|
@@ -111,6 +111,21 @@ ocsp_put ( struct ocsp_check *ocsp ) {
|
111
|
111
|
ref_put ( &ocsp->refcnt );
|
112
|
112
|
}
|
113
|
113
|
|
|
114
|
+/**
|
|
115
|
+ * Check if X.509 certificate requires an OCSP check
|
|
116
|
+ *
|
|
117
|
+ * @v cert X.509 certificate
|
|
118
|
+ * @ret ocsp_required An OCSP check is required
|
|
119
|
+ */
|
|
120
|
+static inline int ocsp_required ( struct x509_certificate *cert ) {
|
|
121
|
+
|
|
122
|
+ /* An OCSP check is required if an OCSP URI exists but the
|
|
123
|
+ * OCSP status is not (yet) good.
|
|
124
|
+ */
|
|
125
|
+ return ( cert->extensions.auth_info.ocsp.uri.len &&
|
|
126
|
+ ( ! cert->extensions.auth_info.ocsp.good ) );
|
|
127
|
+}
|
|
128
|
+
|
114
|
129
|
extern int ocsp_check ( struct x509_certificate *cert,
|
115
|
130
|
struct x509_certificate *issuer,
|
116
|
131
|
struct ocsp_check **ocsp );
|