DragonFly On-Line Manual Pages
OCSP_SERVICELOC_NE... DragonFly Library Functions Manual OCSP_SERVICELOC_NE...
NAME
OCSP_SERVICELOC_new, OCSP_SERVICELOC_free, OCSP_url_svcloc_new -- OCSP
service locator extension
SYNOPSIS
#include <openssl/ocsp.h>
OCSP_SERVICELOC *
OCSP_SERVICELOC_new(void);
void
OCSP_SERVICELOC_free(OCSP_SERVICELOC *sloc);
X509_EXTENSION *
OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls);
DESCRIPTION
Due to restrictions of network routing, a client may be unable to
directly contact the authoritative OCSP server for a certificate that
needs to be checked. In that case, the request can be sent via a proxy
server. An ASN.1 ServiceLocator structure is included in the sin-
gleRequestExtensions field of the Request structure to indicate where to
forward the request. The ServiceLocator is represented by a
OCSP_SERVICELOC object, which will be stored inside the OCSP_ONEREQ
object documented in OCSP_ONEREQ_new(3).
OCSP_SERVICELOC_new() allocates and initializes an empty OCSP_SERVICELOC
object. OCSP_SERVICELOC_free() frees sloc.
OCSP_url_svcloc_new() requires an issuer name and optionally accepts an
array of urls. If urls or its first element is NULL, the locator field
is omitted from the ServiceLocator structure and only the issuer is
included. The resulting ServiceLocator structure is encoded in ASN.1
using X509V3_EXT_i2d(3) with criticality 0.
RETURN VALUES
OCSP_SERVICELOC_new() returns a new OCSP_SERVICELOC object or NULL if an
error occurred.
OCSP_url_svcloc_new() returns a new X509_EXTENSION object or NULL if an
error occurred.
SEE ALSO
OCSP_REQUEST_new(3), X509_EXTENSION_new(3), X509_get_issuer_name(3),
X509_NAME_new(3)
STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol, section 4.4.6: Service Locator
HISTORY
OCSP_SERVICELOC_new(), OCSP_SERVICELOC_free(), and OCSP_url_svcloc_new()
first appeared in OpenSSL 0.9.7 and have been available since
OpenBSD 3.2.
DragonFly 5.5 May 13, 2018 DragonFly 5.5