(ksba_ocsp_get_responder_id, ksba_ocsp_get_cert): New.
authorWerner Koch <wk@gnupg.org>
Tue, 16 Mar 2004 09:33:35 +0000 (09:33 +0000)
committerWerner Koch <wk@gnupg.org>
Tue, 16 Mar 2004 09:33:35 +0000 (09:33 +0000)
src/ChangeLog
src/Makefile.am
src/ksba.h
src/libksba.vers [new file with mode: 0644]
src/ocsp.c
src/util.c

index 1b03261..9a4225c 100644 (file)
@@ -1,3 +1,18 @@
+2004-03-16  Werner Koch  <wk@gnupg.org>
+
+       * ocsp.c (ksba_ocsp_get_responder_id, ksba_ocsp_get_cert): New.
+
+2004-03-15  Werner Koch  <wk@gnupg.org>
+
+       * Makefile.am: Support for version scripts.
+       * libksba.vers: New.
+
+       * ocsp.c (parse_response): Fixed parsing of optional certificates.
+
+2004-03-09  Werner Koch  <wk@gnupg.org>
+
+       * ksba.h (ksba_set_hash_buffer_function): Add missing prototype.
+
 2004-02-20  Werner Koch  <wk@gnupg.org>
 
        * cert.c (ksba_cert_get_ext_key_usages): New.
index 56f2a52..1298133 100644 (file)
@@ -1,5 +1,5 @@
 # Makefile.am - for the KSBA ASN.1 and X.509 library
-#       Copyright (C) 2001, 2002 g10 Code GmbH
+#       Copyright (C) 2001, 2002, 2004 g10 Code GmbH
 #      
 # This file is part of KSBA.
 # 
@@ -33,9 +33,19 @@ m4data_DATA = ksba.m4
 
 AM_CFLAGS = @GPG_ERROR_CFLAGS@
 
-libksba_la_LDFLAGS = -version-info \
+
+if HAVE_LD_VERSION_SCRIPT
+  libksba_version_script_cmd = -Wl,--version-script=$(srcdir)/libksba.vers
+else
+  libksba_version_script_cmd = 
+endif
+
+
+
+libksba_la_LDFLAGS = $(libksba_version_script_cmd) -version-info \
       @LIBKSBA_LT_CURRENT@:@LIBKSBA_LT_REVISION@:@LIBKSBA_LT_AGE@
 libksba_la_INCLUDES = -I$(top_srcdir)/lib 
+libksba_la_DEPENDENCIES = $(srcdir)/libksba.vers
 
 libksba_la_SOURCES = \
        ksba.h \
index 73289bf..ebfacbb 100644 (file)
@@ -409,6 +409,10 @@ gpg_error_t ksba_ocsp_hash_response (ksba_ocsp_t ocsp,
                                      void *hasher_arg);
 ksba_sexp_t ksba_ocsp_get_sig_val (ksba_ocsp_t ocsp,
                                    ksba_isotime_t produced_at);
+gpg_error_t ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
+                                        ksba_name_t *name,
+                                        unsigned char *sha1keyhash);
+ksba_cert_t ksba_ocsp_get_cert (ksba_ocsp_t ocsp, int idx);
 gpg_error_t ksba_ocsp_get_status (ksba_ocsp_t ocsp, ksba_cert_t cert,
                                   ksba_status_t *r_status,
                                   ksba_isotime_t r_this_update,
@@ -506,6 +510,13 @@ char       *ksba_name_get_uri (ksba_name_t name, int idx);
 void ksba_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
                              void *(*new_realloc_func)(void *p, size_t n),
                              void (*new_free_func)(void*) );
+void ksba_set_hash_buffer_function ( gpg_error_t (*fnc)
+                                     (void *arg, const char *oid,
+                                      const void *buffer, size_t length,
+                                      size_t resultsize,
+                                      unsigned char *result,
+                                      size_t *resultlen),
+                                     void *fnc_arg);
 void *ksba_malloc (size_t n );
 void *ksba_calloc (size_t n, size_t m );
 void *ksba_realloc (void *p, size_t n);
diff --git a/src/libksba.vers b/src/libksba.vers
new file mode 100644 (file)
index 0000000..10f5f55
--- /dev/null
@@ -0,0 +1,98 @@
+# libksba.vers  - What symbols to export
+# Copyright (C) 2004 g10 Code GmbH
+#
+# This file is part of KSBA.
+#
+# KSBA is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# KSBA is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+
+KSBA_0.9 {
+  global:
+    ksba_check_version; ksba_set_hash_buffer_function; 
+
+    ksba_set_malloc_hooks; 
+    ksba_free; ksba_malloc; ksba_calloc; ksba_realloc; ksba_strdup; 
+
+    ksba_asn_create_tree; ksba_asn_delete_structure; ksba_asn_parse_file;
+    ksba_asn_tree_dump; ksba_asn_tree_release; 
+
+    ksba_cert_get_auth_key_id; ksba_cert_get_cert_policies;
+    ksba_cert_get_crl_dist_point; ksba_cert_get_digest_algo;
+    ksba_cert_get_ext_key_usages; ksba_cert_get_extension;
+    ksba_cert_get_image; ksba_cert_get_issuer; ksba_cert_get_key_usage; 
+    ksba_cert_get_public_key; ksba_cert_get_serial; ksba_cert_get_sig_val;
+    ksba_cert_get_subject; ksba_cert_get_validity; ksba_cert_hash;
+    ksba_cert_init_from_mem; ksba_cert_is_ca; ksba_cert_new;
+    ksba_cert_read_der; ksba_cert_ref; ksba_cert_release;
+
+    ksba_certreq_add_subject; ksba_certreq_build; ksba_certreq_new;
+    ksba_certreq_release; ksba_certreq_set_hash_function; 
+    ksba_certreq_set_public_key; ksba_certreq_set_sig_val;
+    ksba_certreq_set_writer; 
+
+    ksba_cms_add_cert; ksba_cms_add_digest_algo; ksba_cms_add_recipient; 
+    ksba_cms_add_signer; ksba_cms_build; ksba_cms_get_cert;
+    ksba_cms_get_content_enc_iv; ksba_cms_get_content_oid;
+    ksba_cms_get_content_type; ksba_cms_get_digest_algo;
+    ksba_cms_get_digest_algo_list; ksba_cms_get_enc_val;
+    ksba_cms_get_issuer_serial; ksba_cms_get_message_digest; 
+    ksba_cms_get_sig_val; ksba_cms_get_sigattr_oids;
+    ksba_cms_get_signing_time; ksba_cms_hash_signed_attrs;
+    ksba_cms_identify; ksba_cms_new; ksba_cms_parse; ksba_cms_release;
+    ksba_cms_set_content_enc_algo; ksba_cms_set_content_type;
+    ksba_cms_set_enc_val; ksba_cms_set_hash_function;
+    ksba_cms_set_message_digest; ksba_cms_set_reader_writer;
+    ksba_cms_set_sig_val; ksba_cms_set_signing_time;
+
+    ksba_crl_get_digest_algo; ksba_crl_get_issuer; ksba_crl_get_item;
+    ksba_crl_get_sig_val; ksba_crl_get_update_times; ksba_crl_new;
+    ksba_crl_parse; ksba_crl_release; ksba_crl_set_hash_function;
+    ksba_crl_set_reader;
+
+    ksba_name_enum; ksba_name_get_uri; ksba_name_new; ksba_name_ref;
+    ksba_name_release;
+
+    ksba_ocsp_add_cert; ksba_ocsp_add_target; ksba_ocsp_build_request;
+    ksba_ocsp_get_cert; ksba_ocsp_get_digest_algo;
+    ksba_ocsp_get_responder_id; ksba_ocsp_get_sig_val;
+    ksba_ocsp_get_status; ksba_ocsp_hash_request; ksba_ocsp_hash_response;
+    ksba_ocsp_new; ksba_ocsp_parse_response; ksba_ocsp_prepare_request;
+    ksba_ocsp_release; ksba_ocsp_set_digest_algo; ksba_ocsp_set_nonce;
+    ksba_ocsp_set_requestor; ksba_ocsp_set_sig_val;
+
+    ksba_oid_from_str; ksba_oid_to_str;
+
+    ksba_reader_clear; ksba_reader_error; ksba_reader_new;
+    ksba_reader_read; ksba_reader_release; ksba_reader_set_cb;
+    ksba_reader_set_fd; ksba_reader_set_file; ksba_reader_set_mem;
+    ksba_reader_tell; ksba_reader_unread;
+    ksba_writer_error; ksba_writer_get_mem; ksba_writer_new;
+    ksba_writer_release; ksba_writer_set_cb; ksba_writer_set_fd;
+    ksba_writer_set_file; ksba_writer_set_filter; ksba_writer_set_mem;
+    ksba_writer_snatch_mem; ksba_writer_tell; ksba_writer_write;
+    ksba_writer_write_octet_string;
+
+  local:
+    *;
+};
+
+
+# We need to export a couple of symbols for our regression tests.
+KSBA_PRIVATE_TESTS {
+   global:
+     _ksba_keyinfo_from_sexp;  _ksba_keyinfo_to_sexp;
+     _ksba_dn_from_str;
+
+} KSBA_0.9;
index f538247..576c140 100644 (file)
@@ -1,5 +1,5 @@
 /* ocsp.c - OCSP (rfc2560)
- *      Copyright (C) 2003 g10 Code GmbH
+ *      Copyright (C) 2003, 2004 g10 Code GmbH
  *
  * This file is part of KSBA.
  *
@@ -1229,7 +1229,8 @@ parse_response (ksba_ocsp_t ocsp, const unsigned char *msg, size_t msglen)
         err = ksba_cert_new (&cert);
         if (err)
           return err;
-        err = ksba_cert_init_from_mem (cert, msg, ti.length);
+        err = ksba_cert_init_from_mem (cert, msg - ti.nhdr,
+                                       ti.nhdr + ti.length);
         if (err)
           {
             ksba_cert_release (cert);
@@ -1300,7 +1301,7 @@ ksba_ocsp_parse_response (ksba_ocsp_t ocsp,
   if (*response_status == KSBA_OCSP_RSPSTATUS_SUCCESS
       && ocsp->noncelen)
     {
-      /* FIXME: Check that tehre is a rceived nonce and thit it matches. */
+      /* FIXME: Check that there is a received nonce and that it it matches. */
 
     }
 
@@ -1371,6 +1372,48 @@ ksba_ocsp_get_sig_val (ksba_ocsp_t ocsp, ksba_isotime_t produced_at)
 }
 
 
+/* Return the responder ID for the current response into NAME or into
+   the provided 20 byte buffer SHA1KEYHASH.  On sucess NAME either
+   contains the responder ID as a standard name or if NAME is NULL,
+   SHA1KEYHASH contains the hash of the public key.  SHA1KEYHASH may
+   be given as NULL if support for a KEYHASH is not intended.  Caller
+   must release NAME. */
+gpg_error_t
+ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
+                            ksba_name_t *name, unsigned char *sha1keyhash)
+{
+  if (!ocsp)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+
+  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+}
+
+
+/* Get optional certificates out of a response.  The caller may use
+ * this in a loop to get all certificates.  The returned certificate
+ * is a shallow copy of the original one; the caller must still use
+ * ksba_cert_release() to free it. Returns: A certificate object or
+ * NULL for end of list or error. */
+ksba_cert_t
+ksba_ocsp_get_cert (ksba_ocsp_t ocsp, int idx)
+{
+  struct ocsp_certlist_s *cl;
+
+  if (!ocsp || idx < 0)
+    return NULL;
+
+  for (cl=ocsp->received_certs; cl && idx; cl = cl->next, idx--)
+    ;
+  if (!cl)
+    return NULL;
+  ksba_cert_ref (cl->cert);
+  return cl->cert;
+}
+
+
+
+
 /* Return the status of the certificate CERT for the last response
    done on the context OCSP.  CERT must be the same certificate as
    used for the request; only a shallow compare is done (i.e. the
index f8a2df1..7d9b23b 100644 (file)
@@ -64,7 +64,7 @@ ksba_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
    Where ARG is the same pointer as set along with the fucntion, OID
    is an OID string telling the hash algorithm to be used - SHA-1
    shall be used if OID is NULL.  The text to hash is expected in
-   BUFFER of LENGTH and the result will be palce in the provided
+   BUFFER of LENGTH and the result will be placed into the provided
    buffer RESULT which has been allocated by the caller with at LEAST
    RESULTSIZE bytes; the actual length of the result is put into
    RESULTLEN.