1 /* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */ 2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL 3 * project. 4 */ 5 6 /* 7 * History: 8 * This file was transfered to Richard Levitte from CertCo by Kathy 9 * Weinhold in mid-spring 2000 to be included in OpenSSL or released 10 * as a patch kit. 11 */ 12 13 /* ==================================================================== 14 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions 18 * are met: 19 * 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 23 * 2. Redistributions in binary form must reproduce the above copyright 24 * notice, this list of conditions and the following disclaimer in 25 * the documentation and/or other materials provided with the 26 * distribution. 27 * 28 * 3. All advertising materials mentioning features or use of this 29 * software must display the following acknowledgment: 30 * "This product includes software developed by the OpenSSL Project 31 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 32 * 33 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 34 * endorse or promote products derived from this software without 35 * prior written permission. For written permission, please contact 36 * openssl-core@openssl.org. 37 * 38 * 5. Products derived from this software may not be called "OpenSSL" 39 * nor may "OpenSSL" appear in their names without prior written 40 * permission of the OpenSSL Project. 41 * 42 * 6. Redistributions of any form whatsoever must retain the following 43 * acknowledgment: 44 * "This product includes software developed by the OpenSSL Project 45 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 46 * 47 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 48 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 50 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 51 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 52 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 53 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 54 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 56 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 57 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 58 * OF THE POSSIBILITY OF SUCH DAMAGE. 59 * ==================================================================== 60 * 61 * This product includes cryptographic software written by Eric Young 62 * (eay@cryptsoft.com). This product includes software written by Tim 63 * Hudson (tjh@cryptsoft.com). 64 * 65 */ 66 module libressl_d.openssl.ocsp; 67 68 69 private static import core.stdc.config; 70 private static import libressl_d.openssl.asn1; 71 private static import libressl_d.openssl.bio; 72 private static import libressl_d.openssl.pem; 73 private static import libressl_d.openssl.stack; 74 public import libressl_d.openssl.ossl_typ; 75 public import libressl_d.openssl.safestack; 76 public import libressl_d.openssl.x509; 77 public import libressl_d.openssl.x509v3; 78 79 extern (C): 80 nothrow @nogc: 81 82 /* Various flags and values */ 83 84 enum OCSP_DEFAULT_NONCE_LENGTH = 16; 85 86 enum OCSP_NOCERTS = 0x01; 87 enum OCSP_NOINTERN = 0x02; 88 enum OCSP_NOSIGS = 0x04; 89 enum OCSP_NOCHAIN = 0x08; 90 enum OCSP_NOVERIFY = 0x10; 91 enum OCSP_NOEXPLICIT = 0x20; 92 enum OCSP_NOCASIGN = 0x40; 93 enum OCSP_NODELEGATED = 0x80; 94 enum OCSP_NOCHECKS = 0x0100; 95 enum OCSP_TRUSTOTHER = 0x0200; 96 enum OCSP_RESPID_KEY = 0x0400; 97 enum OCSP_NOTIME = 0x0800; 98 99 /* 100 * CertID ::= SEQUENCE { 101 * hashAlgorithm AlgorithmIdentifier, 102 * issuerNameHash OCTET STRING, -- Hash of Issuer's DN 103 * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) 104 * serialNumber CertificateSerialNumber } 105 */ 106 struct ocsp_cert_id_st 107 { 108 libressl_d.openssl.ossl_typ.X509_ALGOR* hashAlgorithm; 109 libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING* issuerNameHash; 110 libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING* issuerKeyHash; 111 libressl_d.openssl.ossl_typ.ASN1_INTEGER* serialNumber; 112 } 113 114 alias OCSP_CERTID = .ocsp_cert_id_st; 115 116 //DECLARE_STACK_OF(OCSP_CERTID) 117 struct stack_st_OCSP_CERTID 118 { 119 libressl_d.openssl.stack._STACK stack; 120 } 121 122 /* 123 * Request ::= SEQUENCE { 124 * reqCert CertID, 125 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 126 */ 127 struct ocsp_one_request_st 128 { 129 .OCSP_CERTID* reqCert; 130 libressl_d.openssl.x509.stack_st_X509_EXTENSION* singleRequestExtensions; 131 } 132 133 alias OCSP_ONEREQ = .ocsp_one_request_st; 134 135 //DECLARE_STACK_OF(OCSP_ONEREQ) 136 struct stack_st_OCSP_ONEREQ 137 { 138 libressl_d.openssl.stack._STACK stack; 139 } 140 141 /* 142 * TBSRequest ::= SEQUENCE { 143 * version [0] EXPLICIT Version DEFAULT v1, 144 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 145 * requestList SEQUENCE OF Request, 146 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 147 */ 148 struct ocsp_req_info_st 149 { 150 libressl_d.openssl.ossl_typ.ASN1_INTEGER* version_; 151 libressl_d.openssl.x509v3.GENERAL_NAME* requestorName; 152 .stack_st_OCSP_ONEREQ* requestList; 153 libressl_d.openssl.x509.stack_st_X509_EXTENSION* requestExtensions; 154 } 155 156 alias OCSP_REQINFO = .ocsp_req_info_st; 157 158 /* 159 * Signature ::= SEQUENCE { 160 * signatureAlgorithm AlgorithmIdentifier, 161 * signature BIT STRING, 162 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 163 */ 164 struct ocsp_signature_st 165 { 166 libressl_d.openssl.ossl_typ.X509_ALGOR* signatureAlgorithm; 167 libressl_d.openssl.ossl_typ.ASN1_BIT_STRING* signature; 168 libressl_d.openssl.x509.stack_st_X509* certs; 169 } 170 171 alias OCSP_SIGNATURE = .ocsp_signature_st; 172 173 /* 174 * OCSPRequest ::= SEQUENCE { 175 * tbsRequest TBSRequest, 176 * optionalSignature [0] EXPLICIT Signature OPTIONAL } 177 */ 178 struct ocsp_request_st 179 { 180 .OCSP_REQINFO* tbsRequest; 181 182 /** 183 * OPTIONAL 184 */ 185 .OCSP_SIGNATURE* optionalSignature; 186 } 187 188 alias OCSP_REQUEST = .ocsp_request_st; 189 190 /* 191 * OCSPResponseStatus ::= ENUMERATED { 192 * successful (0), --Response has valid confirmations 193 * malformedRequest (1), --Illegal confirmation request 194 * internalError (2), --Internal error in issuer 195 * tryLater (3), --Try again later 196 * --(4) is not used 197 * sigRequired (5), --Must sign the request 198 * unauthorized (6) --Request unauthorized 199 * } 200 */ 201 enum OCSP_RESPONSE_STATUS_SUCCESSFUL = 0; 202 enum OCSP_RESPONSE_STATUS_MALFORMEDREQUEST = 1; 203 enum OCSP_RESPONSE_STATUS_INTERNALERROR = 2; 204 enum OCSP_RESPONSE_STATUS_TRYLATER = 3; 205 enum OCSP_RESPONSE_STATUS_SIGREQUIRED = 5; 206 enum OCSP_RESPONSE_STATUS_UNAUTHORIZED = 6; 207 208 /* 209 * ResponseBytes ::= SEQUENCE { 210 * responseType OBJECT IDENTIFIER, 211 * response OCTET STRING } 212 */ 213 struct ocsp_resp_bytes_st 214 { 215 libressl_d.openssl.asn1.ASN1_OBJECT* responseType; 216 libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING* response; 217 } 218 219 alias OCSP_RESPBYTES = .ocsp_resp_bytes_st; 220 221 /* 222 * OCSPResponse ::= SEQUENCE { 223 * responseStatus OCSPResponseStatus, 224 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 225 */ 226 struct ocsp_response_st 227 { 228 libressl_d.openssl.ossl_typ.ASN1_ENUMERATED* responseStatus; 229 .OCSP_RESPBYTES* responseBytes; 230 } 231 232 /* 233 * ResponderID ::= CHOICE { 234 * byName [1] Name, 235 * byKey [2] KeyHash } 236 */ 237 enum V_OCSP_RESPID_NAME = 0; 238 enum V_OCSP_RESPID_KEY = 1; 239 240 struct ocsp_responder_id_st 241 { 242 int type; 243 244 union value_ 245 { 246 libressl_d.openssl.ossl_typ.X509_NAME* byName; 247 libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING* byKey; 248 } 249 250 value_ value; 251 } 252 253 //DECLARE_STACK_OF(OCSP_RESPID) 254 struct stack_st_OCSP_RESPID 255 { 256 libressl_d.openssl.stack._STACK stack; 257 } 258 259 libressl_d.openssl.ossl_typ.OCSP_RESPID* OCSP_RESPID_new(); 260 void OCSP_RESPID_free(libressl_d.openssl.ossl_typ.OCSP_RESPID* a); 261 libressl_d.openssl.ossl_typ.OCSP_RESPID* d2i_OCSP_RESPID(libressl_d.openssl.ossl_typ.OCSP_RESPID** a, const (ubyte)** in_, core.stdc.config.c_long len); 262 int i2d_OCSP_RESPID(libressl_d.openssl.ossl_typ.OCSP_RESPID* a, ubyte** out_); 263 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_RESPID_it; 264 265 /* 266 * KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key 267 * --(excluding the tag and length fields) 268 */ 269 270 /* 271 * RevokedInfo ::= SEQUENCE { 272 * revocationTime GeneralizedTime, 273 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 274 */ 275 struct ocsp_revoked_info_st 276 { 277 libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME* revocationTime; 278 libressl_d.openssl.ossl_typ.ASN1_ENUMERATED* revocationReason; 279 } 280 281 alias OCSP_REVOKEDINFO = .ocsp_revoked_info_st; 282 283 /* 284 * CertStatus ::= CHOICE { 285 * good [0] IMPLICIT null, 286 * revoked [1] IMPLICIT RevokedInfo, 287 * unknown [2] IMPLICIT UnknownInfo } 288 */ 289 enum V_OCSP_CERTSTATUS_GOOD = 0; 290 enum V_OCSP_CERTSTATUS_REVOKED = 1; 291 enum V_OCSP_CERTSTATUS_UNKNOWN = 2; 292 293 struct ocsp_cert_status_st 294 { 295 int type; 296 297 union value_ 298 { 299 libressl_d.openssl.ossl_typ.ASN1_NULL* good; 300 .OCSP_REVOKEDINFO* revoked; 301 libressl_d.openssl.ossl_typ.ASN1_NULL* unknown; 302 } 303 304 value_ value; 305 } 306 307 alias OCSP_CERTSTATUS = .ocsp_cert_status_st; 308 309 /* 310 * SingleResponse ::= SEQUENCE { 311 * certID CertID, 312 * certStatus CertStatus, 313 * thisUpdate GeneralizedTime, 314 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 315 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 316 */ 317 struct ocsp_single_response_st 318 { 319 .OCSP_CERTID* certId; 320 .OCSP_CERTSTATUS* certStatus; 321 libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME* thisUpdate; 322 libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME* nextUpdate; 323 libressl_d.openssl.x509.stack_st_X509_EXTENSION* singleExtensions; 324 } 325 326 alias OCSP_SINGLERESP = .ocsp_single_response_st; 327 328 //DECLARE_STACK_OF(OCSP_SINGLERESP) 329 struct stack_st_OCSP_SINGLERESP 330 { 331 libressl_d.openssl.stack._STACK stack; 332 } 333 334 /* 335 * ResponseData ::= SEQUENCE { 336 * version [0] EXPLICIT Version DEFAULT v1, 337 * responderID ResponderID, 338 * producedAt GeneralizedTime, 339 * responses SEQUENCE OF SingleResponse, 340 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 341 */ 342 struct ocsp_response_data_st 343 { 344 libressl_d.openssl.ossl_typ.ASN1_INTEGER* version_; 345 libressl_d.openssl.ossl_typ.OCSP_RESPID* responderId; 346 libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME* producedAt; 347 .stack_st_OCSP_SINGLERESP* responses; 348 libressl_d.openssl.x509.stack_st_X509_EXTENSION* responseExtensions; 349 } 350 351 alias OCSP_RESPDATA = .ocsp_response_data_st; 352 353 /* 354 * BasicOCSPResponse ::= SEQUENCE { 355 * tbsResponseData ResponseData, 356 * signatureAlgorithm AlgorithmIdentifier, 357 * signature BIT STRING, 358 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 359 */ 360 /* 361 * Note 1: 362 * The value for "signature" is specified in the OCSP rfc2560 as follows: 363 * "The value for the signature SHALL be computed on the hash of the DER 364 * encoding ResponseData." This means that you must hash the DER-encoded 365 * tbsResponseData, and then run it through a crypto-signing function, which 366 * will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems 367 * a bit odd, but that's the spec. Also note that the data structures do not 368 * leave anywhere to independently specify the algorithm used for the initial 369 * hash. So, we look at the signature-specification algorithm, and try to do 370 * something intelligent. -- Kathy Weinhold, CertCo 371 */ 372 /* 373 * Note 2: 374 * It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open 375 * for interpretation. I've done tests against another responder, and found 376 * that it doesn't do the double hashing that the RFC seems to say one 377 * should. Therefore, all relevant functions take a flag saying which 378 * variant should be used. -- Richard Levitte, OpenSSL team and CeloCom 379 */ 380 struct ocsp_basic_response_st 381 { 382 .OCSP_RESPDATA* tbsResponseData; 383 libressl_d.openssl.ossl_typ.X509_ALGOR* signatureAlgorithm; 384 libressl_d.openssl.ossl_typ.ASN1_BIT_STRING* signature; 385 libressl_d.openssl.x509.stack_st_X509* certs; 386 } 387 388 alias OCSP_BASICRESP = .ocsp_basic_response_st; 389 390 /* 391 * CRLReason ::= ENUMERATED { 392 * unspecified (0), 393 * keyCompromise (1), 394 * cACompromise (2), 395 * affiliationChanged (3), 396 * superseded (4), 397 * cessationOfOperation (5), 398 * certificateHold (6), 399 * removeFromCRL (8) } 400 */ 401 enum OCSP_REVOKED_STATUS_NOSTATUS = -1; 402 enum OCSP_REVOKED_STATUS_UNSPECIFIED = 0; 403 enum OCSP_REVOKED_STATUS_KEYCOMPROMISE = 1; 404 enum OCSP_REVOKED_STATUS_CACOMPROMISE = 2; 405 enum OCSP_REVOKED_STATUS_AFFILIATIONCHANGED = 3; 406 enum OCSP_REVOKED_STATUS_SUPERSEDED = 4; 407 enum OCSP_REVOKED_STATUS_CESSATIONOFOPERATION = 5; 408 enum OCSP_REVOKED_STATUS_CERTIFICATEHOLD = 6; 409 enum OCSP_REVOKED_STATUS_REMOVEFROMCRL = 8; 410 411 /* 412 * CrlID ::= SEQUENCE { 413 * crlUrl [0] EXPLICIT IA5String OPTIONAL, 414 * crlNum [1] EXPLICIT INTEGER OPTIONAL, 415 * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } 416 */ 417 struct ocsp_crl_id_st 418 { 419 libressl_d.openssl.ossl_typ.ASN1_IA5STRING* crlUrl; 420 libressl_d.openssl.ossl_typ.ASN1_INTEGER* crlNum; 421 libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME* crlTime; 422 } 423 424 alias OCSP_CRLID = .ocsp_crl_id_st; 425 426 /* 427 * ServiceLocator ::= SEQUENCE { 428 * issuer Name, 429 * locator AuthorityInfoAccessSyntax OPTIONAL } 430 */ 431 struct ocsp_service_locator_st 432 { 433 libressl_d.openssl.ossl_typ.X509_NAME* issuer; 434 libressl_d.openssl.x509v3.stack_st_ACCESS_DESCRIPTION* locator; 435 } 436 437 alias OCSP_SERVICELOC = .ocsp_service_locator_st; 438 439 enum PEM_STRING_OCSP_REQUEST = "OCSP REQUEST"; 440 enum PEM_STRING_OCSP_RESPONSE = "OCSP RESPONSE"; 441 442 //#define PEM_read_bio_OCSP_REQUEST(bp, x, cb) cast(.OCSP_REQUEST*)(libressl_d.openssl.pem.PEM_ASN1_read_bio((char* (*) ()) .d2i_OCSP_REQUEST, .PEM_STRING_OCSP_REQUEST, bp, cast(char**)(x), cb, null)) 443 444 //#define PEM_read_bio_OCSP_RESPONSE(bp, x, cb) cast(libressl_d.openssl.ossl_typ.OCSP_RESPONSE*)(libressl_d.openssl.pem.PEM_ASN1_read_bio((char* (*) ()) .d2i_OCSP_RESPONSE, .PEM_STRING_OCSP_RESPONSE, bp, cast(char**)(x), cb, null)) 445 446 //#define PEM_write_bio_OCSP_REQUEST(bp, o) libressl_d.openssl.pem.PEM_ASN1_write_bio((int (*)()) .i2d_OCSP_REQUEST, .PEM_STRING_OCSP_REQUEST, bp, cast(char*)(o), null, null, 0, null, null) 447 448 //#define PEM_write_bio_OCSP_RESPONSE(bp, o) libressl_d.openssl.pem.PEM_ASN1_write_bio((int (*)()) .i2d_OCSP_RESPONSE, .PEM_STRING_OCSP_RESPONSE, bp, cast(char*)(o), null, null, 0, null, null) 449 450 //#define OCSP_REQUEST_sign(o, pkey, md) libressl_d.openssl.x509.ASN1_item_sign(&OCSP_REQINFO_it, o.optionalSignature.signatureAlgorithm, null, o.optionalSignature.signature, o.tbsRequest, pkey, md) 451 452 //#define OCSP_BASICRESP_sign(o, pkey, md, d) libressl_d.openssl.x509.ASN1_item_sign(&OCSP_RESPDATA_it, o.signatureAlgorithm, null, o.signature, o.tbsResponseData, pkey, md) 453 454 //#define OCSP_REQUEST_verify(a, r) libressl_d.openssl.x509.ASN1_item_verify(&OCSP_REQINFO_it, a.optionalSignature.signatureAlgorithm, a.optionalSignature.signature, a.tbsRequest, r) 455 456 //#define OCSP_BASICRESP_verify(a, r, d) libressl_d.openssl.x509.ASN1_item_verify(&OCSP_RESPDATA_it, a.signatureAlgorithm, a.signature, a.tbsResponseData, r) 457 458 //#define ASN1_BIT_STRING_digest(data, type, md, len) libressl_d.openssl.x509.ASN1_item_digest(&ASN1_BIT_STRING_it, type, data, md, len) 459 460 //#define OCSP_CERTSTATUS_dup(cs) libressl_d.openssl.asn1.ASN1_item_dup(&OCSP_CERTSTATUS_it, cs) 461 462 .OCSP_CERTID* OCSP_CERTID_dup(.OCSP_CERTID* id); 463 464 libressl_d.openssl.ossl_typ.OCSP_RESPONSE* OCSP_sendreq_bio(libressl_d.openssl.bio.BIO* b, const (char)* path, .OCSP_REQUEST* req); 465 libressl_d.openssl.ossl_typ.OCSP_REQ_CTX* OCSP_sendreq_new(libressl_d.openssl.bio.BIO* io, const (char)* path, .OCSP_REQUEST* req, int maxline); 466 int OCSP_sendreq_nbio(libressl_d.openssl.ossl_typ.OCSP_RESPONSE** presp, libressl_d.openssl.ossl_typ.OCSP_REQ_CTX* rctx); 467 void OCSP_REQ_CTX_free(libressl_d.openssl.ossl_typ.OCSP_REQ_CTX* rctx); 468 int OCSP_REQ_CTX_set1_req(libressl_d.openssl.ossl_typ.OCSP_REQ_CTX* rctx, .OCSP_REQUEST* req); 469 int OCSP_REQ_CTX_add1_header(libressl_d.openssl.ossl_typ.OCSP_REQ_CTX* rctx, const (char)* name, const (char)* value); 470 471 .OCSP_CERTID* OCSP_cert_to_id(const (libressl_d.openssl.ossl_typ.EVP_MD)* dgst, const (libressl_d.openssl.ossl_typ.X509)* subject, const (libressl_d.openssl.ossl_typ.X509)* issuer); 472 473 .OCSP_CERTID* OCSP_cert_id_new(const (libressl_d.openssl.ossl_typ.EVP_MD)* dgst, const (libressl_d.openssl.ossl_typ.X509_NAME)* issuerName, const (libressl_d.openssl.ossl_typ.ASN1_BIT_STRING)* issuerKey, const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* serialNumber); 474 475 .OCSP_ONEREQ* OCSP_request_add0_id(.OCSP_REQUEST* req, .OCSP_CERTID* cid); 476 477 int OCSP_request_add1_nonce(.OCSP_REQUEST* req, ubyte* val, int len); 478 int OCSP_basic_add1_nonce(.OCSP_BASICRESP* resp, ubyte* val, int len); 479 int OCSP_check_nonce(.OCSP_REQUEST* req, .OCSP_BASICRESP* bs); 480 int OCSP_copy_nonce(.OCSP_BASICRESP* resp, .OCSP_REQUEST* req); 481 482 int OCSP_request_set1_name(.OCSP_REQUEST* req, libressl_d.openssl.ossl_typ.X509_NAME* nm); 483 int OCSP_request_add1_cert(.OCSP_REQUEST* req, libressl_d.openssl.ossl_typ.X509* cert); 484 485 int OCSP_request_sign(.OCSP_REQUEST* req, libressl_d.openssl.ossl_typ.X509* signer, libressl_d.openssl.ossl_typ.EVP_PKEY* key, const (libressl_d.openssl.ossl_typ.EVP_MD)* dgst, libressl_d.openssl.x509.stack_st_X509* certs, core.stdc.config.c_ulong flags); 486 487 int OCSP_response_status(libressl_d.openssl.ossl_typ.OCSP_RESPONSE* resp); 488 .OCSP_BASICRESP* OCSP_response_get1_basic(libressl_d.openssl.ossl_typ.OCSP_RESPONSE* resp); 489 490 int OCSP_resp_count(.OCSP_BASICRESP* bs); 491 .OCSP_SINGLERESP* OCSP_resp_get0(.OCSP_BASICRESP* bs, int idx); 492 int OCSP_resp_find(.OCSP_BASICRESP* bs, .OCSP_CERTID* id, int last); 493 int OCSP_single_get0_status(.OCSP_SINGLERESP* single, int* reason, libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME** revtime, libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME** thisupd, libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME** nextupd); 494 int OCSP_resp_find_status(.OCSP_BASICRESP* bs, .OCSP_CERTID* id, int* status, int* reason, libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME** revtime, libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME** thisupd, libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME** nextupd); 495 int OCSP_check_validity(libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME* thisupd, libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME* nextupd, core.stdc.config.c_long sec, core.stdc.config.c_long maxsec); 496 497 int OCSP_request_verify(.OCSP_REQUEST* req, libressl_d.openssl.x509.stack_st_X509* certs, libressl_d.openssl.ossl_typ.X509_STORE* store, core.stdc.config.c_ulong flags); 498 499 int OCSP_parse_url(const (char)* url, char** phost, char** pport, char** ppath, int* pssl); 500 501 int OCSP_id_issuer_cmp(.OCSP_CERTID* a, .OCSP_CERTID* b); 502 int OCSP_id_cmp(.OCSP_CERTID* a, .OCSP_CERTID* b); 503 504 int OCSP_request_onereq_count(.OCSP_REQUEST* req); 505 .OCSP_ONEREQ* OCSP_request_onereq_get0(.OCSP_REQUEST* req, int i); 506 .OCSP_CERTID* OCSP_onereq_get0_id(.OCSP_ONEREQ* one); 507 int OCSP_id_get0_info(libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING** piNameHash, libressl_d.openssl.asn1.ASN1_OBJECT** pmd, libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING** pikeyHash, libressl_d.openssl.ossl_typ.ASN1_INTEGER** pserial, .OCSP_CERTID* cid); 508 int OCSP_request_is_signed(.OCSP_REQUEST* req); 509 libressl_d.openssl.ossl_typ.OCSP_RESPONSE* OCSP_response_create(int status, .OCSP_BASICRESP* bs); 510 .OCSP_SINGLERESP* OCSP_basic_add1_status(.OCSP_BASICRESP* rsp, .OCSP_CERTID* cid, int status, int reason, libressl_d.openssl.ossl_typ.ASN1_TIME* revtime, libressl_d.openssl.ossl_typ.ASN1_TIME* thisupd, libressl_d.openssl.ossl_typ.ASN1_TIME* nextupd); 511 int OCSP_basic_add1_cert(.OCSP_BASICRESP* resp, libressl_d.openssl.ossl_typ.X509* cert); 512 int OCSP_basic_sign(.OCSP_BASICRESP* brsp, libressl_d.openssl.ossl_typ.X509* signer, libressl_d.openssl.ossl_typ.EVP_PKEY* key, const (libressl_d.openssl.ossl_typ.EVP_MD)* dgst, libressl_d.openssl.x509.stack_st_X509* certs, core.stdc.config.c_ulong flags); 513 514 libressl_d.openssl.x509.X509_EXTENSION* OCSP_crlID_new(const (char)* url, core.stdc.config.c_long* n, char* tim); 515 516 libressl_d.openssl.x509.X509_EXTENSION* OCSP_accept_responses_new(char** oids); 517 518 libressl_d.openssl.x509.X509_EXTENSION* OCSP_archive_cutoff_new(char* tim); 519 520 libressl_d.openssl.x509.X509_EXTENSION* OCSP_url_svcloc_new(libressl_d.openssl.ossl_typ.X509_NAME* issuer, const (char)** urls); 521 522 int OCSP_REQUEST_get_ext_count(.OCSP_REQUEST* x); 523 int OCSP_REQUEST_get_ext_by_NID(.OCSP_REQUEST* x, int nid, int lastpos); 524 int OCSP_REQUEST_get_ext_by_OBJ(.OCSP_REQUEST* x, const (libressl_d.openssl.asn1.ASN1_OBJECT)* obj, int lastpos); 525 int OCSP_REQUEST_get_ext_by_critical(.OCSP_REQUEST* x, int crit, int lastpos); 526 libressl_d.openssl.x509.X509_EXTENSION* OCSP_REQUEST_get_ext(.OCSP_REQUEST* x, int loc); 527 libressl_d.openssl.x509.X509_EXTENSION* OCSP_REQUEST_delete_ext(.OCSP_REQUEST* x, int loc); 528 void* OCSP_REQUEST_get1_ext_d2i(.OCSP_REQUEST* x, int nid, int* crit, int* idx); 529 int OCSP_REQUEST_add1_ext_i2d(.OCSP_REQUEST* x, int nid, void* value, int crit, core.stdc.config.c_ulong flags); 530 int OCSP_REQUEST_add_ext(.OCSP_REQUEST* x, libressl_d.openssl.x509.X509_EXTENSION* ex, int loc); 531 532 int OCSP_ONEREQ_get_ext_count(.OCSP_ONEREQ* x); 533 int OCSP_ONEREQ_get_ext_by_NID(.OCSP_ONEREQ* x, int nid, int lastpos); 534 int OCSP_ONEREQ_get_ext_by_OBJ(.OCSP_ONEREQ* x, const (libressl_d.openssl.asn1.ASN1_OBJECT)* obj, int lastpos); 535 int OCSP_ONEREQ_get_ext_by_critical(.OCSP_ONEREQ* x, int crit, int lastpos); 536 libressl_d.openssl.x509.X509_EXTENSION* OCSP_ONEREQ_get_ext(.OCSP_ONEREQ* x, int loc); 537 libressl_d.openssl.x509.X509_EXTENSION* OCSP_ONEREQ_delete_ext(.OCSP_ONEREQ* x, int loc); 538 void* OCSP_ONEREQ_get1_ext_d2i(.OCSP_ONEREQ* x, int nid, int* crit, int* idx); 539 int OCSP_ONEREQ_add1_ext_i2d(.OCSP_ONEREQ* x, int nid, void* value, int crit, core.stdc.config.c_ulong flags); 540 int OCSP_ONEREQ_add_ext(.OCSP_ONEREQ* x, libressl_d.openssl.x509.X509_EXTENSION* ex, int loc); 541 542 int OCSP_BASICRESP_get_ext_count(.OCSP_BASICRESP* x); 543 int OCSP_BASICRESP_get_ext_by_NID(.OCSP_BASICRESP* x, int nid, int lastpos); 544 int OCSP_BASICRESP_get_ext_by_OBJ(.OCSP_BASICRESP* x, const (libressl_d.openssl.asn1.ASN1_OBJECT)* obj, int lastpos); 545 int OCSP_BASICRESP_get_ext_by_critical(.OCSP_BASICRESP* x, int crit, int lastpos); 546 libressl_d.openssl.x509.X509_EXTENSION* OCSP_BASICRESP_get_ext(.OCSP_BASICRESP* x, int loc); 547 libressl_d.openssl.x509.X509_EXTENSION* OCSP_BASICRESP_delete_ext(.OCSP_BASICRESP* x, int loc); 548 void* OCSP_BASICRESP_get1_ext_d2i(.OCSP_BASICRESP* x, int nid, int* crit, int* idx); 549 int OCSP_BASICRESP_add1_ext_i2d(.OCSP_BASICRESP* x, int nid, void* value, int crit, core.stdc.config.c_ulong flags); 550 int OCSP_BASICRESP_add_ext(.OCSP_BASICRESP* x, libressl_d.openssl.x509.X509_EXTENSION* ex, int loc); 551 552 int OCSP_SINGLERESP_get_ext_count(.OCSP_SINGLERESP* x); 553 int OCSP_SINGLERESP_get_ext_by_NID(.OCSP_SINGLERESP* x, int nid, int lastpos); 554 int OCSP_SINGLERESP_get_ext_by_OBJ(.OCSP_SINGLERESP* x, const (libressl_d.openssl.asn1.ASN1_OBJECT)* obj, int lastpos); 555 int OCSP_SINGLERESP_get_ext_by_critical(.OCSP_SINGLERESP* x, int crit, int lastpos); 556 libressl_d.openssl.x509.X509_EXTENSION* OCSP_SINGLERESP_get_ext(.OCSP_SINGLERESP* x, int loc); 557 libressl_d.openssl.x509.X509_EXTENSION* OCSP_SINGLERESP_delete_ext(.OCSP_SINGLERESP* x, int loc); 558 void* OCSP_SINGLERESP_get1_ext_d2i(.OCSP_SINGLERESP* x, int nid, int* crit, int* idx); 559 int OCSP_SINGLERESP_add1_ext_i2d(.OCSP_SINGLERESP* x, int nid, void* value, int crit, core.stdc.config.c_ulong flags); 560 int OCSP_SINGLERESP_add_ext(.OCSP_SINGLERESP* x, libressl_d.openssl.x509.X509_EXTENSION* ex, int loc); 561 const (.OCSP_CERTID)* OCSP_SINGLERESP_get0_id(const (.OCSP_SINGLERESP)* x); 562 563 .OCSP_SINGLERESP* OCSP_SINGLERESP_new(); 564 void OCSP_SINGLERESP_free(.OCSP_SINGLERESP* a); 565 .OCSP_SINGLERESP* d2i_OCSP_SINGLERESP(.OCSP_SINGLERESP** a, const (ubyte)** in_, core.stdc.config.c_long len); 566 int i2d_OCSP_SINGLERESP(.OCSP_SINGLERESP* a, ubyte** out_); 567 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_SINGLERESP_it; 568 .OCSP_CERTSTATUS* OCSP_CERTSTATUS_new(); 569 void OCSP_CERTSTATUS_free(.OCSP_CERTSTATUS* a); 570 .OCSP_CERTSTATUS* d2i_OCSP_CERTSTATUS(.OCSP_CERTSTATUS** a, const (ubyte)** in_, core.stdc.config.c_long len); 571 int i2d_OCSP_CERTSTATUS(.OCSP_CERTSTATUS* a, ubyte** out_); 572 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_CERTSTATUS_it; 573 .OCSP_REVOKEDINFO* OCSP_REVOKEDINFO_new(); 574 void OCSP_REVOKEDINFO_free(.OCSP_REVOKEDINFO* a); 575 .OCSP_REVOKEDINFO* d2i_OCSP_REVOKEDINFO(.OCSP_REVOKEDINFO** a, const (ubyte)** in_, core.stdc.config.c_long len); 576 int i2d_OCSP_REVOKEDINFO(.OCSP_REVOKEDINFO* a, ubyte** out_); 577 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_REVOKEDINFO_it; 578 .OCSP_BASICRESP* OCSP_BASICRESP_new(); 579 void OCSP_BASICRESP_free(.OCSP_BASICRESP* a); 580 .OCSP_BASICRESP* d2i_OCSP_BASICRESP(.OCSP_BASICRESP** a, const (ubyte)** in_, core.stdc.config.c_long len); 581 int i2d_OCSP_BASICRESP(.OCSP_BASICRESP* a, ubyte** out_); 582 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_BASICRESP_it; 583 .OCSP_RESPDATA* OCSP_RESPDATA_new(); 584 void OCSP_RESPDATA_free(.OCSP_RESPDATA* a); 585 .OCSP_RESPDATA* d2i_OCSP_RESPDATA(.OCSP_RESPDATA** a, const (ubyte)** in_, core.stdc.config.c_long len); 586 int i2d_OCSP_RESPDATA(.OCSP_RESPDATA* a, ubyte** out_); 587 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_RESPDATA_it; 588 libressl_d.openssl.ossl_typ.OCSP_RESPID* OCSP_RESPID_new(); 589 void OCSP_RESPID_free(libressl_d.openssl.ossl_typ.OCSP_RESPID* a); 590 libressl_d.openssl.ossl_typ.OCSP_RESPID* d2i_OCSP_RESPID(libressl_d.openssl.ossl_typ.OCSP_RESPID** a, const (ubyte)** in_, core.stdc.config.c_long len); 591 int i2d_OCSP_RESPID(libressl_d.openssl.ossl_typ.OCSP_RESPID* a, ubyte** out_); 592 593 version (none) { 594 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_RESPID_it; 595 } 596 597 libressl_d.openssl.ossl_typ.OCSP_RESPONSE* OCSP_RESPONSE_new(); 598 void OCSP_RESPONSE_free(libressl_d.openssl.ossl_typ.OCSP_RESPONSE* a); 599 libressl_d.openssl.ossl_typ.OCSP_RESPONSE* d2i_OCSP_RESPONSE(libressl_d.openssl.ossl_typ.OCSP_RESPONSE** a, const (ubyte)** in_, core.stdc.config.c_long len); 600 int i2d_OCSP_RESPONSE(libressl_d.openssl.ossl_typ.OCSP_RESPONSE* a, ubyte** out_); 601 libressl_d.openssl.ossl_typ.OCSP_RESPONSE* d2i_OCSP_RESPONSE_bio(libressl_d.openssl.bio.BIO* bp, libressl_d.openssl.ossl_typ.OCSP_RESPONSE** a); 602 int i2d_OCSP_RESPONSE_bio(libressl_d.openssl.bio.BIO* bp, libressl_d.openssl.ossl_typ.OCSP_RESPONSE* a); 603 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_RESPONSE_it; 604 .OCSP_RESPBYTES* OCSP_RESPBYTES_new(); 605 void OCSP_RESPBYTES_free(.OCSP_RESPBYTES* a); 606 .OCSP_RESPBYTES* d2i_OCSP_RESPBYTES(.OCSP_RESPBYTES** a, const (ubyte)** in_, core.stdc.config.c_long len); 607 int i2d_OCSP_RESPBYTES(.OCSP_RESPBYTES* a, ubyte** out_); 608 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_RESPBYTES_it; 609 .OCSP_ONEREQ* OCSP_ONEREQ_new(); 610 void OCSP_ONEREQ_free(.OCSP_ONEREQ* a); 611 .OCSP_ONEREQ* d2i_OCSP_ONEREQ(.OCSP_ONEREQ** a, const (ubyte)** in_, core.stdc.config.c_long len); 612 int i2d_OCSP_ONEREQ(.OCSP_ONEREQ* a, ubyte** out_); 613 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_ONEREQ_it; 614 .OCSP_CERTID* OCSP_CERTID_new(); 615 void OCSP_CERTID_free(.OCSP_CERTID* a); 616 .OCSP_CERTID* d2i_OCSP_CERTID(.OCSP_CERTID** a, const (ubyte)** in_, core.stdc.config.c_long len); 617 int i2d_OCSP_CERTID(.OCSP_CERTID* a, ubyte** out_); 618 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_CERTID_it; 619 .OCSP_REQUEST* OCSP_REQUEST_new(); 620 void OCSP_REQUEST_free(.OCSP_REQUEST* a); 621 .OCSP_REQUEST* d2i_OCSP_REQUEST(.OCSP_REQUEST** a, const (ubyte)** in_, core.stdc.config.c_long len); 622 int i2d_OCSP_REQUEST(.OCSP_REQUEST* a, ubyte** out_); 623 .OCSP_REQUEST* d2i_OCSP_REQUEST_bio(libressl_d.openssl.bio.BIO* bp, .OCSP_REQUEST** a); 624 int i2d_OCSP_REQUEST_bio(libressl_d.openssl.bio.BIO* bp, .OCSP_REQUEST* a); 625 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_REQUEST_it; 626 .OCSP_SIGNATURE* OCSP_SIGNATURE_new(); 627 void OCSP_SIGNATURE_free(.OCSP_SIGNATURE* a); 628 .OCSP_SIGNATURE* d2i_OCSP_SIGNATURE(.OCSP_SIGNATURE** a, const (ubyte)** in_, core.stdc.config.c_long len); 629 int i2d_OCSP_SIGNATURE(.OCSP_SIGNATURE* a, ubyte** out_); 630 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_SIGNATURE_it; 631 .OCSP_REQINFO* OCSP_REQINFO_new(); 632 void OCSP_REQINFO_free(.OCSP_REQINFO* a); 633 .OCSP_REQINFO* d2i_OCSP_REQINFO(.OCSP_REQINFO** a, const (ubyte)** in_, core.stdc.config.c_long len); 634 int i2d_OCSP_REQINFO(.OCSP_REQINFO* a, ubyte** out_); 635 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_REQINFO_it; 636 .OCSP_CRLID* OCSP_CRLID_new(); 637 void OCSP_CRLID_free(.OCSP_CRLID* a); 638 .OCSP_CRLID* d2i_OCSP_CRLID(.OCSP_CRLID** a, const (ubyte)** in_, core.stdc.config.c_long len); 639 int i2d_OCSP_CRLID(.OCSP_CRLID* a, ubyte** out_); 640 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_CRLID_it; 641 .OCSP_SERVICELOC* OCSP_SERVICELOC_new(); 642 void OCSP_SERVICELOC_free(.OCSP_SERVICELOC* a); 643 .OCSP_SERVICELOC* d2i_OCSP_SERVICELOC(.OCSP_SERVICELOC** a, const (ubyte)** in_, core.stdc.config.c_long len); 644 int i2d_OCSP_SERVICELOC(.OCSP_SERVICELOC* a, ubyte** out_); 645 extern __gshared const libressl_d.openssl.ossl_typ.ASN1_ITEM OCSP_SERVICELOC_it; 646 647 const (char)* OCSP_response_status_str(core.stdc.config.c_long s); 648 const (char)* OCSP_cert_status_str(core.stdc.config.c_long s); 649 const (char)* OCSP_crl_reason_str(core.stdc.config.c_long s); 650 651 int OCSP_REQUEST_print(libressl_d.openssl.bio.BIO* bp, .OCSP_REQUEST* a, core.stdc.config.c_ulong flags); 652 int OCSP_RESPONSE_print(libressl_d.openssl.bio.BIO* bp, libressl_d.openssl.ossl_typ.OCSP_RESPONSE* o, core.stdc.config.c_ulong flags); 653 654 int OCSP_basic_verify(.OCSP_BASICRESP* bs, libressl_d.openssl.x509.stack_st_X509* certs, libressl_d.openssl.ossl_typ.X509_STORE* st, core.stdc.config.c_ulong flags); 655 656 /* BEGIN ERROR CODES */ 657 /** 658 * The following lines are auto generated by the script mkerr.pl. Any changes 659 * made after this point may be overwritten when the script is next run. 660 */ 661 void ERR_load_OCSP_strings(); 662 663 /* Error codes for the OCSP functions. */ 664 665 /* Function codes. */ 666 enum OCSP_F_ASN1_STRING_ENCODE = 100; 667 enum OCSP_F_D2I_OCSP_NONCE = 102; 668 enum OCSP_F_OCSP_BASIC_ADD1_STATUS = 103; 669 enum OCSP_F_OCSP_BASIC_SIGN = 104; 670 enum OCSP_F_OCSP_BASIC_VERIFY = 105; 671 enum OCSP_F_OCSP_CERT_ID_NEW = 101; 672 enum OCSP_F_OCSP_CHECK_DELEGATED = 106; 673 enum OCSP_F_OCSP_CHECK_IDS = 107; 674 enum OCSP_F_OCSP_CHECK_ISSUER = 108; 675 enum OCSP_F_OCSP_CHECK_VALIDITY = 115; 676 enum OCSP_F_OCSP_MATCH_ISSUERID = 109; 677 enum OCSP_F_OCSP_PARSE_URL = 114; 678 enum OCSP_F_OCSP_REQUEST_SIGN = 110; 679 enum OCSP_F_OCSP_REQUEST_VERIFY = 116; 680 enum OCSP_F_OCSP_RESPONSE_GET1_BASIC = 111; 681 enum OCSP_F_OCSP_SENDREQ_BIO = 112; 682 enum OCSP_F_OCSP_SENDREQ_NBIO = 117; 683 enum OCSP_F_PARSE_HTTP_LINE1 = 118; 684 enum OCSP_F_REQUEST_VERIFY = 113; 685 686 /* Reason codes. */ 687 enum OCSP_R_BAD_DATA = 100; 688 enum OCSP_R_CERTIFICATE_VERIFY_ERROR = 101; 689 enum OCSP_R_DIGEST_ERR = 102; 690 enum OCSP_R_ERROR_IN_NEXTUPDATE_FIELD = 122; 691 enum OCSP_R_ERROR_IN_THISUPDATE_FIELD = 123; 692 enum OCSP_R_ERROR_PARSING_URL = 121; 693 enum OCSP_R_MISSING_OCSPSIGNING_USAGE = 103; 694 enum OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE = 124; 695 enum OCSP_R_NOT_BASIC_RESPONSE = 104; 696 enum OCSP_R_NO_CERTIFICATES_IN_CHAIN = 105; 697 enum OCSP_R_NO_CONTENT = 106; 698 enum OCSP_R_NO_PUBLIC_KEY = 107; 699 enum OCSP_R_NO_RESPONSE_DATA = 108; 700 enum OCSP_R_NO_REVOKED_TIME = 109; 701 enum OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE = 110; 702 enum OCSP_R_REQUEST_NOT_SIGNED = 128; 703 enum OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA = 111; 704 enum OCSP_R_ROOT_CA_NOT_TRUSTED = 112; 705 enum OCSP_R_SERVER_READ_ERROR = 113; 706 enum OCSP_R_SERVER_RESPONSE_ERROR = 114; 707 enum OCSP_R_SERVER_RESPONSE_PARSE_ERROR = 115; 708 enum OCSP_R_SERVER_WRITE_ERROR = 116; 709 enum OCSP_R_SIGNATURE_FAILURE = 117; 710 enum OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND = 118; 711 enum OCSP_R_STATUS_EXPIRED = 125; 712 enum OCSP_R_STATUS_NOT_YET_VALID = 126; 713 enum OCSP_R_STATUS_TOO_OLD = 127; 714 enum OCSP_R_UNKNOWN_MESSAGE_DIGEST = 119; 715 enum OCSP_R_UNKNOWN_NID = 120; 716 enum OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE = 129;