add support for X509_CRL_http_nbio

crypto/ocsp/internal.h

@@ -258,7 +258,7 @@ DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
 // Try exchanging request and response via HTTP on (non-)blocking BIO in rctx.
 OPENSSL_EXPORT int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
 
-// Tries to exchange the request and response with OCSP_REQ_CTX_nbio(), but on
+// Tries to exchange the request and response with |OCSP_REQ_CTX_nbio|, but on
 // success, it additionally parses the response, which must be a
 // DER-encoded ASN.1 structure.
 int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,

crypto/x509/x_all.c

@@ -67,6 +67,7 @@
 #include <openssl/stack.h>
 
 #include "../asn1/internal.h"
+#include "../ocsp/internal.h"
 #include "internal.h"
 
 
@@ -120,6 +121,11 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) {
                             x->sig_alg, x->signature, x->crl, ctx);
 }
 
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) {
+  return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcrl,
+                               ASN1_ITEM_rptr(X509_CRL));
+}
+
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) {
   return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
                          x->signature, x->spkac, pkey, md));

include/openssl/x509.h

@@ -86,6 +86,7 @@
 #include <openssl/stack.h>
 #include <openssl/thread.h>
 #include <openssl/x509v3_errors.h>  // IWYU pragma: export
+#include "ocsp.h"
 
 #if defined(__cplusplus)
 extern "C" {
@@ -808,6 +809,11 @@ OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
                                                  const uint8_t *sig,
                                                  size_t sig_len);
 
+// X509_CRL_http_nbio calls |OCSP_REQ_CTX_nbio_d2i| to exchange the request
+// via http. On success, it parses the response as a DER-encoded |X509_CRL|
+// ASN.1 structure.
+OPENSSL_EXPORT int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
+
 
 // CRL entries.
 //