From abf94444d026ceff55f056774d1df99a72a70fb4 Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Wed, 2 Oct 2024 19:17:30 +0000 Subject: [PATCH] Add and move OCSP no-op flags to own section --- include/openssl/ocsp.h | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index ea99f314d2..b0aa6bd369 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -62,9 +62,6 @@ extern "C" { // Certificates included within |bs| or |req| will be included in the // search for the signing certificate by default, unless |OCSP_NOINTERN| is set. #define OCSP_NOINTERN 0x2 -// OCSP_NOSIGS does nothing. In OpenSSL, this skips signature verification in -// |OCSP_basic_verify| and |OCSP_request_verify|. -#define OCSP_NOSIGS // OCSP_NOCHAIN is for |OCSP_basic_verify| and |OCSP_request_verify|. // For |OCSP_basic_verify|, certificates in both |certs| and in |bs| are // considered as certificates for the construction of the validation path for @@ -552,6 +549,25 @@ OPENSSL_EXPORT X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *sresp, int loc); +// OCSP no-op flags [Deprecated]. + +// OCSP_NOSIGS does nothing. In OpenSSL, this skips signature verification in +// |OCSP_basic_verify| and |OCSP_request_verify|. +#define OCSP_NOSIGS 0 + +// OCSP_NOCASIGN does nothing. It's a legacy OCSP flag deprecated since OpenSSL +// 1.0.1g. +#define OCSP_NOCASIGN 0 + +// OCSP_NODELEGATED does nothing. It's a legacy OCSP flag deprecated since +// OpenSSL 1.0.1g. +#define OCSP_NODELEGATED 0 + +// OCSP_NOCHECKS does nothing. In OpenSSL, this disables verifying that the +// signer certificate has met the OCSP issuer criteria or any potential +// delegation in |OCSP_basic_verify|. +#define OCSP_NOCHECKS 0 + #if defined(__cplusplus) } // extern C #endif