NAME

OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_SIGNATURE_new, OCSP_SIGNATURE_free, OCSP_REQINFO_new, OCSP_REQINFO_free, OCSP_ONEREQ_new, OCSP_ONEREQ_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 — OCSP request functions

SYNOPSIS

#include <openssl/ocsp.h> OCSP_REQUEST *
OCSP_REQUEST_new(void); void
OCSP_REQUEST_free(OCSP_REQUEST *req); OCSP_SIGNATURE *
OCSP_SIGNATURE_new(void); void
OCSP_SIGNATURE_free(OCSP_SIGNATURE *signature); OCSP_REQINFO *
OCSP_REQINFO_new(void); void
OCSP_REQINFO_free(OCSP_REQINFO *reqinfo); OCSP_ONEREQ *
OCSP_ONEREQ_new(void); void
OCSP_ONEREQ_free(OCSP_ONEREQ *onereq); OCSP_ONEREQ *
OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); int
OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); int
OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); int
OCSP_request_onereq_count(OCSP_REQUEST *req); OCSP_ONEREQ *
OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);

DESCRIPTION

OCSP_REQUEST_new() allocates and initializes an empty OCSP_REQUEST object, representing an ASN.1 OCSPRequest structure defined in RFC 6960. OCSP_REQUEST_free() frees req. OCSP_SIGNATURE_new() allocates and initializes an empty OCSP_SIGNATURE object, representing an ASN.1 Signature structure defined in RFC 6960. Such an object is used inside OCSP_REQUEST. OCSP_SIGNATURE_free() frees signature. OCSP_REQINFO_new() allocates and initializes an empty OCSP_REQINFO object, representing an ASN.1 TBSRequest structure defined in RFC 6960. Such an object is used inside OCSP_REQUEST. It asks about the validity of one or more certificates. OCSP_REQINFO_free() frees reqinfo. OCSP_ONEREQ_new() allocates and initializes an empty OCSP_ONEREQ object, representing an ASN.1 Request structure defined in RFC 6960. Such objects are used inside OCSP_REQINFO. Each one asks about the validity of one certificate. OCSP_ONEREQ_free() frees onereq. OCSP_request_add0_id() adds certificate ID cid to req. It returns the OCSP_ONEREQ object added so an application can add additional extensions to the request. The cid parameter must not be freed up after the operation. OCSP_request_sign() signs OCSP request req using certificate signer, private key key, digest dgst, and additional certificates certs. If the flags option OCSP_NOCERTS is set, then no certificates will be included in the request. OCSP_request_add1_cert() adds certificate cert to request req. The application is responsible for freeing up cert after use. OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ objects in req. OCSP_request_onereq_get0() returns an internal pointer to the OCSP_ONEREQ contained in req of index i. The index value i runs from 0 to OCSP_request_onereq_count(req) - 1. OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by OCSP responders.

RETURN VALUES

OCSP_REQUEST_new(), OCSP_SIGNATURE_new(), OCSP_REQINFO_new(), and OCSP_ONEREQ_new() return an empty OCSP_REQUEST, OCSP_SIGNATURE, OCSP_REQINFO, or OCSP_ONEREQ object, respectively, or NULL if an error occurred. OCSP_request_add0_id() returns the OCSP_ONEREQ object containing cid or NULL if an error occurred. OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success or 0 for failure. OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ objects in req. OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ object or NULL if the index value is out of range.

EXAMPLES

Create an OCSP_REQUEST object for certificate cert with issuer issuer:

OCSP_REQUEST *req; 
OCSP_ID *cid; 
 
req = OCSP_REQUEST_new(); 
if (req == NULL) 
	/* error */ 
cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); 
if (cid == NULL) 
	/* error */ 
 
if (OCSP_REQUEST_add0_id(req, cid) == NULL) 
	/* error */ 
 
 /* Do something with req, e.g. query responder */ 
 
OCSP_REQUEST_free(req);

SEE ALSO

ACCESS_DESCRIPTION_new(3), crypto(3), d2i_OCSP_REQUEST(3), d2i_OCSP_RESPONSE(3), EVP_DigestInit(3), OCSP_cert_to_id(3), OCSP_CRLID_new(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3), OCSP_SERVICELOC_new(3), X509_ocspid_print(3)

STANDARDS

RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.1: Request Syntax

HISTORY

These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.