Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
| OCSP_REQUEST_NEW(3) | Library Functions Manual | OCSP_REQUEST_NEW(3) |
NAME
OCSP_REQUEST_new,
OCSP_REQUEST_free,
OCSP_SIGNATURE_new,
OCSP_SIGNATURE_free,
OCSP_REQINFO_new,
OCSP_REQINFO_free,
OCSP_ONEREQ_new,
OCSP_ONEREQ_free,
OCSP_request_add0_id,
OCSP_request_sign,
OCSP_request_add1_cert,
OCSP_request_onereq_count,
OCSP_request_onereq_get0 —
OCSP request functions
SYNOPSIS
#include
<openssl/ocsp.h>
OCSP_REQUEST *
OCSP_REQUEST_new(void);
void
OCSP_REQUEST_free(OCSP_REQUEST
*req);
OCSP_SIGNATURE *
OCSP_SIGNATURE_new(void);
void
OCSP_SIGNATURE_free(OCSP_SIGNATURE
*signature);
OCSP_REQINFO *
OCSP_REQINFO_new(void);
void
OCSP_REQINFO_free(OCSP_REQINFO
*reqinfo);
OCSP_ONEREQ *
OCSP_ONEREQ_new(void);
void
OCSP_ONEREQ_free(OCSP_ONEREQ
*onereq);
OCSP_ONEREQ *
OCSP_request_add0_id(OCSP_REQUEST
*req, OCSP_CERTID *cid);
int
OCSP_request_sign(OCSP_REQUEST
*req, X509 *signer,
EVP_PKEY *key,
const EVP_MD *dgst,
STACK_OF(X509) *certs,
unsigned long flags);
int
OCSP_request_add1_cert(OCSP_REQUEST
*req, X509 *cert);
int
OCSP_request_onereq_count(OCSP_REQUEST
*req);
OCSP_ONEREQ *
OCSP_request_onereq_get0(OCSP_REQUEST
*req, int i);
DESCRIPTION
OCSP_REQUEST_new() allocates and initializes
an empty OCSP_REQUEST object, representing an
ASN.1 OCSPRequest structure defined in RFC
6960. OCSP_REQUEST_free() frees
req.
OCSP_SIGNATURE_new() allocates and
initializes an empty OCSP_SIGNATURE object,
representing an ASN.1 Signature structure
defined in RFC 6960. Such an object is used inside
OCSP_REQUEST.
OCSP_SIGNATURE_free() frees
signature.
OCSP_REQINFO_new() allocates and initializes
an empty OCSP_REQINFO object, representing an
ASN.1 TBSRequest structure defined in RFC
6960. Such an object is used inside
OCSP_REQUEST. It asks about the validity of
one or more certificates.
OCSP_REQINFO_free() frees
reqinfo.
OCSP_ONEREQ_new() allocates and initializes
an empty OCSP_ONEREQ object, representing an
ASN.1 Request structure defined in RFC 6960.
Such objects are used inside OCSP_REQINFO.
Each one asks about the validity of one certificate.
OCSP_ONEREQ_free() frees
onereq.
OCSP_request_add0_id() adds certificate ID
cid to req.
It returns the OCSP_ONEREQ object added so an
application can add additional extensions to the request. The
cid parameter must not be freed up after the
operation.
OCSP_request_sign() signs OCSP request
req using certificate
signer, private key
key, digest
dgst, and additional certificates
certs. If the
flags option
OCSP_NOCERTS is set, then no certificates
will be included in the request.
OCSP_request_add1_cert() adds certificate
cert to request
req. The application is responsible for
freeing up cert after use.
OCSP_request_onereq_count() returns the total
number of OCSP_ONEREQ objects in
req.
OCSP_request_onereq_get0() returns an
internal pointer to the OCSP_ONEREQ contained
in req of index
i. The index value
i runs from 0 to
OCSP_request_onereq_count(req)
- 1.
OCSP_request_onereq_count() and
OCSP_request_onereq_get0() are mainly used
by OCSP responders.
RETURN VALUES
OCSP_REQUEST_new(),
OCSP_SIGNATURE_new(),
OCSP_REQINFO_new(), and
OCSP_ONEREQ_new() return an empty
OCSP_REQUEST,
OCSP_SIGNATURE,
OCSP_REQINFO, or
OCSP_ONEREQ object, respectively, or
NULL if an error occurred.
OCSP_request_add0_id() returns the
OCSP_ONEREQ object containing
cid or
NULL if an error occurred.
OCSP_request_sign() and
OCSP_request_add1_cert() return 1 for
success or 0 for failure.
OCSP_request_onereq_count() returns the total
number of OCSP_ONEREQ objects in
req.
OCSP_request_onereq_get0() returns a pointer
to an OCSP_ONEREQ object or
NULL if the index value is out of range.
EXAMPLES
Create an OCSP_REQUEST object for certificate cert with issuer issuer:OCSP_REQUEST *req; OCSP_ID *cid; req = OCSP_REQUEST_new(); if (req == NULL) /* error */ cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); if (cid == NULL) /* error */ if (OCSP_REQUEST_add0_id(req, cid) == NULL) /* error */ /* Do something with req, e.g. query responder */ OCSP_REQUEST_free(req);
SEE ALSO
ACCESS_DESCRIPTION_new(3), crypto(3), d2i_OCSP_REQUEST(3), d2i_OCSP_RESPONSE(3), EVP_DigestInit(3), OCSP_cert_to_id(3), OCSP_CRLID_new(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3), OCSP_SERVICELOC_new(3), X509_ocspid_print(3)STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.1: Request SyntaxHISTORY
These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.| February 19, 2022 | Debian |