in native/src/sslutils.c [1003:1036]
static int process_ocsp_response(OCSP_RESPONSE *ocsp_resp, X509 *cert, X509 *issuer)
{
int r, o = V_OCSP_CERTSTATUS_UNKNOWN, i;
OCSP_BASICRESP *bs;
OCSP_SINGLERESP *ss;
OCSP_CERTID *certid;
r = OCSP_response_status(ocsp_resp);
if (r != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
return OCSP_STATUS_UNKNOWN;
}
bs = OCSP_response_get1_basic(ocsp_resp);
certid = OCSP_cert_to_id(NULL, cert, issuer);
if (certid == NULL) {
return OCSP_STATUS_UNKNOWN;
}
ss = OCSP_resp_get0(bs, OCSP_resp_find(bs, certid, -1)); /* find by serial number and get the matching response */
i = OCSP_single_get0_status(ss, NULL, NULL, NULL, NULL);
if (i == V_OCSP_CERTSTATUS_GOOD)
o = OCSP_STATUS_OK;
else if (i == V_OCSP_CERTSTATUS_REVOKED)
o = OCSP_STATUS_REVOKED;
else if (i == V_OCSP_CERTSTATUS_UNKNOWN)
o = OCSP_STATUS_UNKNOWN;
/* we clean up */
OCSP_CERTID_free(certid);
OCSP_BASICRESP_free(bs);
return o;
}