[crypto] Add framework for OCSP

Add support for constructing OCSP queries and parsing OCSP responses. (There is no support yet for actually issuing an OCSP query via an HTTP POST.) Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2012-05-14 18:22:38 +0100
committer: Michael Brown <mcb30@ipxe.org> 2012-05-15 13:24:23 +0100
commit: 39ac285a8abced92b03842a8ce48957550d454ad (patch)
tree: a74d4c2232a99806b91ebbefd4f840b958c9e94b /src/include/ipxe/x509.h
parent: deac4ea1baa62ab554b57179e481c1b255716bb1 (diff)
download: ipxe-39ac285a8abced92b03842a8ce48957550d454ad.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 6dc31b45e..a5626c8a8 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -126,6 +126,8 @@ enum x509_extended_key_usage_bits {
 struct x509_ocsp_responder {
 	/** URI */
 	char *uri;
+	/** OCSP status is good */
+	int good;
 };
 
 /** X.509 certificate authority information access */
@@ -322,6 +324,9 @@ struct x509_root {
 
 extern int x509_certificate ( const void *data, size_t len,
 			      struct x509_certificate **cert );
+extern int x509_validate ( struct x509_certificate *cert,
+			   struct x509_certificate *issuer,
+			   time_t time, struct x509_root *root );
 
 extern struct x509_chain * x509_alloc_chain ( void );
 extern int x509_append ( struct x509_chain *chain,
author	Michael Brown <mcb30@ipxe.org>	2012-05-14 18:22:38 +0100
committer	Michael Brown <mcb30@ipxe.org>	2012-05-15 13:24:23 +0100
commit	39ac285a8abced92b03842a8ce48957550d454ad (patch)
tree	a74d4c2232a99806b91ebbefd4f840b958c9e94b /src/include/ipxe/x509.h
parent	deac4ea1baa62ab554b57179e481c1b255716bb1 (diff)
download	ipxe-39ac285a8abced92b03842a8ce48957550d454ad.tar.gz