The branch OpenSSL_1_1_0-stable has been updated via dea20b941f68c60fbe1885ecf8156a76eb30789a (commit) via c24470d0363ad0c4f35081fb8b6f799c9c4a09e6 (commit) via af10989dd51cac1068a0451350f935fcdd54c8d3 (commit) via 1b7e60bf2e4ff225ca649206ac9f1169ee45ee13 (commit) via e98d190693482b5bd94c1bd68cd8798ca486bc0c (commit) via c74503ebfc599d2d5afbfccaab0cb4bf585fba8c (commit) via 1f0067ec9a8d2ab71132604b4a1a5dd9ffab4f23 (commit) from e1e59ecada5092fdb71cb20ec3a944733c96bf01 (commit)
- Log ----------------------------------------------------------------- commit dea20b941f68c60fbe1885ecf8156a76eb30789a Author: Ben Kaduk <ka...@mit.edu> Date: Tue Dec 12 11:41:26 2017 -0600 Fix more OCSP_resp_get0_signer() nits Fix a typo for "retrieve" and some indentation. Reviewed-by: Kurt Roeckx <k...@roeckx.be> (cherry picked from commit eb48052ec96a7551391b5955f03f5ef70b3528f6) Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4723) commit c24470d0363ad0c4f35081fb8b6f799c9c4a09e6 Author: Benjamin Kaduk <bka...@akamai.com> Date: Thu Dec 7 16:37:54 2017 -0600 Wrap more of ocspapitest.c in OPENSSL_NO_OCSP make_dummy_resp() uses OCSP types, and get_cert_and_key() is unused once make_dummy_resp() is compiled out, so neither can be included in the build when OCSP is disabled and strict warnings are active. Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit cb091295a9ff16f4de1a8b00be444d40ac068d04) (Merged from https://github.com/openssl/openssl/pull/4723) commit af10989dd51cac1068a0451350f935fcdd54c8d3 Author: Benjamin Kaduk <bka...@akamai.com> Date: Thu Dec 7 14:14:47 2017 -0600 Fix coverity-reported errors in ocspapitest Avoid memory leaks in error paths, and correctly apply parentheses to function calls in a long if-chain. Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit b6306d8049b04dca7fa738a86c892c43ba6a5fc4) (Merged from https://github.com/openssl/openssl/pull/4723) commit 1b7e60bf2e4ff225ca649206ac9f1169ee45ee13 Author: Rich Salz <rs...@openssl.org> Date: Sun Nov 12 19:32:52 2017 -0500 Fix typo that cause find-doc-nits failure Reviewed-by: Ben Kaduk <ka...@mit.edu> (cherry picked from commit b741fcd2ddc4e94faee75a47c241fa136854c81f) Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4723) commit e98d190693482b5bd94c1bd68cd8798ca486bc0c Author: Ben Kaduk <ka...@mit.edu> Date: Sat Nov 11 20:04:42 2017 -0600 make update Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit f1d3de718bc96e70ce76bf2b4ccee128ecbcd100) Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4723) commit c74503ebfc599d2d5afbfccaab0cb4bf585fba8c Author: Benjamin Kaduk <bka...@akamai.com> Date: Thu Oct 19 14:44:10 2017 -0500 Add OCSP API test executable Some of the OCSP APIs (such as the recently added OCSP_resp_get0_signer) do not really merit inclusion in the ocsp(1) utility, but we should still have unit tests for them. For now, only test OCSP_resp_get0_signer(), but it should be easy to add more tests in the future. Provide an X509 cert and private key in the test's data directory to use for signing responses, since constructing those on the fly is more effort than is needed. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit 27da13430bfb3c178716cec10e8d5d6134e54f90) Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4723) commit 1f0067ec9a8d2ab71132604b4a1a5dd9ffab4f23 Author: Benjamin Kaduk <bka...@akamai.com> Date: Wed Oct 18 15:29:18 2017 -0500 Add an API to get the signer of an OCSP response Add a new function OCSP_resp_get0_signer() that looks in the certs bundled with the response as well as in additional certificates provided as a function argument, returning the certificate that signed the given response (if present). Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit ce5886dda80b6f60fb30762381506d5c6f2d995c) Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4723) ----------------------------------------------------------------------- Summary of changes: crypto/ocsp/ocsp_vfy.c | 9 ++ doc/crypto/OCSP_resp_find_status.pod | 15 ++- include/openssl/ocsp.h | 2 + test/build.info | 6 +- test/ocspapitest.c | 168 ++++++++++++++++++++++++++++++++ test/recipes/80-test_ocsp.t | 11 ++- test/recipes/80-test_ocsp_data/cert.pem | 19 ++++ test/recipes/80-test_ocsp_data/key.pem | 28 ++++++ util/libcrypto.num | 1 + 9 files changed, 255 insertions(+), 4 deletions(-) create mode 100644 test/ocspapitest.c create mode 100644 test/recipes/80-test_ocsp_data/cert.pem create mode 100644 test/recipes/80-test_ocsp_data/key.pem diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 809f7f4..9a8d343 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -138,6 +138,15 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, goto end; } +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs) +{ + int ret; + + ret = ocsp_find_signer(signer, bs, extra_certs, 0); + return (ret > 0) ? 1 : 0; +} + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, unsigned long flags) { diff --git a/doc/crypto/OCSP_resp_find_status.pod b/doc/crypto/OCSP_resp_find_status.pod index 36f66a8..5123f0a 100644 --- a/doc/crypto/OCSP_resp_find_status.pod +++ b/doc/crypto/OCSP_resp_find_status.pod @@ -3,6 +3,7 @@ =head1 NAME OCSP_resp_get0_certs, +OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get0_produced_at, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, @@ -32,6 +33,9 @@ OCSP_single_get0_status, OCSP_check_validity const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); + int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname); @@ -72,7 +76,13 @@ single response B<bs>. OCSP_resp_get0_certs() returns any certificates included in B<bs>. -OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is +OCSP_resp_get0_signer() attempts to retrieve the certificate that directly +signed B<bs>. The OCSP protocol does not require that this certificate +is included in the B<certs> field of the response, so additional certificates +can be supplied in B<extra_certs> if the certificates that may have +signed the response are known via some out-of-band mechanism. + +OCSP_resp_get0_id() gets the responder id of B<bs>. If the responder ID is a name then <*pname> is set to the name and B<*pid> is set to NULL. If the responder ID is by key ID then B<*pid> is set to the key ID and B<*pname> is set to NULL. @@ -99,6 +109,9 @@ B<id> was not found. OCSP_single_get0_status() returns the status of B<single> or -1 if an error occurred. +OCSP_resp_get0_signer() returns 1 if the signing certificate was located, +or 0 on error. + =head1 NOTES Applications will typically call OCSP_resp_find_status() using the certificate diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index f2281c0..90ebe5c 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -194,6 +194,8 @@ int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); diff --git a/test/build.info b/test/build.info index 199fe13..c262248 100644 --- a/test/build.info +++ b/test/build.info @@ -17,7 +17,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ - fatalerrtest + ocspapitest fatalerrtest SOURCE[aborttest]=aborttest.c INCLUDE[aborttest]=../include @@ -276,6 +276,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[sslapitest]=../include .. DEPEND[sslapitest]=../libcrypto ../libssl + SOURCE[ocspapitest]=ocspapitest.c testutil.c + INCLUDE[ocspapitest]=../include .. + DEPEND[ocspapitest]=../libcrypto + SOURCE[dtlstest]=dtlstest.c ssltestlib.c testutil.c INCLUDE[dtlstest]=../include . DEPEND[dtlstest]=../libcrypto ../libssl diff --git a/test/ocspapitest.c b/test/ocspapitest.c new file mode 100644 index 0000000..42befe7 --- /dev/null +++ b/test/ocspapitest.c @@ -0,0 +1,168 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> + +#include <openssl/opensslconf.h> +#include <openssl/crypto.h> +#include <openssl/ocsp.h> +#include <openssl/x509.h> +#include <openssl/asn1.h> +#include <openssl/pem.h> + +#include "testutil.h" + +static const char *certstr; +static const char *privkeystr; + +#ifndef OPENSSL_NO_OCSP +static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) +{ + BIO *certbio, *keybio; + X509 *cert = NULL; + EVP_PKEY *key = NULL; + + if ((certbio = BIO_new_file(certstr, "r")) == NULL) + return 0; + cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); + BIO_free(certbio); + if ((keybio = BIO_new_file(privkeystr, "r")) == NULL) + goto end; + key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); + BIO_free(keybio); + if (cert == NULL || key == NULL) + goto end; + *cert_out = cert; + *key_out = key; + return 1; + end: + X509_free(cert); + EVP_PKEY_free(key); + return 0; +} + +static OCSP_BASICRESP *make_dummy_resp(void) +{ + const unsigned char namestr[] = "openssl.example.com"; + unsigned char keybytes[128] = {7}; + OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); + OCSP_BASICRESP *bs_out = NULL; + OCSP_CERTID *cid = NULL; + ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL)); + ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200); + X509_NAME *name = X509_NAME_new(); + ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + + if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, + namestr, -1, -1, 1) + || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)) + || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) + goto err; + cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); + if (bs == NULL + || thisupd == NULL + || nextupd == NULL + || cid == NULL + || !OCSP_basic_add1_status(bs, cid, + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, thisupd, nextupd)) + goto err; + bs_out = bs; + bs = NULL; + err: + ASN1_TIME_free(thisupd); + ASN1_TIME_free(nextupd); + ASN1_BIT_STRING_free(key); + ASN1_INTEGER_free(serial); + OCSP_CERTID_free(cid); + OCSP_BASICRESP_free(bs); + X509_NAME_free(name); + return bs_out; +} + +static int test_resp_signer(void) +{ + OCSP_BASICRESP *bs = NULL; + X509 *signer = NULL, *tmp; + EVP_PKEY *key = NULL; + STACK_OF(X509) *extra_certs = NULL; + int ret = 0; + + /* + * Test a response with no certs at all; get the signer from the + * extra certs given to OCSP_resp_get0_signer(). + */ + bs = make_dummy_resp(); + extra_certs = sk_X509_new_null(); + if (bs == NULL + || extra_certs == NULL + || !get_cert_and_key(&signer, &key) + || !sk_X509_push(extra_certs, signer) + || !OCSP_basic_sign(bs, signer, key, EVP_sha1(), + NULL, OCSP_NOCERTS)) + goto err; + if (!OCSP_resp_get0_signer(bs, &tmp, extra_certs) + || X509_cmp(tmp, signer) != 0) + goto err; + OCSP_BASICRESP_free(bs); + + /* Do it again but include the signer cert */ + bs = make_dummy_resp(); + tmp = NULL; + if (bs == NULL + || !OCSP_basic_sign(bs, signer, key, EVP_sha1(), + NULL, 0)) + goto err; + if (!OCSP_resp_get0_signer(bs, &tmp, NULL) + || X509_cmp(tmp, signer) != 0) + goto err; + ret = 1; + err: + OCSP_BASICRESP_free(bs); + sk_X509_free(extra_certs); + X509_free(signer); + EVP_PKEY_free(key); + return ret; +} +#endif + +int main(int argc, char *argv[]) +{ + int testresult = 1; + BIO *err = NULL; + + if (argc != 3) { + printf("Invalid argument count\n"); + return 1; + } + if ((certstr = argv[1]) == NULL + || (privkeystr = argv[2]) == NULL) + return 1; + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +#ifndef OPENSSL_NO_OCSP + ADD_TEST(test_resp_signer); +#endif + testresult = run_tests(argv[0]); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 1; +#endif + BIO_free(err); + + if (!testresult) + printf("PASS\n"); + + return testresult; +} diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t index 9f178de..e9ed7b4 100644 --- a/test/recipes/80-test_ocsp.t +++ b/test/recipes/80-test_ocsp.t @@ -13,7 +13,7 @@ use warnings; use POSIX; use File::Spec::Functions qw/devnull catfile/; use File::Copy; -use OpenSSL::Test qw/:DEFAULT with pipe srctop_dir/; +use OpenSSL::Test qw/:DEFAULT with pipe srctop_dir data_file/; use OpenSSL::Test::Utils; setup("test_ocsp"); @@ -48,7 +48,7 @@ sub test_ocsp { unlink "ocsp-resp-fff.dat"; } -plan tests => 10; +plan tests => 11; subtest "=== VALID OCSP RESPONSES ===" => sub { plan tests => 7; @@ -210,3 +210,10 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { test_ocsp("DELEGATED; Root CA -> EE", "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0); }; + +subtest "=== OCSP API TESTS===" => sub { + plan tests => 1; + + ok(run(test(["ocspapitest", data_file("cert.pem"), data_file("key.pem")])), + "running ocspapitest"); +} diff --git a/test/recipes/80-test_ocsp_data/cert.pem b/test/recipes/80-test_ocsp_data/cert.pem new file mode 100644 index 0000000..f70e792 --- /dev/null +++ b/test/recipes/80-test_ocsp_data/cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDLDCCAhSgAwIBAgICFs8wDQYJKoZIhvcNAQELBQAwSzEQMA4GA1UECgwHT3Bl +blNTTDETMBEGA1UECwwKVGVzdCBTdWl0ZTEiMCAGA1UEAwwZVGVzdCBPQ1NQIHJl +c3BvbnNlIHNpZ25lcjAeFw0xNzEwMjMxNDA4MDlaFw0yNjAxMDkxNDA4MDlaMEsx +EDAOBgNVBAoMB09wZW5TU0wxEzARBgNVBAsMClRlc3QgU3VpdGUxIjAgBgNVBAMM +GVRlc3QgT0NTUCByZXNwb25zZSBzaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC81prq23FY2YDuwiXetb/NCs/cSm/afVnPsdSseRKi/GHi9d7b +EEgWnQOJmz4zTuU+Bw2duHZ1X2WUR/Pjy4CvWNRq417aJ3IfyQHf8cxEplk9Ifd0 +5VEq6WzWVWAX6ki/CZIJUihzj3AAn/SYfvXw2wd319OQGvwYiQVt3Is5k4E4rAI2 +zXf5BdE9XkayM3jq6Ewc/VZ05EA/LaBLy5ujQljjfAFEy/qopYx3AJ4G8t2a5rvM +dbNOyJCx9NNeryZMv2wRzEaYp6jYao+xxqbm5lgnwfE3jJ4aA9/oC1sUM8FokOGW +9KAK3UEptoxux8JHH9R8X5bTVE7HADHhG5s7AgMBAAGjGjAYMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBAQCPkojVPBFNT9DGpLq9Y/Hl +XhcA+vSdt83EFzPD/nxIMp/QYSnZ9w2SWL21AH4C+HWd4JuKX5Zlsd6qYobYZLcT +TyVfw0OMwwPUI6Mxbz395EAnVLmtddN2RDsEYvThSMMoSfhtUwyANpA0Q6M8RcGt +LwnaC69iXhBh1xcTVVg97yEJ22yIrwQ1GhX4F1PRJIAQ/QmQhnoTGlhl2VAQ3LIk +lNFxkWbx0rqPIcor27QDNa2DPqioyvHMlkjC1h5EPhL9Ynu011r4Dn9A34+vFxeu +Q+emRwl/JjCNZX4l/AripU/Cy/+J2YGKilKzRcB1QMMVSl0VaeLSCwkNDQtdlwWO +-----END CERTIFICATE----- diff --git a/test/recipes/80-test_ocsp_data/key.pem b/test/recipes/80-test_ocsp_data/key.pem new file mode 100644 index 0000000..cd211dc --- /dev/null +++ b/test/recipes/80-test_ocsp_data/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC81prq23FY2YDu +wiXetb/NCs/cSm/afVnPsdSseRKi/GHi9d7bEEgWnQOJmz4zTuU+Bw2duHZ1X2WU +R/Pjy4CvWNRq417aJ3IfyQHf8cxEplk9Ifd05VEq6WzWVWAX6ki/CZIJUihzj3AA +n/SYfvXw2wd319OQGvwYiQVt3Is5k4E4rAI2zXf5BdE9XkayM3jq6Ewc/VZ05EA/ +LaBLy5ujQljjfAFEy/qopYx3AJ4G8t2a5rvMdbNOyJCx9NNeryZMv2wRzEaYp6jY +ao+xxqbm5lgnwfE3jJ4aA9/oC1sUM8FokOGW9KAK3UEptoxux8JHH9R8X5bTVE7H +ADHhG5s7AgMBAAECggEBAJLp946eeVmhpiCa5XGWPwlbzwlY1BrNCRGADbC9ZRVu +ew1jMiWGTj9hmr31DHhIeis+u4YoW+jG9jVdoU5pJc3Fs0URbdsVc0FtVcsPyFbk +gGsCQQ4t1m8nOaiqtV8Fw+D0piwgQh5dysqBp374z4i6Lt47CHqFs/m2qIWnXp3E +YF3xX2Zz9rIgejERRxrUnp5998NqxSYHPF7Ts4VQ/+UezUqEpA2jBs6cJ2tWVNR9 +uf+3Fklpo7Uau+xG5xkiRYxx4mSIg6EREz5+XMPkSOcXi6tyinoKsafxTNQDil0q +pdurVlHNgZb2QdJjHugVmbalydHIQ5c0CU1RO5CP97kCgYEA7RqrRooniil0iAKR +6scFct0juVBW1Uw05Ejt97RtwQRf/m9SU5mSs0PfFx/l3PeNDSWnpmwunL1igYQb ++tVqDQQ9xR4owyl6/qDJSP2bS84jb+3MCR4UE/b2YR2rCDBllXeyQsDT7KMoW8lX +gliWmYd6HYddRDOKNM/tzccFG1cCgYEAy+M6yv0ublrpTj4o8DcOi6JJrQbPSAWx +R7zKDXSvSq5lLjfXmqX4s/jgZWgQ+kYoYZrIOqIygcZ2U6tBMCP2LAhbf86I6r27 +loMyQg7lhC5GCztpGes4/JmUvnvjTUIFspB6ReaXlBFAstzzJirgI1wmoO6+GiG/ +OUDmvCjFdL0CgYALQGa8VDYIImt7QNP31jX1+3SEiMF2IcWox6UzSgajUDfV9SZs +/S6u/xuJF2RrFfxFkXHhPeUAXyRbjQ9e2d3MfFUKE6JPkJpblvm2UwKZmFCqMRir +nhfJ0sBiX2wMWW+YpjN5Y3krE5sIsAdNEjMjWgB7gj70y5VVaECasUUWxQKBgQDB +aauqSIc1VLSh7sGzLudzet5db2pPLmdAYE1kel6Xf9yn/X1gTTYitGNaj2Abq1Y/ +US/Ev30eMwCo2nqaimLK3pq+IVUtKhO78nVIyQzdWXBE03Uei0+iAKdkE+5Kqejx +vbDggqEka0Fu678VY/MAWDikzhY0f/MBAxpfQGYgGQKBgC0tR1ymvCLkk6J5e4/G +OD1D9m2JJjcK4eWUS4rAiEH61sI5CKQRU2pQ3f3cIGekDZZt3XzHLYwc9W2UnN2J +glMmKXp0qqt2HoE/XKLrIc1dEDXsZxFnMZ6nmWKsl4AHxM/gyXqfDo/AUXyEGcVu +8TbVs3nlISUy7vwjpaW1KOs1 +-----END PRIVATE KEY----- diff --git a/util/libcrypto.num b/util/libcrypto.num index a6d313f..05c66e9 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4232,3 +4232,4 @@ ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTIO ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION: EVP_PKEY_set1_engine 4347 1_1_0g EXIST::FUNCTION:ENGINE +OCSP_resp_get0_signer 4374 1_1_0h EXIST::FUNCTION:OCSP _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits