NAME

OCSP_RESPONSE_new, OCSP_RESPONSE_free, OCSP_RESPBYTES_new, OCSP_RESPBYTES_free, OCSP_BASICRESP_new, OCSP_BASICRESP_free, OCSP_RESPDATA_new, OCSP_RESPDATA_free, OCSP_RESPID_new, OCSP_RESPID_free, OCSP_response_create, OCSP_response_status, OCSP_response_status_str, OCSP_response_get1_basic, OCSP_basic_sign —

SYNOPSIS

#include <openssl/ocsp.h> OCSP_RESPONSE *
OCSP_RESPONSE_new(void); void
OCSP_RESPONSE_free(OCSP_RESPONSE *resp); OCSP_RESPBYTES *
OCSP_RESPBYTES_new(void); void
OCSP_RESPBYTES_free(OCSP_RESPBYTES *respbytes); OCSP_BASICRESP *
OCSP_BASICRESP_new(void); void
OCSP_BASICRESP_free(OCSP_BASICRESP *bs); OCSP_RESPDATA *
OCSP_RESPDATA_new(void); void
OCSP_RESPDATA_free(OCSP_RESPDATA *respdata); OCSP_RESPID *
OCSP_RESPID_new(void); void
OCSP_RESPID_free(OCSP_RESPID *respid); OCSP_RESPONSE *
OCSP_response_create(int status, OCSP_BASICRESP *bs); int
OCSP_response_status(OCSP_RESPONSE *resp); const char *
OCSP_response_status_str(long code); OCSP_BASICRESP *
OCSP_response_get1_basic(OCSP_RESPONSE *resp); int
OCSP_basic_sign(OCSP_BASICRESP *bs, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);

DESCRIPTION

OCSP_RESPONSE_new() allocates and initializes an empty OCSP_RESPONSE object, representing an ASN.1 OCSPResponse structure defined in RFC 6960. OCSP_RESPONSE_free() frees resp. OCSP_RESPBYTES_new() allocates and initializes an empty OCSP_RESPBYTES object, representing an ASN.1 ResponseBytes structure defined in RFC 6960. Such an object is used inside OCSP_RESPONSE. OCSP_RESPBYTES_free() frees respbytes. OCSP_BASICRESP_new() allocates and initializes an empty OCSP_BASICRESP object, representing an ASN.1 BasicOCSPResponse structure defined in RFC 6960. OCSP_RESPBYTES contains the DER-encoded form of an OCSP_BASICRESP object. OCSP_BASICRESP_free() frees bs. OCSP_RESPDATA_new() allocates and initializes an empty OCSP_RESPDATA object, representing an ASN.1 ResponseData structure defined in RFC 6960. Such an object is used inside OCSP_BASICRESP. OCSP_RESPDATA_free() frees respdata. OCSP_RESPID_new() allocates and initializes an empty OCSP_RESPID object, representing an ASN.1 ResponderID structure defined in RFC 6960. Such an object is used inside OCSP_RESPDATA. OCSP_RESPID_free() frees respid. OCSP_response_create() creates an OCSP_RESPONSE object for status and optionally including the basic response bs. OCSP_response_status() returns the OCSP response status of resp. It returns one of the values OCSP_RESPONSE_STATUS_SUCCESSFUL, OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, OCSP_RESPONSE_STATUS_INTERNALERROR, OCSP_RESPONSE_STATUS_TRYLATER, OCSP_RESPONSE_STATUS_SIGREQUIRED, or OCSP_RESPONSE_STATUS_UNAUTHORIZED. OCSP_response_status_str() converts one of the status codes returned by OCSP_response_status() to a string consisting of one word. OCSP_response_get1_basic() decodes and returns the OCSP_BASICRESP object contained in resp. It is only called if the status of a response is OCSP_RESPONSE_STATUS_SUCCESSFUL. OCSP_basic_sign() signs the OCSP response bs using the certificate signer, the private key key, the digest dgst, and the additional certificates certs. If the flags option OCSP_NOCERTS is set, then no certificates will be included in the request. If the flags option OCSP_RESPID_KEY is set, then the responder is identified by key ID rather than by name.

RETURN VALUES

OCSP_RESPONSE_new() and OCSP_response_create() return a pointer to an OCSP_RESPONSE object or NULL if an error occurred. OCSP_BASICRESP_new() and OCSP_response_get1_basic() return a pointer to an OCSP_BASICRESP object or NULL if an error occurred. OCSP_RESPBYTES_new(), OCSP_RESPDATA_new(), and OCSP_RESPID_new() return a pointer to an empty OCSP_RESPBYTES, OCSP_RESPDATA, or OCSP_RESPID object, respectively, or NULL if an error occurred. OCSP_response_status() returns a status value. OCSP_response_status_str() returns a pointer to a static string. OCSP_basic_sign() return 1 on success or 0 on failure.

SEE ALSO

EVP_DigestInit(3), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_sendreq_new(3)

STANDARDS

RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.2: Response Syntax

HISTORY

These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.