccess if the cert was found in the cache, or if the OCSP response was |
* found to be valid and inserted into the cache. SECFailure otherwise. |
*/ |
-extern SECStatus |
-CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle, |
- CERTCertificate *cert, |
- PRTime time, |
- const SECItem *encodedResponse, |
- void *pwArg); |
+extern SECStatus CERT_CacheOCSPResponseFromSideChannel( |
+ CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time, |
+ const SECItem *encodedResponse, void *pwArg); |
/* |
* FUNCTION: CERT_GetOCSPStatusForCertID |
* Returns the OCSP status contained in the passed in parameter response |
* that corresponds to the certID passed in. |
* INPUTS: |
* CERTCertDBHandle *handle |
* certificate DB of the cert that is being checked |
@@ -575,22 +551,21 @@ CERT_CacheOCSPResponseFromSideChannel(CE |
* CERTCertificate *signerCert |
* the certificate that was used to sign the OCSP response. |
* must be obtained via a call to CERT_VerifyOCSPResponseSignature. |
* PRTime time |
* The time at which we're checking the status for. |
* RETURN: |
* Return values are the same as those for CERT_CheckOCSPStatus |
*/ |
-extern SECStatus |
-CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle, |
- CERTOCSPResponse *response, |
- CERTOCSPCertID *certID, |
- CERTCertificate *signerCert, |
- PRTime time); |
+extern SECStatus CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle, |
+ CERTOCSPResponse *response, |
+ CERTOCSPCertID *certID, |
+ CERTCertificate *signerCert, |
+ PRTime time); |
/* |
* FUNCTION CERT_GetOCSPResponseStatus |
* Returns the response status for the response passed. |
* INPUTS: |
* CERTOCSPResponse *response |
* The response to query for status |
* RETURN: |
@@ -599,82 +574,67 @@ CERT_GetOCSPStatusForCertID(CERTCertDBHa |
* codes via PORT_SetError |
* SEC_ERROR_OCSP_MALFORMED_REQUEST |
* SEC_ERROR_OCSP_SERVER_ERROR |
* SEC_ERROR_OCSP_TRY_SERVER_LATER |
* SEC_ERROR_OCSP_REQUEST_NEEDS_SIG |
* SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST |
* SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS |
*/ |
-extern SECStatus |
-CERT_GetOCSPResponseStatus(CERTOCSPResponse *response); |
+extern SECStatus CERT_GetOCSPResponseStatus(CERTOCSPResponse *response); |
/* |
* FUNCTION CERT_CreateOCSPCertID |
* Returns the OCSP certID for the certificate passed in. |
* INPUTS: |
* CERTCertificate *cert |
* The certificate for which to create the certID for. |
* PRTime time |
* The time at which the id is requested for. This is used |
* to determine the appropriate issuer for the cert since |
* the issuing CA may be an older expired certificate. |
* RETURN: |
* A new copy of a CERTOCSPCertID*. The memory for this certID |
- * should be freed by calling CERT_DestroyOCSPCertID when the |
+ * should be freed by calling CERT_DestroyOCSPCertID when the |
* certID is no longer necessary. |
*/ |
-extern CERTOCSPCertID* |
-CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time); |
+extern CERTOCSPCertID *CERT_CreateOCSPCertID(CERTCertificate *cert, |
+ PRTime time); |
/* |
* FUNCTION: CERT_DestroyOCSPCertID |
* Frees the memory associated with the certID passed in. |
* INPUTS: |
* CERTOCSPCertID* certID |
- * The certID that the caller no longer needs and wants to |
+ * The certID that the caller no longer needs and wants to |
* free the associated memory. |
* RETURN: |
* SECSuccess if freeing the memory was successful. Returns |
* SECFailure if the memory passed in was not allocated with |
* a call to CERT_CreateOCSPCertID. |
*/ |
-extern SECStatus |
-CERT_DestroyOCSPCertID(CERTOCSPCertID* certID); |
+extern SECStatus CERT_DestroyOCSPCertID(CERTOCSPCertID *certID); |
+extern CERTOCSPSingleResponse *CERT_CreateOCSPSingleResponseGood( |
+ PLArenaPool *arena, CERTOCSPCertID *id, PRTime thisUpdate, |
+ const PRTime *nextUpdate); |
-extern CERTOCSPSingleResponse* |
-CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena, |
- CERTOCSPCertID *id, |
- PRTime thisUpdate, |
- const PRTime *nextUpdate); |
+extern CERTOCSPSingleResponse *CERT_CreateOCSPSingleResponseUnknown( |
+ PLArenaPool *arena, CERTOCSPCertID *id, PRTime thisUpdate, |
+ const PRTime *nextUpdate); |
-extern CERTOCSPSingleResponse* |
-CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena, |
- CERTOCSPCertID *id, |
- PRTime thisUpdate, |
- const PRTime *nextUpdate); |
+extern CERTOCSPSingleResponse *CERT_CreateOCSPSingleResponseRevoked( |
+ PLArenaPool *arena, CERTOCSPCertID *id, PRTime thisUpdate, |
+ const PRTime *nextUpdate, PRTime revocationTime, |
+ const CERTCRLEntryReasonCode *revocationReason); |
-extern CERTOCSPSingleResponse* |
-CERT_CreateOCSPSingleResponseRevoked( |
- PLArenaPool *arena, |
- CERTOCSPCertID *id, |
- PRTime thisUpdate, |
- const PRTime *nextUpdate, |
- PRTime revocationTime, |
- const CERTCRLEntryReasonCode* revocationReason); |
- |
-extern SECItem* |
-CERT_CreateEncodedOCSPSuccessResponse( |
- PLArenaPool *arena, |
- CERTCertificate *responderCert, |
- CERTOCSPResponderIDType responderIDType, |
- PRTime producedAt, |
- CERTOCSPSingleResponse **responses, |
- void *wincx); |
+extern SECItem *CERT_CreateEncodedOCSPSuccessResponse( |
+ PLArenaPool *arena, CERTCertificate *responderCert, |
+ CERTOCSPResponderIDType responderIDType, PRTime producedAt, |
+ CERTOCSPSingleResponse **responses, void *wincx); |
/* |
* FUNCTION: CERT_CreateEncodedOCSPErrorResponse |
* Creates an encoded OCSP response with an error response status. |
* INPUTS: |
* PLArenaPool *arena |
* The return value is allocated from here. |
* If a NULL is passed in, allocation is done from the heap instead. |
@@ -698,29 +658,29 @@ CERT_CreateEncodedOCSPSuccessResponse( |
* unauthorized (6) --Request unauthorized |
* } |
* RETURN: |
* Returns a pointer to the SECItem holding the response. |
* On error, returns null with error set describing the reason: |
* SEC_ERROR_INVALID_ARGS |
* Other errors are low-level problems (no memory, bad database, etc.). |
*/ |
-extern SECItem* |
-CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error); |
+extern SECItem *CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, |
+ int error); |
/* Sends an OCSP request using the HTTP POST method to the location addressed |
* by the URL in |location| parameter. The request body will be |
* |encodedRequest|, which must be a valid encoded OCSP request. On success, |
* the server's response is returned and the caller must free it using |
* SECITEM_FreeItem. On failure, NULL is returned. No parsing or validation of |
* the HTTP response is done. |
* |
* If a default HTTP client has been registered with |
* SEC_RegisterDefaultHttpClient then that client is used. Otherwise, an |
* internal HTTP client is used. |
*/ |
-SECItem* CERT_PostOCSPRequest(PLArenaPool *arena, const char *location, |
+SECItem *CERT_PostOCSPRequest(PLArenaPool *arena, const char *location, |
const SECItem *encodedRequest); |
/************************************************************************/ |
SEC_END_PROTOS |
#endif /* _OCSP_H_ */ |