Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
50d51991
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
50d51991
编写于
1月 26, 2001
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
New OCSP response verify option OCSP_TRUSTOTHER
上级
9020b862
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
22 addition
and
7 deletion
+22
-7
CHANGES
CHANGES
+5
-0
crypto/ocsp/ocsp.h
crypto/ocsp/ocsp.h
+1
-0
crypto/ocsp/ocsp_vfy.c
crypto/ocsp/ocsp_vfy.c
+16
-7
未找到文件。
CHANGES
浏览文件 @
50d51991
...
@@ -3,6 +3,11 @@
...
@@ -3,6 +3,11 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
passed by the function are trusted implicitly. If any of them signed the
reponse then it is assumed to be valid and is not verified.
[Steve Henson]
*) Zero the premaster secret after deriving the master secret in
*) Zero the premaster secret after deriving the master secret in
DH ciphersuites.
DH ciphersuites.
[Steve Henson]
[Steve Henson]
...
...
crypto/ocsp/ocsp.h
浏览文件 @
50d51991
...
@@ -85,6 +85,7 @@ extern "C" {
...
@@ -85,6 +85,7 @@ extern "C" {
#define OCSP_NOCASIGN 0x40
#define OCSP_NOCASIGN 0x40
#define OCSP_NODELEGATED 0x80
#define OCSP_NODELEGATED 0x80
#define OCSP_NOCHECKS 0x100
#define OCSP_NOCHECKS 0x100
#define OCSP_TRUSTOTHER 0x200
/* CertID ::= SEQUENCE {
/* CertID ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* hashAlgorithm AlgorithmIdentifier,
...
...
crypto/ocsp/ocsp_vfy.c
浏览文件 @
50d51991
...
@@ -59,7 +59,7 @@
...
@@ -59,7 +59,7 @@
#include <openssl/ocsp.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
#include <openssl/err.h>
static
X509
*
ocsp_find_signer
(
OCSP_BASICRESP
*
bs
,
STACK_OF
(
X509
)
*
certs
,
static
int
ocsp_find_signer
(
X509
**
psigner
,
OCSP_BASICRESP
*
bs
,
STACK_OF
(
X509
)
*
certs
,
X509_STORE
*
st
,
unsigned
long
flags
);
X509_STORE
*
st
,
unsigned
long
flags
);
static
X509
*
ocsp_find_signer_sk
(
STACK_OF
(
X509
)
*
certs
,
OCSP_RESPID
*
id
);
static
X509
*
ocsp_find_signer_sk
(
STACK_OF
(
X509
)
*
certs
,
OCSP_RESPID
*
id
);
static
int
ocsp_check_issuer
(
OCSP_BASICRESP
*
bs
,
STACK_OF
(
X509
)
*
chain
,
unsigned
long
flags
);
static
int
ocsp_check_issuer
(
OCSP_BASICRESP
*
bs
,
STACK_OF
(
X509
)
*
chain
,
unsigned
long
flags
);
...
@@ -76,12 +76,14 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
...
@@ -76,12 +76,14 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
STACK_OF
(
X509
)
*
chain
=
NULL
;
STACK_OF
(
X509
)
*
chain
=
NULL
;
X509_STORE_CTX
ctx
;
X509_STORE_CTX
ctx
;
int
i
,
ret
=
0
;
int
i
,
ret
=
0
;
signer
=
ocsp_find_signer
(
bs
,
certs
,
st
,
flags
);
ret
=
ocsp_find_signer
(
&
signer
,
bs
,
certs
,
st
,
flags
);
if
(
!
signer
)
if
(
!
ret
)
{
{
OCSPerr
(
OCSP_F_OCSP_BASIC_VERIFY
,
OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND
);
OCSPerr
(
OCSP_F_OCSP_BASIC_VERIFY
,
OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND
);
goto
end
;
goto
end
;
}
}
if
((
ret
==
2
)
&&
(
flags
&
OCSP_TRUSTOTHER
))
flags
|=
OCSP_NOVERIFY
;
if
(
!
(
flags
&
OCSP_NOSIGS
))
if
(
!
(
flags
&
OCSP_NOSIGS
))
{
{
EVP_PKEY
*
skey
;
EVP_PKEY
*
skey
;
...
@@ -148,19 +150,26 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
...
@@ -148,19 +150,26 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
}
}
static
X509
*
ocsp_find_signer
(
OCSP_BASICRESP
*
bs
,
STACK_OF
(
X509
)
*
certs
,
static
int
ocsp_find_signer
(
X509
**
psigner
,
OCSP_BASICRESP
*
bs
,
STACK_OF
(
X509
)
*
certs
,
X509_STORE
*
st
,
unsigned
long
flags
)
X509_STORE
*
st
,
unsigned
long
flags
)
{
{
X509
*
signer
;
X509
*
signer
;
OCSP_RESPID
*
rid
=
bs
->
tbsResponseData
->
responderId
;
OCSP_RESPID
*
rid
=
bs
->
tbsResponseData
->
responderId
;
if
((
signer
=
ocsp_find_signer_sk
(
certs
,
rid
)))
if
((
signer
=
ocsp_find_signer_sk
(
certs
,
rid
)))
return
signer
;
{
*
psigner
=
signer
;
return
2
;
}
if
(
!
(
flags
&
OCSP_NOINTERN
)
&&
if
(
!
(
flags
&
OCSP_NOINTERN
)
&&
(
signer
=
ocsp_find_signer_sk
(
bs
->
certs
,
rid
)))
(
signer
=
ocsp_find_signer_sk
(
bs
->
certs
,
rid
)))
return
signer
;
{
*
psigner
=
signer
;
return
1
;
}
/* Maybe lookup from store if by subject name */
/* Maybe lookup from store if by subject name */
return
NULL
;
*
psigner
=
NULL
;
return
0
;
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录