method

sign

v2_5_5 - Show latest stable - Class: OpenSSL::OCSP::BasicResponse

sign(p1, p2, p3 = v3, p4 = v4, p5 = v5)

public

Signs this OCSP response using the cert, key and optional digest. This behaves in the similar way as OpenSSL::OCSP::Request#sign.

flags can include:

OpenSSL::OCSP::NOCERTS	don’t include certificates
OpenSSL::OCSP::NOTIME	don’t set producedAt
OpenSSL::OCSP::RESPID_KEY	use signer’s public key hash as responderID

static VALUE
ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
{
    VALUE signer_cert, signer_key, certs, flags, digest;
    OCSP_BASICRESP *bs;
    X509 *signer;
    EVP_PKEY *key;
    STACK_OF(X509) *x509s = NULL;
    unsigned long flg = 0;
    const EVP_MD *md;
    int ret;

    rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &digest);
    GetOCSPBasicRes(self, bs);
    signer = GetX509CertPtr(signer_cert);
    key = GetPrivPKeyPtr(signer_key);
    if (!NIL_P(flags))
        flg = NUM2INT(flags);
    if (NIL_P(digest))
        md = EVP_sha1();
    else
        md = ossl_evp_get_digestbyname(digest);
    if (NIL_P(certs))
        flg |= OCSP_NOCERTS;
    else
        x509s = ossl_x509_ary2sk(certs);

    ret = OCSP_basic_sign(bs, signer, key, md, x509s, flg);
    sk_X509_pop_free(x509s, X509_free);
    if (!ret) ossl_raise(eOCSPError, NULL);

    return self;
}

sign

Related methods