6
* Online Certificate Status Protocol
10
FILE_LICENCE ( GPL2_OR_LATER );
14
#include <ipxe/asn1.h>
15
#include <ipxe/x509.h>
16
#include <ipxe/refcnt.h>
18
/** OCSP algorithm identifier */
19
#define OCSP_ALGORITHM_IDENTIFIER( ... ) \
20
ASN1_OID, VA_ARG_COUNT ( __VA_ARGS__ ), __VA_ARGS__, \
23
/* OCSP response statuses */
24
#define OCSP_STATUS_SUCCESSFUL 0x00
25
#define OCSP_STATUS_MALFORMED_REQUEST 0x01
26
#define OCSP_STATUS_INTERNAL_ERROR 0x02
27
#define OCSP_STATUS_TRY_LATER 0x03
28
#define OCSP_STATUS_SIG_REQUIRED 0x05
29
#define OCSP_STATUS_UNAUTHORIZED 0x06
31
/** An OCSP request */
33
/** Request builder */
34
struct asn1_builder builder;
36
struct asn1_cursor cert_id;
39
/** An OCSP response */
40
struct ocsp_response {
43
/** Raw tbsResponseData */
44
struct asn1_cursor tbs;
45
/** Time at which status is known to be correct */
47
/** Time at which newer status information will be available */
49
/** Signature algorithm */
50
struct asn1_algorithm *algorithm;
51
/** Signature value */
52
struct asn1_bit_string signature;
53
/** Signing certificate */
54
struct x509_certificate *signer;
59
/** Reference count */
61
/** Certificate being checked */
62
struct x509_certificate *cert;
63
/** Issuing certificate */
64
struct x509_certificate *issuer;
68
struct ocsp_request request;
70
struct ocsp_response response;
74
* Get reference to OCSP check
77
* @ret ocsp OCSP check
79
static inline __attribute__ (( always_inline )) struct ocsp_check *
80
ocsp_get ( struct ocsp_check *ocsp ) {
81
ref_get ( &ocsp->refcnt );
86
* Drop reference to OCSP check
90
static inline __attribute__ (( always_inline )) void
91
ocsp_put ( struct ocsp_check *ocsp ) {
92
ref_put ( &ocsp->refcnt );
95
extern int ocsp_check ( struct x509_certificate *cert,
96
struct x509_certificate *issuer,
97
struct ocsp_check **ocsp );
98
extern int ocsp_response ( struct ocsp_check *ocsp, const void *data,
100
extern int ocsp_validate ( struct ocsp_check *check, time_t time );
102
#endif /* _IPXE_OCSP_H */