Ghost552/FoxiGram
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions 1
FoxiGram/TMessagesProj/jni/boringssl/include/openssl/pki/ocsp.h
instant992 8e79f2ee9c FoxiGram: Telegram client with built-in Xray VLESS proxy 
Based on Nekogram. Key additions:
- Rebrand to FoxiGram (app name, APK name, applicationId com.foxigram.app)
- Embedded Xray (VLESS+Reality) proxy client via JNI libxray.so
- Bundled hidden one-tap proxies (LTE + WiFi), read-only in UI
- Auto-restore proxy on restart, rebind to active network (LTE/WiFi)
- Server credentials externalized to git-ignored XrayServers.java (+ template)
- libxray Go source included; compiled .so, keystore, google-services.json ignored
2026-06-08 16:41:07 +04:00

123 lines
4.6 KiB
C++
Raw Blame History

// Copyright 2016 The Chromium Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#if !defined(OPENSSL_HEADER_BSSL_PKI_OCSP_H_) && defined(__cplusplus)
#define OPENSSL_HEADER_BSSL_PKI_OCSP_H_
#include <openssl/base.h> // IWYU pragma: export
#include <string_view>
#include <optional>
BSSL_NAMESPACE_BEGIN
// The revocation status indicated by an OCSP verification. This value is
// histogrammed in Chrome, so do not re-order or change values, and add new
// values at the end.
enum class OCSPRevocationStatus {
GOOD = 0,
REVOKED = 1,
UNKNOWN = 2,
MAX_VALUE = UNKNOWN
};
// The result of OCSP verification. This always contains a ResponseStatus, which
// describes whether or not an OCSP response was provided, and response level
// errors. It optionally contains an OCSPRevocationStatus when |response_status
// = PROVIDED|. For example, a stapled OCSP response matching the certificate,
// and indicating a non-revoked status, will have |response_status = PROVIDED|
// and |revocation_status = GOOD|.
struct OPENSSL_EXPORT OCSPVerifyResult {
bool operator==(const OCSPVerifyResult &other) const {
if (response_status != other.response_status) {
return false;
}
if (response_status == PROVIDED) {
// |revocation_status| is only defined when |response_status| is PROVIDED.
return revocation_status == other.revocation_status;
}
return true;
}
// This value is histogrammed in Chrome, so do not re-order or change values,
// and add new values at the end.
enum ResponseStatus {
// OCSP verification was not checked on this connection.
NOT_CHECKED = 0,
// No OCSPResponse was stapled.
MISSING = 1,
// An up-to-date OCSP response was stapled and matched the certificate.
PROVIDED = 2,
// The stapled OCSP response did not have a SUCCESSFUL status.
ERROR_RESPONSE = 3,
// The OCSPResponseData field producedAt was outside the certificate
// validity period.
BAD_PRODUCED_AT = 4,
// At least one OCSPSingleResponse was stapled, but none matched the
// certificate.
NO_MATCHING_RESPONSE = 5,
// A matching OCSPSingleResponse was stapled, but was either expired or not
// yet valid.
INVALID_DATE = 6,
// The OCSPResponse structure could not be parsed.
PARSE_RESPONSE_ERROR = 7,
// The OCSPResponseData structure could not be parsed.
PARSE_RESPONSE_DATA_ERROR = 8,
// Unhandled critical extension in either OCSPResponseData or
// OCSPSingleResponse
UNHANDLED_CRITICAL_EXTENSION = 9,
RESPONSE_STATUS_MAX = UNHANDLED_CRITICAL_EXTENSION
};
ResponseStatus response_status = NOT_CHECKED;
// The strictest CertStatus matching the certificate (REVOKED > UNKNOWN >
// GOOD). Only valid if |response_status| = PROVIDED.
OCSPRevocationStatus revocation_status = OCSPRevocationStatus::UNKNOWN;
};
// Checks the revocation status of the certificate |certificate_der| by using
// the DER-encoded |raw_response|.
//
// Returns GOOD if the OCSP response indicates the certificate is not revoked,
// REVOKED if it indicates it is revoked, or UNKNOWN for all other cases.
//
// * |raw_response|: A DER encoded OCSPResponse.
// * |certificate_der|: The certificate being checked for revocation.
// * |issuer_certificate_der|: The certificate that signed |certificate_der|.
// The caller must have already performed path verification.
// * |verify_time_epoch_seconds|: The time as the difference in seconds from
// the POSIX epoch to use when checking revocation status.
// * |max_age_seconds|: The maximum age in seconds for a CRL, implemented as
// time since the |thisUpdate| field in the CRL TBSCertList. Responses
// older than |max_age_seconds| will be considered invalid.
// * |response_details|: Additional details about failures.
[[nodiscard]] OPENSSL_EXPORT OCSPRevocationStatus CheckOCSP(
std::string_view raw_response, std::string_view certificate_der,
std::string_view issuer_certificate_der, int64_t verify_time_epoch_seconds,
std::optional<int64_t> max_age_seconds,
OCSPVerifyResult::ResponseStatus *response_details);
BSSL_NAMESPACE_END
#endif // OPENSSL_HEADER_BSSL_PKI_OCSP_H_ && __cplusplus
Reference in a new issue View git blame Copy permalink