From 425644af0f9b704befceb325460b67fbdabd5142 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Thu, 18 Jan 2018 21:20:35 +0000
Subject: [PATCH] Move flag defs for OCSP response vrfy to x509.h

---
 include/mbedtls/x509.h      | 14 ++++++++++++++
 include/mbedtls/x509_ocsp.h |  9 ---------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 88fcddceae..83a6954aac 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -109,7 +109,21 @@
 #define MBEDTLS_X509_BADCRL_BAD_MD           0x020000  /**< The CRL is signed with an unacceptable hash. */
 #define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
 #define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
+/* \} name */
 
+/**
+ * \name X.509 OCSP Verify codes
+ * \{
+ */
+/* Reminder: update x509_ocsp_response_verify_strings[] in library/x509_ocsp.c */
+#define MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE                  0x01  /**< The response validity starts in the future. */
+#define MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS     0x02  /**< The response status is an exception value (i.e it is not 'success'). */
+#define MBEDTLS_X509_BADOCSP_RESPONSE_ISSUER_NOT_TRUSTED      0x04  /**< The response issuer certificate was not found or failed the acceptance requirements. */
+#define MBEDTLS_X509_BADOCSP_RESPONSE_NOT_TRUSTED             0x08  /**< The response is not correctly signed by an authorized responder. */
+#define MBEDTLS_X509_BADOCSP_RESPONSE_INCOMPLETE              0x10  /**< The response does not contain the status of all queried certificates. */
+#define MBEDTLS_X509_BADOCSP_RESPONSE_EXPIRED                 0x20  /**< The response validity has expired. */
+#define MBEDTLS_X509_BADOCSP_RESPONSE_REVOKED_CERT            0x40  /**< The revocation status of at least one queried certificate is 'revoked'. */
+#define MBEDTLS_X509_BADOCSP_RESPONSE_UNKNOWN_CERT            0x80  /**< The revocation status of at least one queried certificate is 'unknown'. */
 /* \} name */
 /* \} addtogroup x509_module */
 
diff --git a/include/mbedtls/x509_ocsp.h b/include/mbedtls/x509_ocsp.h
index fe0e9d91dd..1c63234f35 100644
--- a/include/mbedtls/x509_ocsp.h
+++ b/include/mbedtls/x509_ocsp.h
@@ -53,15 +53,6 @@
 #define MBEDTLS_X509_OCSP_CERT_STATUS_REVOKED               1
 #define MBEDTLS_X509_OCSP_CERT_STATUS_UNKNOWN               2
 
-#define MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE                0x1
-#define MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS   0x2
-#define MBEDTLS_X509_BADOCSP_RESPONSE_ISSUER_NOT_TRUSTED    0x4
-#define MBEDTLS_X509_BADOCSP_RESPONSE_NOT_TRUSTED           0x8
-#define MBEDTLS_X509_BADOCSP_RESPONSE_INCOMPLETE            0x10
-#define MBEDTLS_X509_BADOCSP_RESPONSE_EXPIRED               0x20
-#define MBEDTLS_X509_BADOCSP_RESPONSE_REVOKED_CERT          0x40
-#define MBEDTLS_X509_BADOCSP_RESPONSE_UNKNOWN_CERT          0x80
-
 #if defined(MBEDTLS_X509_OCSP_PARSE_C)
 /**
  * \addtogroup x509_module