- Generated by
1.14.0
Extended X.509 revocation helpers for delta-CRL application and stapled OCSP verification. More...
Go to the source code of this file.
Functions | |
| QSC_EXPORT_API qsc_x509_crl_verify_status | qsc_x509_apply_delta_crl (qsc_x509_crl *mergedcrl, const qsc_x509_crl *basecrl, const qsc_x509_crl *deltacrl, const qsc_x509_certificate *issuer, const qsc_asn1_time *now, qsc_x509_crl_signature_verify_callback callback, void *state) |
| Apply a delta CRL to a base CRL and produce a merged CRL view. | |
| QSC_EXPORT_API bool | qsc_x509_ocsp_stapled_verify (const uint8_t *stapled, size_t stapledlen, const qsc_x509_certificate *certificate, const qsc_x509_certificate *issuer) |
| Verify a stapled OCSP response for a certificate. | |
Extended X.509 revocation helpers for delta-CRL application and stapled OCSP verification.
This header defines supplemental revocation-processing helpers that extend the base CRL and certificate validation interfaces. The functions declared here support two specialized operations: applying a delta CRL to a base CRL to produce a merged revocation view, and verifying a stapled OCSP response against a certificate and its issuer.
The delta-CRL helper is intended for environments that maintain an existing base CRL and wish to incorporate incremental revocation updates while still enforcing issuer, time, and signature validation. The stapled OCSP helper is intended for network protocols that carry an OCSP response alongside the certificate presentation.
| QSC_EXPORT_API qsc_x509_crl_verify_status qsc_x509_apply_delta_crl | ( | qsc_x509_crl * | mergedcrl, |
| const qsc_x509_crl * | basecrl, | ||
| const qsc_x509_crl * | deltacrl, | ||
| const qsc_x509_certificate * | issuer, | ||
| const qsc_asn1_time * | now, | ||
| qsc_x509_crl_signature_verify_callback | callback, | ||
| void * | state ) |
Apply a delta CRL to a base CRL and produce a merged CRL view.
Validates the supplied base CRL and delta CRL against the issuer certificate and evaluation time, then applies the delta revocation updates to the base CRL and writes the resulting merged revocation state to the destination CRL object.
The caller supplies the CRL signature verification callback so that cryptographic signature checking remains aligned with the surrounding X.509 verification layer and supported algorithm set.
| mergedcrl | [struct] The destination CRL object receiving the merged result. |
| basecrl | [const][struct] The base CRL to update. |
| deltacrl | [const][struct] The delta CRL containing incremental revocation changes. |
| issuer | [const][struct] The issuer certificate expected to have signed the CRLs. |
| now | [const][struct] The evaluation time used for CRL validity checks. |
| callback | The caller-supplied CRL signature verification callback. |
| state | Caller-defined opaque context passed to the verification callback. |
| QSC_EXPORT_API bool qsc_x509_ocsp_stapled_verify | ( | const uint8_t * | stapled, |
| size_t | stapledlen, | ||
| const qsc_x509_certificate * | certificate, | ||
| const qsc_x509_certificate * | issuer ) |
Verify a stapled OCSP response for a certificate.
Parses and validates a stapled OCSP response associated with the supplied certificate and issuer certificate. This helper is intended for use in protocols that carry an OCSP response out-of-band from direct responder retrieval, such as TLS certificate status stapling.
| stapled | [const] The stapled OCSP response bytes. |
| stapledlen | The length of the stapled OCSP response in bytes. |
| certificate | [const][struct] The certificate whose status is being verified. |
| issuer | [const][struct] The issuer certificate for the target certificate. |
1.14.0