diff options
| author | Michael Brown | 2018-03-18 21:21:49 +0100 |
|---|---|---|
| committer | Michael Brown | 2018-03-18 21:25:01 +0100 |
| commit | a0021a30dd8db832714e327bbbc65d3589f528ab (patch) | |
| tree | facbeee3dc57ac4d3cd314236e087e285ce14289 /src/include | |
| parent | [profile] Prevent potential division by zero (diff) | |
| download | ipxe-a0021a30dd8db832714e327bbbc65d3589f528ab.tar.gz ipxe-a0021a30dd8db832714e327bbbc65d3589f528ab.tar.xz ipxe-a0021a30dd8db832714e327bbbc65d3589f528ab.zip | |
[ocsp] Centralise test for whether or not an OCSP check is required
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ipxe/ocsp.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/include/ipxe/ocsp.h b/src/include/ipxe/ocsp.h index 71fa41dc..9a6b3fe6 100644 --- a/src/include/ipxe/ocsp.h +++ b/src/include/ipxe/ocsp.h @@ -111,6 +111,21 @@ ocsp_put ( struct ocsp_check *ocsp ) { ref_put ( &ocsp->refcnt ); } +/** + * Check if X.509 certificate requires an OCSP check + * + * @v cert X.509 certificate + * @ret ocsp_required An OCSP check is required + */ +static inline int ocsp_required ( struct x509_certificate *cert ) { + + /* An OCSP check is required if an OCSP URI exists but the + * OCSP status is not (yet) good. + */ + return ( cert->extensions.auth_info.ocsp.uri.len && + ( ! cert->extensions.auth_info.ocsp.good ) ); +} + extern int ocsp_check ( struct x509_certificate *cert, struct x509_certificate *issuer, struct ocsp_check **ocsp ); |