Merging upstream version 2.4.60.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 36 insertions, 0 deletions

diff --git a/modules/md/md_reg.c b/modules/md/md_reg.c
index 8bceb0e..6aa7d78 100644
--- a/modules/md/md_reg.c
+++ b/modules/md/md_reg.c
@@ -31,6 +31,7 @@
 #include "md_json.h"
 #include "md_result.h"
 #include "md_reg.h"
+#include "md_ocsp.h"
 #include "md_store.h"
 #include "md_status.h"
 #include "md_tailscale.h"
@@ -1321,3 +1322,38 @@ md_job_t *md_reg_job_make(md_reg_t *reg, const char *mdomain, apr_pool_t *p)
 {
     return md_job_make(p, reg->store, MD_SG_STAGING, mdomain, reg->min_delay);
 }
+
+static int get_cert_count(const md_t *md)
+{
+    if (md->cert_files && md->cert_files->nelts) {
+        return md->cert_files->nelts;
+    }
+    return md_pkeys_spec_count(md->pks);
+}
+
+int md_reg_has_revoked_certs(md_reg_t *reg, struct md_ocsp_reg_t *ocsp,
+                             const md_t *md, apr_pool_t *p)
+{
+    const md_pubcert_t *pubcert;
+    const md_cert_t *cert;
+    md_timeperiod_t ocsp_valid;
+    md_ocsp_cert_stat_t cert_stat;
+    apr_status_t rv = APR_SUCCESS;
+    int i;
+
+    if (!md->stapling || !ocsp)
+        return 0;
+
+    for (i = 0; i < get_cert_count(md); ++i) {
+        if (APR_SUCCESS != md_reg_get_pubcert(&pubcert, reg, md, i, p))
+            continue;
+        cert = APR_ARRAY_IDX(pubcert->certs, 0, const md_cert_t*);
+        if(!cert)
+            continue;
+        rv = md_ocsp_get_meta(&cert_stat, &ocsp_valid, ocsp, cert, p, md);
+        if (APR_SUCCESS == rv && cert_stat == MD_OCSP_CERT_ST_REVOKED) {
+            return 1;
+        }
+    }
+    return 0;
+}