DragonFly On-Line Manual Pages

Search: Section:  


OCSP_REQUEST_NEW(3)   DragonFly Library Functions Manual   OCSP_REQUEST_NEW(3)

NAME

OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_SIGNATURE_new, OCSP_SIGNATURE_free, OCSP_REQINFO_new, OCSP_REQINFO_free, OCSP_ONEREQ_new, OCSP_ONEREQ_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 -- OCSP request functions

SYNOPSIS

#include <openssl/ocsp.h> OCSP_REQUEST * OCSP_REQUEST_new(void); void OCSP_REQUEST_free(OCSP_REQUEST *req); OCSP_SIGNATURE * OCSP_SIGNATURE_new(void); void OCSP_SIGNATURE_free(OCSP_SIGNATURE *signature); OCSP_REQINFO * OCSP_REQINFO_new(void); void OCSP_REQINFO_free(OCSP_REQINFO *reqinfo); OCSP_ONEREQ * OCSP_ONEREQ_new(void); void OCSP_ONEREQ_free(OCSP_ONEREQ *onereq); OCSP_ONEREQ * OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); int OCSP_request_onereq_count(OCSP_REQUEST *req); OCSP_ONEREQ * OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);

DESCRIPTION

OCSP_REQUEST_new() allocates and initializes an empty OCSP_REQUEST object, representing an ASN.1 OCSPRequest structure defined in RFC 6960. OCSP_REQUEST_free() frees req. OCSP_SIGNATURE_new() allocates and initializes an empty OCSP_SIGNATURE object, representing an ASN.1 Signature structure defined in RFC 6960. Such an object is used inside OCSP_REQUEST. OCSP_SIGNATURE_free() frees signature. OCSP_REQINFO_new() allocates and initializes an empty OCSP_REQINFO object, representing an ASN.1 TBSRequest structure defined in RFC 6960. Such an object is used inside OCSP_REQUEST. It asks about the validity of one or more certificates. OCSP_REQINFO_free() frees reqinfo. OCSP_ONEREQ_new() allocates and initializes an empty OCSP_ONEREQ object, representing an ASN.1 Request structure defined in RFC 6960. Such objects are used inside OCSP_REQINFO. Each one asks about the validity of one certificiate. OCSP_ONEREQ_free() frees onereq. OCSP_request_add0_id() adds certificate ID cid to req. It returns the OCSP_ONEREQ object added so an application can add additional extensions to the request. The cid parameter must not be freed up after the opera- tion. OCSP_request_sign() signs OCSP request req using certificate signer, pri- vate key key, digest dgst, and additional certificates certs. If the flags option OCSP_NOCERTS is set, then no certificates will be included in the request. OCSP_request_add1_cert() adds certificate cert to request req. The application is responsible for freeing up cert after use. OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ objects in req. OCSP_request_onereq_get0() returns an internal pointer to the OCSP_ONEREQ contained in req of index i. The index value i runs from 0 to OCSP_request_onereq_count(req) - 1. OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by OCSP responders.

RETURN VALUES

OCSP_REQUEST_new(), OCSP_SIGNATURE_new(), OCSP_REQINFO_new(), and OCSP_ONEREQ_new() return an empty OCSP_REQUEST, OCSP_SIGNATURE, OCSP_REQINFO, or OCSP_ONEREQ object, respectively, or NULL if an error occurred. OCSP_request_add0_id() returns the OCSP_ONEREQ object containing cid or NULL if an error occurred. OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success or 0 for failure. OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ objects in req. OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ object or NULL if the index value is out of range.

EXAMPLES

Create an OCSP_REQUEST object for certificate cert with issuer issuer: OCSP_REQUEST *req; OCSP_ID *cid; req = OCSP_REQUEST_new(); if (req == NULL) /* error */ cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); if (cid == NULL) /* error */ if (OCSP_REQUEST_add0_id(req, cid) == NULL) /* error */ /* Do something with req, e.g. query responder */ OCSP_REQUEST_free(req);

SEE ALSO

ACCESS_DESCRIPTION_new(3), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3), OCSP_SERVICELOC_new(3)

STANDARDS

RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.1: Request Syntax

HISTORY

These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2. DragonFly 5.5 March 22, 2018 DragonFly 5.5

Search: Section: