DragonFly On-Line Manual Pages

Search: Section:  

OCSP_CERT_TO_ID(3)    DragonFly Library Functions Manual    OCSP_CERT_TO_ID(3)


NAME

     OCSP_CERTID_new, OCSP_CERTID_free, OCSP_cert_to_id, OCSP_cert_id_new,
     OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info -- OCSP certificate ID
     utility functions


SYNOPSIS

     #include <openssl/ocsp.h>

     OCSP_CERTID *
     OCSP_CERTID_new(void);

     void
     OCSP_CERTID_free(OCSP_CERTID *id);

     OCSP_CERTID *
     OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
	 const X509 *issuer);

     OCSP_CERTID *
     OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,
	 const ASN1_BIT_STRING *issuerKey, const ASN1_INTEGER *serialNumber);

     int
     OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

     int
     OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);

     int
     OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
	 ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial,
	 OCSP_CERTID *cid);


DESCRIPTION

     OCSP_CERTID_new() allocates and initializes an empty OCSP_CERTID object,
     representing an ASN.1 CertID structure defined in RFC 6960.  It can store
     hashes of an issuer's distinguished name and public key together with a
     serial number of a certificate.  It is used by the OCSP_ONEREQ object
     described in OCSP_ONEREQ_new(3) and by the OCSP_SINGLERESP object
     described in OCSP_SINGLERESP_new(3).  OCSP_CERTID_free() frees id.

     OCSP_cert_to_id() creates and returns a new OCSP_CERTID object using mes-
     sage digest dgst for certificate subject with issuer issuer.  If dgst is
     NULL then SHA1 is used.

     OCSP_cert_id_new() creates and returns a new OCSP_CERTID using dgst and
     issuer name issuerName, issuer key hash issuerKey and serial number
     serialNumber.

     OCSP_id_cmp() compares OCSP_CERTID a and b.

     OCSP_id_issuer_cmp() compares only the issuer name of OCSP_CERTID a and
     b.

     OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key
     hash and serial number contained in cid.  If any of the values are not
     required the corresponding parameter can be set to NULL.  The values
     returned by OCSP_id_get0_info() are internal pointers and must not be
     freed up by an application: they will be freed when the corresponding
     OCSP_CERTID object is freed.

     OCSP clients will typically only use OCSP_cert_to_id() or
     OCSP_cert_id_new(): the other functions are used by responder applica-
     tions.


RETURN VALUES

     OCSP_CERTID_new(), OCSP_cert_to_id(), and OCSP_cert_id_new() return
     either a pointer to a valid OCSP_CERTID object or NULL if an error
     occurred.

     OCSP_id_cmp() and OCSP_id_issuer_cmp() return 0 for a match or non-zero
     otherwise.

     OCSP_id_get0_info() returns 1 for success or 0 for failure.


SEE ALSO

     OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3),
     OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3),
     X509_get_issuer_name(3), X509_NAME_new(3)


STANDARDS

     RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
     Status Protocol, section 4: Details of the Protocol


HISTORY

     These functions first appeared in OpenSSL 0.9.7 and have been available
     since OpenBSD 3.2.

DragonFly 5.5			August 24, 2018 		 DragonFly 5.5

Search: Section: