NAME
OCSP_REQUEST_new
,
OCSP_REQUEST_free
,
OCSP_SIGNATURE_new
,
OCSP_SIGNATURE_free
,
OCSP_REQINFO_new
,
OCSP_REQINFO_free
,
OCSP_ONEREQ_new
,
OCSP_ONEREQ_free
,
OCSP_request_add0_id
,
OCSP_request_sign
,
OCSP_request_add1_cert
,
OCSP_request_onereq_count
,
OCSP_request_onereq_get0
—
OCSP request functions
SYNOPSIS
#include
<openssl/ocsp.h>
OCSP_REQUEST *
OCSP_REQUEST_new
(void);
void
OCSP_REQUEST_free
(OCSP_REQUEST
*req);
OCSP_SIGNATURE *
OCSP_SIGNATURE_new
(void);
void
OCSP_SIGNATURE_free
(OCSP_SIGNATURE
*signature);
OCSP_REQINFO *
OCSP_REQINFO_new
(void);
void
OCSP_REQINFO_free
(OCSP_REQINFO
*reqinfo);
OCSP_ONEREQ *
OCSP_ONEREQ_new
(void);
void
OCSP_ONEREQ_free
(OCSP_ONEREQ
*onereq);
OCSP_ONEREQ *
OCSP_request_add0_id
(OCSP_REQUEST
*req, OCSP_CERTID *cid);
int
OCSP_request_sign
(OCSP_REQUEST
*req, X509 *signer, EVP_PKEY
*key, const EVP_MD *dgst,
STACK_OF(X509) *certs, unsigned long
flags);
int
OCSP_request_add1_cert
(OCSP_REQUEST
*req, X509 *cert);
int
OCSP_request_onereq_count
(OCSP_REQUEST
*req);
OCSP_ONEREQ *
OCSP_request_onereq_get0
(OCSP_REQUEST
*req, int i);
DESCRIPTION
OCSP_REQUEST_new
()
allocates and initializes an empty OCSP_REQUEST object,
representing an ASN.1 OCSPRequest structure defined in
RFC 6960.
OCSP_REQUEST_free
()
frees req.
OCSP_SIGNATURE_new
()
allocates and initializes an empty OCSP_SIGNATURE
object, representing an ASN.1 Signature structure
defined in RFC 6960. Such an object is used inside
OCSP_REQUEST.
OCSP_SIGNATURE_free
()
frees signature.
OCSP_REQINFO_new
()
allocates and initializes an empty OCSP_REQINFO
object, representing an ASN.1 TBSRequest structure
defined in RFC 6960. Such an object is used inside
OCSP_REQUEST. It asks about the validity of one or
more certificates.
OCSP_REQINFO_free
()
frees reqinfo.
OCSP_ONEREQ_new
()
allocates and initializes an empty OCSP_ONEREQ object,
representing an ASN.1 Request structure defined in RFC
6960. Such objects are used inside OCSP_REQINFO. Each
one asks about the validity of one certificiate.
OCSP_ONEREQ_free
()
frees onereq.
OCSP_request_add0_id
()
adds certificate ID cid to req.
It returns the OCSP_ONEREQ object added so an
application can add additional extensions to the request. The
cid parameter must not be freed up after the
operation.
OCSP_request_sign
()
signs OCSP request req using certificate
signer, private key key, digest
dgst, and additional certificates
certs. If the flags option
OCSP_NOCERTS
is set, then no certificates will be
included in the request.
OCSP_request_add1_cert
()
adds certificate cert to request
req. The application is responsible for freeing up
cert after use.
OCSP_request_onereq_count
()
returns the total number of OCSP_ONEREQ objects in
req.
OCSP_request_onereq_get0
()
returns an internal pointer to the OCSP_ONEREQ
contained in req of index i. The
index value i runs from 0 to
OCSP_request_onereq_count
(req)
- 1.
OCSP_request_onereq_count
()
and OCSP_request_onereq_get0
() are mainly used by
OCSP responders.
RETURN VALUES
OCSP_REQUEST_new
(),
OCSP_SIGNATURE_new
(),
OCSP_REQINFO_new
(), and
OCSP_ONEREQ_new
() return an empty
OCSP_REQUEST, OCSP_SIGNATURE,
OCSP_REQINFO, or OCSP_ONEREQ
object, respectively, or NULL
if an error
occurred.
OCSP_request_add0_id
() returns the
OCSP_ONEREQ object containing
cid or NULL
if an error
occurred.
OCSP_request_sign
() and
OCSP_request_add1_cert
() return 1 for success or 0
for failure.
OCSP_request_onereq_count
() returns the
total number of OCSP_ONEREQ objects in
req.
OCSP_request_onereq_get0
() returns a
pointer to an OCSP_ONEREQ object or
NULL
if the index value is out of range.
EXAMPLES
Create an OCSP_REQUEST object for certificate cert with issuer issuer:
OCSP_REQUEST *req; OCSP_ID *cid; req = OCSP_REQUEST_new(); if (req == NULL) /* error */ cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); if (cid == NULL) /* error */ if (OCSP_REQUEST_add0_id(req, cid) == NULL) /* error */ /* Do something with req, e.g. query responder */ OCSP_REQUEST_free(req);
SEE ALSO
ACCESS_DESCRIPTION_new(3), crypto(3), d2i_OCSP_REQUEST(3), d2i_OCSP_RESPONSE(3), EVP_DigestInit(3), OCSP_cert_to_id(3), OCSP_CRLID_new(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3), OCSP_SERVICELOC_new(3), X509_ocspid_print(3)
STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.1: Request Syntax
HISTORY
These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.