C++ Check OCSP For Cert Revocation



//g++ main.cpp -lcrypto
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/ssl.h>
#include <openssl/crypto.h>
#include <openssl/ocsp.h>
#include <openssl/pem.h>
#include <iostream>
#include <sstream>
#include <vector>
#include <map>
#include <string>
 
using std::cout;
using std::endl;
using std::stringstream;
using std::map;
using std::vector;
using std::string;
 
//----------------------------------------------------------------------
vector<string> ocsp_urls(X509 *x509)
{
    vector<string> list;
    STACK_OF(OPENSSL_STRING) *ocsp_list = X509_get1_ocsp(x509);
    for (int j = 0; j < sk_OPENSSL_STRING_num(ocsp_list); j++)
    {
        list.push_back( string( sk_OPENSSL_STRING_value(ocsp_list, j) ) ); 
    }
    X509_email_free(ocsp_list);
    return list;
}
//----------------------------------------------------------------------
int prepareRequest(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer,
                STACK_OF(OCSP_CERTID) *ids)
{
    OCSP_CERTID *id;
    if(!issuer)
        {
        std::cerr << "No issuer certificate specified" << endl;
        //BIO_printf(bio_err, "No issuer certificate specified\n");
        return 0;
        }
    if(!*req) *req = OCSP_REQUEST_new();
    if(!*req) goto err;
    id = OCSP_cert_to_id(cert_id_md, cert, issuer);
    if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
    if(!OCSP_request_add0_id(*req, id)) goto err;
    return 1;
 
    err:
        std::cerr << "Error Creating OCSP request" << endl;
        //BIO_printf(bio_err, "Error Creating OCSP request\n");
    return 0;
}
//----------------------------------------------------------------------
OCSP_RESPONSE * queryResponder(BIO *err, BIO *cbio, char *path,
                char *host, OCSP_REQUEST *req, int req_timeout)
{
    int fd;
    int rv;
    int i;
    OCSP_REQ_CTX *ctx = NULL;
    OCSP_RESPONSE *rsp = NULL;
    fd_set confds;
    struct timeval tv;
 
    if (req_timeout != -1)
        BIO_set_nbio(cbio, 1);
 
    rv = BIO_do_connect(cbio);
 
    if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
        {
        std::cerr << "Error connecting BIO" << endl;
        return NULL;
        }
 
    if (BIO_get_fd(cbio, &fd) <= 0)
        {
        std::cerr << "Can't get connection fd" << endl;
        goto err;
        }
 
    if (req_timeout != -1 && rv <= 0)
        {
        FD_ZERO(&confds);
        FD_SET(fd, &confds);
        tv.tv_usec = 0;
        tv.tv_sec = req_timeout;
        rv = select(fd + 1, NULL, &confds, NULL, &tv);
        if (rv == 0)
            {
            std::cerr << "Timeout on connect" << endl;
            //BIO_puts(err, "Timeout on connect\n");
            return NULL;
            }
        }
 
    ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
    if (!ctx)
        return NULL;
 
    if (!OCSP_REQ_CTX_add1_header(ctx, "Host", host))
        goto err;
 
    if (!OCSP_REQ_CTX_set1_req(ctx, req))
        goto err;
 
    for (;;)
        {
        rv = OCSP_sendreq_nbio(&rsp, ctx);
        if (rv != -1)
            break;
        if (req_timeout == -1)
            continue;
        FD_ZERO(&confds);
        FD_SET(fd, &confds);
        tv.tv_usec = 0;
        tv.tv_sec = req_timeout;
        if (BIO_should_read(cbio))
            rv = select(fd + 1, &confds, NULL, NULL, &tv);
        else if (BIO_should_write(cbio))
            rv = select(fd + 1, NULL, &confds, NULL, &tv);
        else
            {
            std::cerr << "Unexpected retry condition" << endl;
            goto err;
            }
        if (rv == 0)
            {
            std::cerr << "Timeout on request" << endl;
            break;
            }
        if (rv == -1)
            {
            std::cerr << "Select error" << endl;
            break;
            }
 
        }
    err:
    if (ctx)
        OCSP_REQ_CTX_free(ctx);
 
    return rsp;
}
//----------------------------------------------------------------------
OCSP_RESPONSE * sendRequest(BIO *err, OCSP_REQUEST *req,
            char *host, char *path, char *port, int use_ssl,
            int req_timeout)
{
    BIO *cbio = NULL;
    OCSP_RESPONSE *resp = NULL;
    cbio = BIO_new_connect(host);
    if (cbio && port && use_ssl==0)
    {
        BIO_set_conn_port(cbio, port);
        resp = queryResponder(err, cbio, path, host, req, req_timeout);
        if (!resp)
            std::cerr << "Error querying OCSP responder" << endl;
    }
    if (cbio)
        BIO_free_all(cbio);
    return resp;
}
//----------------------------------------------------------------------
int parseResponse(OCSP_RESPONSE *resp)
{
    int is_revoked = -1;
    OCSP_RESPBYTES *rb = resp->responseBytes;
    if (rb && OBJ_obj2nid(rb->responseType) == NID_id_pkix_OCSP_basic)
    {
        OCSP_BASICRESP *br = OCSP_response_get1_basic(resp);
        OCSP_RESPDATA  *rd = br->tbsResponseData;
 
        for (int i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
        {
            OCSP_SINGLERESP *single = sk_OCSP_SINGLERESP_value(rd->responses, i);
            OCSP_CERTID *cid = single->certId;
            OCSP_CERTSTATUS *cst = single->certStatus;
            if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
            {
                is_revoked = 1;
            }
            else if (cst->type == V_OCSP_CERTSTATUS_GOOD)
            {
                is_revoked = 0;
            }
        }
        OCSP_BASICRESP_free(br);
    }
    return is_revoked;
}
//----------------------------------------------------------------------
int checkCertOCSP(X509 *x509, X509 *issuer)
{
    int is_revoked=-1;
 
    BIO *bio_out = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
    BIO *bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 
    if (issuer)
    {
        //build ocsp request
        OCSP_REQUEST *req = NULL;
        STACK_OF(CONF_VALUE) *headers = NULL;
        STACK_OF(OCSP_CERTID) *ids = sk_OCSP_CERTID_new_null();
        const EVP_MD *cert_id_md = EVP_sha1();
        prepareRequest(&req, x509, cert_id_md, issuer, ids);
 
        //loop through OCSP urls
        STACK_OF(OPENSSL_STRING) *ocsp_list = X509_get1_ocsp(x509);
        for (int j = 0; j < sk_OPENSSL_STRING_num(ocsp_list) && is_revoked==-1; j++)
        {
            char *host = NULL, *port = NULL, *path = NULL; 
            int use_ssl, req_timeout = 30;
            string ocsp_url0 = string( sk_OPENSSL_STRING_value(ocsp_list, j) );
 
            char *ocsp_url = sk_OPENSSL_STRING_value(ocsp_list, j);
            if (OCSP_parse_url(ocsp_url, &host, &port, &path, &use_ssl) && !use_ssl)
            {
                //send ocsp request
                OCSP_RESPONSE *resp = sendRequest(bio_err, req, host, path, port, use_ssl, req_timeout);
                if (resp)
                {
                                        //see crypto/ocsp/ocsp_prn.c for examples parsing OCSP responses
                    int responder_status = OCSP_response_status(resp);
 
                    //parse response
                    if (resp && responder_status == OCSP_RESPONSE_STATUS_SUCCESSFUL)
                    {
                        is_revoked = parseResponse(resp);
                    }
                    OCSP_RESPONSE_free(resp);
                }
            }
            OPENSSL_free(host);
            OPENSSL_free(path);
            OPENSSL_free(port);
        }
        X509_email_free(ocsp_list);
        OCSP_REQUEST_free(req);
    }
 
    BIO_free(bio_out);
    BIO_free(bio_err);
    return is_revoked;
}
//----------------------------------------------------------------------
string commonName(X509 *x509)
{
    X509_NAME *subject = X509_get_subject_name(x509);
    int subject_position = X509_NAME_get_index_by_NID(subject, NID_commonName, 0);
    X509_NAME_ENTRY *entry = subject_position==-1 ? NULL : X509_NAME_get_entry(subject, subject_position);
    ASN1_STRING *d = X509_NAME_ENTRY_get_data(entry);
    return string( (char*)ASN1_STRING_data(d), ASN1_STRING_length(d) );
}
//----------------------------------------------------------------------
void isRevokedByOCSP(const char cert_bytes[], const char issuer_bytes[])
{
    BIO *bio_mem1 = BIO_new(BIO_s_mem());
    BIO *bio_mem2 = BIO_new(BIO_s_mem());
    BIO_puts(bio_mem1, cert_bytes);
    BIO_puts(bio_mem2, issuer_bytes);
    X509 * x509 = PEM_read_bio_X509(bio_mem1, NULL, NULL, NULL);
    X509 * issuer = PEM_read_bio_X509(bio_mem2, NULL, NULL, NULL);
    cout << commonName(x509) << " certificate, ";
    cout << "isRevokedByOCSP: " << checkCertOCSP(x509, issuer) << endl;
    BIO_free(bio_mem1);
    BIO_free(bio_mem2);
    X509_free(x509);
    X509_free(issuer);
}
//----------------------------------------------------------------------
 
 
 
 
//----------------------------------------------------------------------
int main(int argc, char **argv)
{
    OpenSSL_add_all_algorithms();
 
    const char cert1_bytes[] = "-----BEGIN CERTIFICATE-----" "\n"
"MIIDszCCAzigAwIBAgIQDGv40oFewTIKpCtIVTYSOTAKBggqhkjOPQQDAjBMMQsw" "\n"
"CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSYwJAYDVQQDEx1EaWdp" "\n"
"Q2VydCBFQ0MgU2VjdXJlIFNlcnZlciBDQTAeFw0xNTA3MjgwMDAwMDBaFw0xNjA5" "\n"
"MzAxMjAwMDBaMHQxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4G" "\n"
"A1UEBxMHQ2hpY2FnbzEoMCYGA1UEChMfWmFja3MgSW52ZXN0bWVudCBSZXNlYXJj" "\n"
"aCwgSW5jLjEWMBQGA1UEAxMNd3d3LnphY2tzLmNvbTBZMBMGByqGSM49AgEGCCqG" "\n"
"SM49AwEHA0IABOYOkwbEkkL/xKRUFV8xIfXYm5G/CnwpopbjZaLki/buATo2eSNd" "\n"
"0gPYzhzrfpd9HWV34Z/kO/yocvpbOTFrNDijggHSMIIBzjAfBgNVHSMEGDAWgBSj" "\n"
"neYf+do5T8Bu6JHLlaXaMeIKnzAdBgNVHQ4EFgQUtGr+7XN7qK4ZmnEDBNn7V+YI" "\n"
"QU0wIwYDVR0RBBwwGoINd3d3LnphY2tzLmNvbYIJemFja3MuY29tMA4GA1UdDwEB" "\n"
"/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwaQYDVR0fBGIw" "\n"
"YDAuoCygKoYoaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2EtZWNjLWcxLmNy" "\n"
"bDAuoCygKoYoaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2EtZWNjLWcxLmNy" "\n"
"bDBCBgNVHSAEOzA5MDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczov" "\n"
"L3d3dy5kaWdpY2VydC5jb20vQ1BTMHsGCCsGAQUFBwEBBG8wbTAkBggrBgEFBQcw" "\n"
"AYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEUGCCsGAQUFBzAChjlodHRwOi8v" "\n"
"Y2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRFQ0NTZWN1cmVTZXJ2ZXJDQS5j" "\n"
"cnQwDAYDVR0TAQH/BAIwADAKBggqhkjOPQQDAgNpADBmAjEA2vqnY3CyBs18df3H" "\n"
"h+DJBj8t91Ix6DKdJdrJg/HiPtg9EwQ8TRwZ5Fg4HgTmNaTiAjEAxzYXnrz9tK9N" "\n"
"DEh5AG+tvna+rzsBwEAh/rBPXeFQx2uCt9deviww57Eg4pSx5cBL" "\n"
"-----END CERTIFICATE-----" "\n";
 
    const char issuer1_bytes[] = "-----BEGIN CERTIFICATE-----" "\n"
"MIIDrDCCApSgAwIBAgIQCssoukZe5TkIdnRw883GEjANBgkqhkiG9w0BAQwFADBh" "\n"
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3" "\n"
"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD" "\n"
"QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaMEwxCzAJBgNVBAYTAlVT" "\n"
"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJjAkBgNVBAMTHURpZ2lDZXJ0IEVDQyBT" "\n"
"ZWN1cmUgU2VydmVyIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE4ghC6nfYJN6g" "\n"
"LGSkE85AnCNyqQIKDjc/ITa4jVMU9tWRlUvzlgKNcR7E2Munn17voOZ/WpIRllNv" "\n"
"68DLP679Wz9HJOeaBy6Wvqgvu1cYr3GkvXg6HuhbPGtkESvMNCuMo4IBITCCAR0w" "\n"
"EgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEE" "\n"
"KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQgYDVR0f" "\n"
"BDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xv" "\n"
"YmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc" "\n"
"aHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUo53mH/naOU/A" "\n"
"buiRy5Wl2jHiCp8wHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJ" "\n"
"KoZIhvcNAQEMBQADggEBAMeKoENL7HTJxavVHzA1Nm6YVntIrAVjrnuaVyRXzG/6" "\n"
"3qttnMe2uuzO58pzZNvfBDcKAEmzP58mrZGMIOgfiA4q+2Y3yDDo0sIkp0VILeoB" "\n"
"UEoxlBPfjV/aKrtJPGHzecicZpIalir0ezZYoyxBEHQa0+1IttK7igZFcTMQMHp6" "\n"
"mCHdJLnsnLWSB62DxsRq+HfmNb4TDydkskO/g+l3VtsIh5RHFPVfKK+jaEyDj2D3" "\n"
"loB5hWp2Jp2VDCADjT7ueihlZGak2YPqmXTNbk19HOuNssWvFhtOyPNV6og4ETQd" "\n"
"Ea8/B6hPatJ0ES8q/HO3X8IVQwVs1n3aAr0im0/T+Xc=" "\n"
"-----END CERTIFICATE-----" "\n";
 
    const char cert2_bytes[] = "-----BEGIN CERTIFICATE-----" "\n"
"MIIFCjCCA/KgAwIBAgIQdPwLZPmx/EfhJqUTOWRNaTANBgkqhkiG9w0BAQUFADBz" "\n"
"MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD" "\n"
"VQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEZMBcGA1UE" "\n"
"AxMQUG9zaXRpdmVTU0wgQ0EgMjAeFw0xNDAzMTEwMDAwMDBaFw0xOTAzMTAyMzU5" "\n"
"NTlaMFYxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UE" "\n"
"CxMLUG9zaXRpdmVTU0wxGzAZBgNVBAMTEm96Y29tcHV0ZXJzLmNvbS5hdTCCASIw" "\n"
"DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmybPUeo6tsDuuXNJ2uatedHZCR" "\n"
"duHtcTXTzURJ6yIUdwVJ4gkI+0w/gqVRBEA748M1boYeBWJOeMdyTjpkopqJD49S" "\n"
"BOSi2MhEEmfXQpKXmFz6n0WKaHnn8Aa1Vlo1+EEzskJ8KFY0j5VEG/itCvBhXd1j" "\n"
"xN7GzCqh62M7CpIprpfzHXj8cv7HQ1H57mMosLYo6dmBUfDfuBqHxy64vl06B3DI" "\n"
"Z9+3fZl30PQb2dpHywkAvg1gmI0BhJK+ONdz0oEhniNFS67FMbomNr3VAsy32sNG" "\n"
"6pIn72r/iynXCt8EeC8HsIzcVZRSnpKWUPBc4qsXh2vXb8Emg6pXm7PDrRECAwEA" "\n"
"AaOCAbUwggGxMB8GA1UdIwQYMBaAFJnkQF9rFF4+Bdnd02NU/GK49wCsMB0GA1Ud" "\n"
"DgQWBBTq+Z3M1D1E/IAZSABGYIQwJw5uKzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T" "\n"
"AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwUAYDVR0gBEkw" "\n"
"RzA7BgsrBgEEAbIxAQICBzAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnBvc2l0" "\n"
"aXZlc3NsLmNvbS9DUFMwCAYGZ4EMAQIBMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6" "\n"
"Ly9jcmwuY29tb2RvY2EuY29tL1Bvc2l0aXZlU1NMQ0EyLmNybDBsBggrBgEFBQcB" "\n"
"AQRgMF4wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL1Bvc2l0" "\n"
"aXZlU1NMQ0EyLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2Eu" "\n"
"Y29tMDUGA1UdEQQuMCyCEm96Y29tcHV0ZXJzLmNvbS5hdYIWd3d3Lm96Y29tcHV0" "\n"
"ZXJzLmNvbS5hdTANBgkqhkiG9w0BAQUFAAOCAQEA45yd7ccirosItEYH9pP/GEBu" "\n"
"Zllsb3vPTZa/DcEq2hY+Hwuc+Dd6caJp9hwQIEXKgb1CJb1xNpAUnmaeH5jyOhXp" "\n"
"AobpC/hfstgiiOGrPF2bp2lx33pi6uyLjtPS8WQK1bXJbO8FJoNRZc+nbswU0asq" "\n"
"HdG4Su9fNjfBs8V4TW9X7kItOqpslNHyaS2TUF1aJWVFcORez5S1O/WiXZMP6yGt" "\n"
"ars8VZh8eHoy+TSwS7lrjBFEq4QXvaYf1L8RBLWF+uLWk5RJr9UA0H/G+CP+G1Mw" "\n"
"fHi5+er4glz2RtZFbo1xQjSPzvjBbZ6RPVurMQ+ukKN1G2rMJeBykgB9gl5Tiw==" "\n"
"-----END CERTIFICATE-----" "\n";
 
    const char issuer2_bytes[] = "-----BEGIN CERTIFICATE-----" "\n"
"MIIE5TCCA82gAwIBAgIQB28SRoFFnCjVSNaXxA4AGzANBgkqhkiG9w0BAQUFADBv" "\n"
"MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk" "\n"
"ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF" "\n"
"eHRlcm5hbCBDQSBSb290MB4XDTEyMDIxNjAwMDAwMFoXDTIwMDUzMDEwNDgzOFow" "\n"
"czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G" "\n"
"A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV" "\n"
"BAMTEFBvc2l0aXZlU1NMIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK" "\n"
"AoIBAQDo6jnjIqaqucQA0OeqZztDB71Pkuu8vgGjQK3g70QotdA6voBUF4V6a4Rs" "\n"
"NjbloyTi/igBkLzX3Q+5K05IdwVpr95XMLHo+xoD9jxbUx6hAUlocnPWMytDqTcy" "\n"
"Ug+uJ1YxMGCtyb1zLDnukNh1sCUhYHsqfwL9goUfdE+SNHNcHQCgsMDqmOK+ARRY" "\n"
"FygiinddUCXNmmym5QzlqyjDsiCJ8AckHpXCLsDl6ez2PRIHSD3SwyNWQezT3zVL" "\n"
"yOf2hgVSEEOajBd8i6q8eODwRTusgFX+KJPhChFo9FJXb/5IC1tdGmpnc5mCtJ5D" "\n"
"YD7HWyoSbhruyzmuwzWdqLxdsC/DAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBSt" "\n"
"vZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUmeRAX2sUXj4F2d3TY1T8Yrj3" "\n"
"AKwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAow" "\n"
"CDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0" "\n"
"LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYIKwYBBQUHAQEEgaYw" "\n"
"gaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9BZGRUcnVz" "\n"
"dEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0cDovL2NydC51c2Vy" "\n"
"dHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRw" "\n"
"Oi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCcNuNOrvGK" "\n"
"u2yXjI9LZ9Cf2ISqnyFfNaFbxCtjDei8d12nxDf9Sy2e6B1pocCEzNFti/OBy59L" "\n"
"dLBJKjHoN0DrH9mXoxoR1Sanbg+61b4s/bSRZNy+OxlQDXqV8wQTqbtHD4tc0azC" "\n"
"e3chUN1bq+70ptjUSlNrTa24yOfmUlhNQ0zCoiNPDsAgOa/fT0JbHtMJ9BgJWSrZ" "\n"
"6EoYvzL7+i1ki4fKWyvouAt+vhcSxwOCKa9Yr4WEXT0K3yNRw82vEL+AaXeRCk/l" "\n"
"uuGtm87fM04wO+mPZn+C+mv626PAcwDj1hKvTfIPWhRRH224hoFiB85ccsJP81cq" "\n"
"cdnUl4XmGFO3" "\n"
"-----END CERTIFICATE-----" "\n";
 
    isRevokedByOCSP(cert1_bytes, issuer1_bytes);
    isRevokedByOCSP(cert2_bytes, issuer2_bytes);
}
//----------------------------------------------------------------------