DragonFly On-Line Manual Pages
OCSP_SENDREQ_NEW(3) DragonFly Library Functions Manual OCSP_SENDREQ_NEW(3)
NAME
OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio -- OCSP
responder query functions
SYNOPSIS
#include <openssl/ocsp.h>
OCSP_REQ_CTX *
OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
int maxline);
int
OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
void
OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
int
OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name,
const char *value);
int
OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
OCSP_RESPONSE *
OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
DESCRIPTION
The function OCSP_sendreq_new() returns an OCSP_REQ_CTX structure using
the responder io, the URI path path, the OCSP request req and with a
response header maximum line length of maxline. If maxline is zero, a
default value of 4k is used. The OCSP request req may be set to NULL and
provided later if required.
The arguments to OCSP_sendreq_new() correspond to the components of the
URI. For example, if the responder URI is http://ocsp.com/ocspreq, the
BIO io should be connected to host ocsp.com on port 80 and path should be
set to "/ocspreq".
OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context
rctx. When the operation is complete it returns the response in *presp.
If OCSP_sendreq_nbio() indicates an operation should be retried, the cor-
responding BIO can be examined to determine which operation (read or
write) should be retried and appropriate action can be taken, for example
a select(2) call on the underlying socket.
OCSP_REQ_CTX_free() frees up the OCSP context rctx.
OCSP_REQ_CTX_add1_header() adds header name with value value to the con-
text rctx. The added headers are of the form "name: value" or just
"name" if value is NULL. OCSP_REQ_CTX_add1_header() can be called more
than once to add multiple headers. It must be called before any calls to
OCSP_sendreq_nbio(). The req parameter in the initial to
OCSP_sendreq_new() call must be set to NULL if additional headers are
set.
OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This func-
tion should be called after any calls to OCSP_REQ_CTX_add1_header().
OCSP_sendreq_bio() performs an OCSP request using the responder io, the
URI path path, the OCSP request req. It does not support retries and so
cannot handle non-blocking I/O efficiently. It is retained for compati-
bility and its use in new applications is not recommended.
RETURN VALUES
OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL if an
error occurred.
OCSP_sendreq_nbio() returns 1 if the operation was completed success-
fully, -1 if the operation should be retried, or 0 if an error occurred.
OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return 1 for suc-
cess or 0 for failure.
OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the
responder or NULL if an error occurred.
EXAMPLES
Add a Host header for ocsp.com:
OCSP_REQ_CTX_add1_header(ctx, Host, ocsp.com );
SEE ALSO
OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3),
OCSP_resp_find_status(3), OCSP_response_status(3)
HISTORY
OCSP_sendreq_bio() first appeared in OpenSSL 0.9.7 and has been available
since OpenBSD 3.2.
OCSP_sendreq_new(), OCSP_sendreq_nbio(), and OCSP_REQ_CTX_free() first
appeared in OpenSSL 0.9.8h and have been available since OpenBSD 4.5.
OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() first appeared in
OpenSSL 1.0.0 and have been available since OpenBSD 4.9.
CAVEATS
These functions only perform a minimal HTTP query to a responder. If an
application wishes to support more advanced features, it should use an
alternative, more complete, HTTP library.
Currently only HTTP POST queries to responders are supported.
DragonFly 5.5 March 23, 2018 DragonFly 5.5