DragonFly On-Line Manual Pages

Search: Section:  

OCSP_SENDREQ_NEW(3)   DragonFly Library Functions Manual   OCSP_SENDREQ_NEW(3)


OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio -- OCSP responder query functions


#include <openssl/ocsp.h> OCSP_REQ_CTX * OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline); int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name, const char *value); int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); OCSP_RESPONSE * OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);


The function OCSP_sendreq_new() returns an OCSP_REQ_CTX structure using the responder io, the URI path path, the OCSP request req and with a response header maximum line length of maxline. If maxline is zero, a default value of 4k is used. The OCSP request req may be set to NULL and provided later if required. The arguments to OCSP_sendreq_new() correspond to the components of the URI. For example, if the responder URI is http://ocsp.com/ocspreq, the BIO io should be connected to host ocsp.com on port 80 and path should be set to "/ocspreq". OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context rctx. When the operation is complete it returns the response in *presp. If OCSP_sendreq_nbio() indicates an operation should be retried, the cor- responding BIO can be examined to determine which operation (read or write) should be retried and appropriate action can be taken, for example a select(2) call on the underlying socket. OCSP_REQ_CTX_free() frees up the OCSP context rctx. OCSP_REQ_CTX_add1_header() adds header name with value value to the con- text rctx. The added headers are of the form "name: value" or just "name" if value is NULL. OCSP_REQ_CTX_add1_header() can be called more than once to add multiple headers. It must be called before any calls to OCSP_sendreq_nbio(). The req parameter in the initial to OCSP_sendreq_new() call must be set to NULL if additional headers are set. OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This func- tion should be called after any calls to OCSP_REQ_CTX_add1_header(). OCSP_sendreq_bio() performs an OCSP request using the responder io, the URI path path, the OCSP request req. It does not support retries and so cannot handle non-blocking I/O efficiently. It is retained for compati- bility and its use in new applications is not recommended.


OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL if an error occurred. OCSP_sendreq_nbio() returns 1 if the operation was completed success- fully, -1 if the operation should be retried, or 0 if an error occurred. OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return 1 for suc- cess or 0 for failure. OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the responder or NULL if an error occurred.


Add a Host header for ocsp.com: OCSP_REQ_CTX_add1_header(ctx, Host, ocsp.com );


OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3)


OCSP_sendreq_bio() first appeared in OpenSSL 0.9.7 and has been available since OpenBSD 3.2. OCSP_sendreq_new(), OCSP_sendreq_nbio(), and OCSP_REQ_CTX_free() first appeared in OpenSSL 0.9.8h and have been available since OpenBSD 4.5. OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.


These functions only perform a minimal HTTP query to a responder. If an application wishes to support more advanced features, it should use an alternative, more complete, HTTP library. Currently only HTTP POST queries to responders are supported. DragonFly 5.5 March 23, 2018 DragonFly 5.5

Search: Section: