OCSP functionality

3 files changed, 66 insertions, 2 deletions

diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index d90cee22..e75dcf5d 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -20,6 +20,7 @@ use error::ErrorStack;
 use ffi;
 use nid::Nid;
 use types::{OpenSslType, OpenSslTypeRef};
+use string::OpensslString;
 use stack::{Stack, StackRef, Stackable};
 
 #[cfg(ossl10x)]
@@ -415,6 +416,25 @@ impl X509Ref {
         }
     }
 
+    /// Returns the list of OCSP responder URLs specified in the certificate's Authority Information
+    /// Access field.
+    pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack> {
+        unsafe {
+            cvt_p(ffi::X509_get1_ocsp(self.as_ptr())).map(|p| Stack::from_ptr(p))
+        }
+    }
+
+    /// Checks that this certificate issued `subject`.
+    pub fn issued(&self, subject: &X509Ref) -> Result<(), X509VerifyError> {
+        unsafe {
+            let r = ffi::X509_check_issued(self.as_ptr(), subject.as_ptr());
+            match X509VerifyError::from_raw(r as c_long) {
+                Some(e) => Err(e),
+                None => Ok(()),
+            }
+        }
+    }
+
     to_pem!(ffi::PEM_write_bio_X509);
     to_der!(ffi::i2d_X509);
 }
diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs
index 01eb0e2f..dd08a49b 100644
--- a/openssl/src/x509/store.rs
+++ b/openssl/src/x509/store.rs
@@ -1,13 +1,33 @@
 use ffi;
 use std::mem;
 
-use cvt;
+use {cvt, cvt_p};
 use error::ErrorStack;
 use types::OpenSslTypeRef;
 use x509::X509;
 
 type_!(X509StoreBuilder, X509StoreBuilderRef, ffi::X509_STORE, ffi::X509_STORE_free);
 
+impl X509StoreBuilder {
+    /// Returns a builder for a certificate store.
+    ///
+    /// The store is initially empty.
+    pub fn new() -> Result<X509StoreBuilder, ErrorStack> {
+        unsafe {
+            ffi::init();
+
+            cvt_p(ffi::X509_STORE_new()).map(X509StoreBuilder)
+        }
+    }
+
+    /// Constructs the `X509Store`.
+    pub fn build(self) -> X509Store {
+        let store = X509Store(self.0);
+        mem::forget(self);
+        store
+    }
+}
+
 impl X509StoreBuilderRef {
     /// Adds a certificate to the certificate store.
     pub fn add_cert(&mut self, cert: X509) -> Result<(), ErrorStack> {
@@ -17,4 +37,17 @@ impl X509StoreBuilderRef {
             cvt(ffi::X509_STORE_add_cert(self.as_ptr(), ptr)).map(|_| ())
         }
     }
+
+    /// Load certificates from their default locations.
+    ///
+    /// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR`
+    /// environment variables if present, or defaults specified at OpenSSL
+    /// build time otherwise.
+    pub fn set_default_paths(&mut self) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::X509_STORE_set_default_paths(self.as_ptr())).map(|_| ())
+        }
+    }
 }
+
+type_!(X509Store, X509StoreRef, ffi::X509_STORE, ffi::X509_STORE_free);
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 0843b19f..f89b7267 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -132,7 +132,7 @@ fn test_nid_values() {
     assert_eq!(email.data().as_slice(), b"[email protected]");
 
     let friendly = subject.entries_by_nid(nid::FRIENDLYNAME).next().unwrap();
-    assert_eq!(&*friendly.data().as_utf8().unwrap(), "Example");
+    assert_eq!(&**friendly.data().as_utf8().unwrap(), "Example");
 }
 
 #[test]
@@ -186,3 +186,14 @@ fn test_stack_from_pem() {
     assert_eq!(certs[1].fingerprint(MessageDigest::sha1()).unwrap().to_hex(),
         "c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875");
 }
+
+#[test]
+fn issued() {
+    let cert = include_bytes!("../../test/cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    let ca = include_bytes!("../../test/root-ca.pem");
+    let ca = X509::from_pem(ca).unwrap();
+
+    ca.issued(&cert).unwrap();
+    cert.issued(&cert).err().unwrap();
+}