ocsp.h

This a good VPN source

/* Support of the Online Certificate Status Protocol (OCSP) Support
 * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
 * Zuercher Hochschule Winterthur
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 */

/* constants */

#define OCSP_BASIC_RESPONSE_VERSION	1
#define OCSP_DEFAULT_VALID_TIME		120  /* validity of one-time response in seconds */
#define OCSP_WARNING_INTERVAL		2    /* days */

/* certificate status */

typedef enum {
    CERT_GOOD = 	0,
    CERT_REVOKED = 	1,
    CERT_UNKNOWN = 	2,
    CERT_UNDEFINED =	3
} cert_status_t;

/* OCSP response status */

typedef enum {
    STATUS_SUCCESSFUL = 	0,
    STATUS_MALFORMEDREQUEST = 	1,
    STATUS_INTERNALERROR = 	2,
    STATUS_TRYLATER = 		3,
    STATUS_SIGREQUIRED = 	5,
    STATUS_UNAUTHORIZED= 	6
} response_status;

/* OCSP access structures */

typedef struct ocsp_certinfo ocsp_certinfo_t;

struct ocsp_certinfo {
    ocsp_certinfo_t  *next;
    int              trials;
    chunk_t          serialNumber;
    cert_status_t    status;
    bool             once;
    time_t           thisUpdate;
    time_t           nextUpdate;
};

typedef struct ocsp_location ocsp_location_t;

struct ocsp_location {
    ocsp_location_t  *next;
    chunk_t          issuer;
    chunk_t          authNameID;
    chunk_t          authKeyID;
    chunk_t	     authKeySerialNumber;
    chunk_t          uri;
    chunk_t          nonce;
    ocsp_certinfo_t  *certinfo;
};

extern ocsp_location_t* get_ocsp_location(const ocsp_location_t *loc
    , ocsp_location_t *chain);
extern ocsp_location_t* add_ocsp_location(const ocsp_location_t *loc
    , ocsp_location_t **chain);
extern void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chain
    , bool request);
extern void check_ocsp(void);
extern bool verify_by_ocsp(/*const*/ x509cert_t *cert, bool strict, time_t *until);
extern bool ocsp_set_request_cert(char* path);
extern void ocsp_set_default_uri(char* uri);
extern void ocsp_cache_add_cert(const x509cert_t* cert);
extern chunk_t build_ocsp_request(ocsp_location_t* location);
extern void parse_ocsp(ocsp_location_t* location, chunk_t blob);
extern void list_ocsp_locations(ocsp_location_t *location, bool requests, bool utc
    , bool strict);
extern void list_ocsp_cache(bool utc, bool strict);
extern void free_ocsp_locations(ocsp_location_t **chain);
extern void free_ocsp_cache(void);
extern void free_ocsp(void);
extern void ocsp_purge_cache(void);