New function X509V3_extensions_print() this removes extension duplication

from the print routines.

Reorganisation of OCSP code: initial print routines in ocsp_prn.c. Doesn't
work fully because OCSP extensions aren't reimplemented yet.

Implement some ASN1 functions needed to compile OCSP code.

CHANGES

@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Move common extension printing code to new function
+     X509V3_print_extensions(). Reorganise OCSP print routines and
+     implement some needed OCSP ASN1 functions.
+     [Steve Henson]
+
   *) New function X509_signature_print() to remove duplication in some
      print routines.
      [Steve Henson]

crypto/asn1/t_crl.c

@@ -64,7 +64,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static void ext_print(BIO *out, X509_EXTENSION *ex);
 #ifndef NO_FP_API
 int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
         {
@@ -89,7 +88,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 	STACK_OF(X509_REVOKED) *rev;
 	X509_REVOKED *r;
 	long l;
-	int i, j, n;
+	int i, n;
 
 	BIO_printf(out, "Certificate Revocation List (CRL):\n");
 	l = X509_CRL_get_version(x);
@@ -108,11 +107,8 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 	BIO_printf(out,"\n");
 
 	n=X509_CRL_get_ext_count(x);
-	if (n > 0) {
-		BIO_printf(out,"%8sCRL extensions:\n","");
-		for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
-	}
-
+	X509V3_extensions_print(out, "CRL extensions",
+						x->crl->extensions, 0, 8);
 
 	rev = X509_CRL_get_REVOKED(x);
 
@@ -127,27 +123,11 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 		BIO_printf(out,"\n        Revocation Date: ","");
 		ASN1_TIME_print(out,r->revocationDate);
 		BIO_printf(out,"\n");
-		for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
-				ext_print(out, X509_REVOKED_get_ext(r, j));
+		X509V3_extensions_print(out, "CRL entry extensions",
+						r->extensions, 0, 8);
 	}
 	X509_signature_print(out, x->sig_alg, x->signature);
 
 	return 1;
 
 }
-
-static void ext_print(BIO *out, X509_EXTENSION *ex)
-{
-	ASN1_OBJECT *obj;
-	int j;
-	BIO_printf(out,"%12s","");
-	obj=X509_EXTENSION_get_object(ex);
-	i2a_ASN1_OBJECT(out,obj);
-	j=X509_EXTENSION_get_critical(ex);
-	BIO_printf(out, ": %s\n", j ? "critical":"","");
-	if(!X509V3_EXT_print(out, ex, 0, 16)) {
-		BIO_printf(out, "%16s", "");
-		M_ASN1_OCTET_STRING_print(out,ex->value);
-	}
-	BIO_write(out,"\n",1);
-}

crypto/asn1/t_x509.c

@@ -101,14 +101,13 @@ int X509_print(BIO *bp, X509 *x)
 int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	{
 	long l;
-	int ret=0,i,j,n;
+	int ret=0,i;
 	char *m=NULL,mlch = ' ';
 	int nmindent = 0;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
 	const char *neg;
-	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;
 
 	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
@@ -228,31 +227,9 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 		EVP_PKEY_free(pkey);
 		}
 
-	if (cflag & X509_FLAG_NO_EXTENSIONS)
-		n = 0;
-	else
-		n=X509_get_ext_count(x);
-	if (n > 0)
-		{
-		BIO_printf(bp,"%8sX509v3 extensions:\n","");
-		for (i=0; i<n; i++)
-			{
-			ASN1_OBJECT *obj;
-			ex=X509_get_ext(x,i);
-			if (BIO_printf(bp,"%12s","") <= 0) goto err;
-			obj=X509_EXTENSION_get_object(ex);
-			i2a_ASN1_OBJECT(bp,obj);
-			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-				goto err;
-			if(!X509V3_EXT_print(bp, ex, cflag, 16))
-				{
-				BIO_printf(bp, "%16s", "");
-				M_ASN1_OCTET_STRING_print(bp,ex->value);
-				}
-			if (BIO_write(bp,"\n",1) <= 0) goto err;
-			}
-		}
+	if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+		X509V3_extensions_print(bp, "X509v3 extensions",
+					ci->extensions, cflag, 8);
 
 	if(!(cflag & X509_FLAG_NO_SIGDUMP))
 		{

crypto/ocsp/Makefile.ssl

@@ -22,11 +22,11 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= ocsp_asn.c ocsp_req.c ocsp_res.c ocsp_sig.c ocsp_cid.c ocsp_ext.c \
-	ocsp_lib.c ocsp_err.c 
+LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_res.c ocsp_sig.c ocsp_cid.c \
+	ocsp_lib.c ocsp_prn.c ocsp_err.c 
 #ocsp_v3.c
-LIBOBJ= ocsp_asn.o ocsp_req.o ocsp_res.o ocsp_sig.o ocsp_cid.o ocsp_ext.o \
-	ocsp_lib.o ocsp_err.o 
+LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_res.o ocsp_sig.o ocsp_cid.o \
+	ocsp_lib.o ocsp_prn.o ocsp_err.o 
 #ocsp_v3.o
 
 SRC= $(LIBSRC)

crypto/ocsp/ocsp.h

@@ -510,7 +510,7 @@ void OCSP_REQUEST_free(OCSP_REQUEST *a);
 int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **pp);
 OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, unsigned char **pp, long length);
 int i2a_OCSP_REQUEST(BIO *bp, OCSP_REQUEST* a);
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a);
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
 
 OCSP_SIGNATURE *OCSP_SIGNATURE_new(void);
 void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a);

crypto/ocsp/ocsp_asn.c

@@ -65,6 +65,8 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = {
 	ASN1_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509)
 } ASN1_SEQUENCE_END(OCSP_SIGNATURE);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+
 ASN1_SEQUENCE(OCSP_CERTID) = {
 	ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
 	ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
@@ -72,11 +74,15 @@ ASN1_SEQUENCE(OCSP_CERTID) = {
 	ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(OCSP_CERTID);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
+
 ASN1_SEQUENCE(OCSP_ONEREQ) = {
 	ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
 	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END(OCSP_ONEREQ);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
+
 ASN1_SEQUENCE(OCSP_REQINFO) = {
 	ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
 	ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
@@ -84,11 +90,14 @@ ASN1_SEQUENCE(OCSP_REQINFO) = {
 	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
 } ASN1_SEQUENCE_END(OCSP_REQINFO);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
+
 ASN1_SEQUENCE(OCSP_REQUEST) = {
 	ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
 	ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
 } ASN1_SEQUENCE_END(OCSP_REQUEST);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
 
 /* OCSP_RESPONSE templates */
 
@@ -97,11 +106,15 @@ ASN1_SEQUENCE(OCSP_RESPBYTES) = {
 	    ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(OCSP_RESPBYTES);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+
 ASN1_SEQUENCE(OCSP_RESPONSE) = {
 	ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
 	ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
 } ASN1_SEQUENCE_END(OCSP_RESPONSE);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
+
 ASN1_CHOICE(OCSP_RESPID) = {
 	   ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
 	   ASN1_IMP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
@@ -112,12 +125,16 @@ ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
   	ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
 } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+
 ASN1_CHOICE(OCSP_CERTSTATUS) = {
 	ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
 	ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
 	ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
 } ASN1_CHOICE_END(OCSP_CERTSTATUS);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+
 ASN1_SEQUENCE(OCSP_SINGLERESP) = {
 	   ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
 	   ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
@@ -126,6 +143,8 @@ ASN1_SEQUENCE(OCSP_SINGLERESP) = {
 	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
 } ASN1_SEQUENCE_END(OCSP_SINGLERESP);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+
 ASN1_SEQUENCE(OCSP_RESPDATA) = {
 	   ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
 	   ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
@@ -134,6 +153,8 @@ ASN1_SEQUENCE(OCSP_RESPDATA) = {
 	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
 } ASN1_SEQUENCE_END(OCSP_RESPDATA);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
+
 ASN1_SEQUENCE(OCSP_BASICRESP) = {
 	   ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
 	   ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
@@ -141,3 +162,19 @@ ASN1_SEQUENCE(OCSP_BASICRESP) = {
 	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_BASICRESP);
 
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
+
+ASN1_SEQUENCE(OCSP_CRLID) = {
+	   ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+	   ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+	   ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+} ASN1_SEQUENCE_END(OCSP_CRLID);
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
+
+ASN1_SEQUENCE(OCSP_SERVICELOC) = {
+	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+	ASN1_SEQUENCE_OF(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+} ASN1_SEQUENCE_END(OCSP_SERVICELOC);
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)

crypto/ocsp/ocsp_lib.c

@@ -460,85 +460,6 @@ GENERAL_NAME *n;
 	return 1;
 	}
 
-
-int OCSP_REQUEST_print(bp, o)
-BIO *bp; 
-OCSP_REQUEST* o;
-        {
-	int i,j,n;
-	long l;
-	char *s;
-	OCSP_CERTID* cid = NULL;
-	OCSP_ONEREQ *one = NULL;
-	OCSP_REQINFO *inf = o->tbsRequest;
-	OCSP_SIGNATURE *sig = o->optionalSignature;
-
-	if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
-	l=ASN1_INTEGER_get(inf->version);
-	if (BIO_printf(bp,"%4sVersion: %lu (0x%lx)","",l+1,l) <= 0) goto err;
-	if (inf->requestorName != NULL)
-	        {
-		if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
-		        goto err;
-		i2a_GENERAL_NAME(bp, inf->requestorName);
-		}
-	if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
-	for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
-	        {
-		if (! sk_OCSP_ONEREQ_value(inf->requestList, i)) continue;
-		one = sk_OCSP_ONEREQ_value(inf->requestList, i);
-		cid = one->reqCert;
-		j=OBJ_obj2nid(cid->hashAlgorithm->algorithm);
-		if (BIO_printf(bp,"%8sHash Algorithm: %s","",
-			       (j == NID_undef)?"UNKNOWN":OBJ_nid2ln(j)) <= 0)
-		        goto err;
-		if (BIO_write(bp,"\n        Issuer Name Hash: ",27) <= 0)
-		        goto err;
-		i2a_ASN1_STRING(bp, cid->issuerNameHash, V_ASN1_OCTET_STRING);
-		if (BIO_write(bp,"\n        Issuer Key Hash: ",26) <= 0) 
-		        goto err;
-		i2a_ASN1_STRING(bp, cid->issuerKeyHash, V_ASN1_OCTET_STRING);
-		if (BIO_write(bp,"\n        Serial Number: ",24) <= 0) 
-		        goto err;
-		if (!i2a_ASN1_INTEGER(bp, cid->serialNumber)) 
-		        goto err;
-		if (!BIO_write(bp,"\n",1)) goto err;
-		if (!OCSP_extensions_print(bp, one->singleRequestExtensions,
-					   "Request Single Extensions"))
-		        goto err;
-		}
-	if (!OCSP_extensions_print(bp, inf->requestExtensions, 
-				   "Request Extensions"))
-	        goto err;
-	if (sig)
-	        {
-	        i=OBJ_obj2nid(sig->signatureAlgorithm->algorithm);
-	        if (BIO_printf(bp,"OCSP Request Signature Algorithm: %s",
-			       (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
-		        goto err;
-		n=sig->signature->length;
-	        s=(char *)sig->signature->data;
-		for (i=0; i<n; i++)
-			{
-			if ((i%18) == 0)
-			if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-			if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-				((i+1) == n)?"":":") <= 0) goto err;
-			}
-		if (BIO_write(bp,"\n",1) != 1) goto err;
-		if (sig->certs)
-		        {
-			for (i=0; i<sk_X509_num(sig->certs); i++)
-			        if (sk_X509_value(sig->certs,i) != NULL)
-				        X509_print(bp,
-					    sk_X509_value(sig->certs,i));
-			}
-		}
-	return 1;
-err:
-	return 0;
-	}
-
 int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o)
         {
 	int i, j, n;

crypto/ocsp/ocsp_prn.c

+/* ocsp_cid.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+
+int OCSP_CERTID_print(BIO *bp, OCSP_CERTID* a, int indent)
+        {
+	BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+	indent += 2;
+	BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+	i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+	BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+	i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+	BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+	i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+	BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+	i2a_ASN1_INTEGER(bp, a->serialNumber);
+	BIO_printf(bp, "\n");
+	return 1;
+	}
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
+        {
+	int i;
+	long l;
+	OCSP_CERTID* cid = NULL;
+	OCSP_ONEREQ *one = NULL;
+	OCSP_REQINFO *inf = o->tbsRequest;
+	OCSP_SIGNATURE *sig = o->optionalSignature;
+
+	if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
+	l=ASN1_INTEGER_get(inf->version);
+	if (BIO_printf(bp,"%4sVersion: %lu (0x%lx)","",l+1,l) <= 0) goto err;
+	if (inf->requestorName != NULL)
+	        {
+		if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
+		        goto err;
+		GENERAL_NAME_print(bp, inf->requestorName);
+		}
+	if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
+	for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
+	        {
+		if (!sk_OCSP_ONEREQ_value(inf->requestList, i)) continue;
+		one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+		cid = one->reqCert;
+		OCSP_CERTID_print(bp, cid, 8);
+		if (!X509V3_extensions_print(bp,
+					"OCSP Request Single Extensions",
+					one->singleRequestExtensions, flags, 4))
+							goto err;
+		}
+	if (!X509V3_extensions_print(bp, "OCSP Request Extensions",
+			inf->requestExtensions, flags, 4))
+							goto err;
+	if (sig)
+	        {
+		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+		}
+	return 1;
+err:
+	return 0;
+	}

crypto/x509v3/v3_alt.c

@@ -149,6 +149,60 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
 	return ret;
 }
 
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+	char oline[256];
+	unsigned char *p;
+	switch (gen->type)
+	{
+		case GEN_OTHERNAME:
+		BIO_printf(out, "othername:<unsupported>");
+		break;
+
+		case GEN_X400:
+		BIO_printf(out, "X400Name:<unsupported>");
+		break;
+
+		case GEN_EDIPARTY:
+		/* Maybe fix this: it is supported now */
+		BIO_printf(out, "EdiPartyName:<unsupported>");
+		break;
+
+		case GEN_EMAIL:
+		BIO_printf(out, "email:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_DNS:
+		BIO_printf(out, "DNS:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_URI:
+		BIO_printf(out, "URI:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_DIRNAME:
+		X509_NAME_oneline(gen->d.dirn, oline, 256);
+		BIO_printf(out, "DirName:%s",oline);
+		break;
+
+		case GEN_IPADD:
+		p = gen->d.ip->data;
+		/* BUG: doesn't support IPV6 */
+		if(gen->d.ip->length != 4) {
+			BIO_printf(out,"IP Address:<invalid>");
+			break;
+		}
+		BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+		break;
+
+		case GEN_RID:
+		BIO_printf(out, "Registered ID");
+		i2a_ASN1_OBJECT(out, gen->d.rid);
+		break;
+	}
+	return 1;
+}
+
 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
 				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {

crypto/x509v3/v3_prn.c

@@ -147,6 +147,39 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 		return ok;
 }
 
+int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
+{
+	int i, j;
+
+	if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
+
+	if(title) 
+		{
+		BIO_printf(bp,"%*s%s:\n",indent, "", title);
+		indent += 4;
+		}
+
+	for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
+		{
+		ASN1_OBJECT *obj;
+		X509_EXTENSION *ex;
+		ex=sk_X509_EXTENSION_value(exts, i);
+		if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
+		obj=X509_EXTENSION_get_object(ex);
+		i2a_ASN1_OBJECT(bp,obj);
+		j=X509_EXTENSION_get_critical(ex);
+		if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
+			return 0;
+		if(!X509V3_EXT_print(bp, ex, flag, 12))
+			{
+			BIO_printf(bp, "%*s", indent + 4, "");
+			M_ASN1_OCTET_STRING_print(bp,ex->value);
+			}
+		if (BIO_write(bp,"\n",1) <= 0) return 0;
+		}
+	return 1;
+}
+
 static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
 {
 	switch(flag & X509V3_EXT_UNKNOWN_MASK) {

crypto/x509v3/x509v3.h

@@ -410,6 +410,7 @@ DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
 DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
 
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
 
 DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
 
@@ -497,6 +498,8 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 
+int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
+
 int X509_check_purpose(X509 *x, int id, int ca);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_PURPOSE_get_count(void);