Sortix volatile manual
This manual documents Sortix volatile, a development build that has not been officially released. You can instead view this document in the latest official manual.
| OCSP_REQUEST_NEW(3) | Library Functions Manual | OCSP_REQUEST_NEW(3) |
NAME
OCSP_REQUEST_new,
OCSP_REQUEST_free,
OCSP_SIGNATURE_new,
OCSP_SIGNATURE_free,
OCSP_REQINFO_new,
OCSP_REQINFO_free,
OCSP_ONEREQ_new,
OCSP_ONEREQ_free,
OCSP_request_add0_id,
OCSP_request_sign,
OCSP_request_add1_cert,
OCSP_request_onereq_count,
OCSP_request_onereq_get0 —
OCSP request functions
SYNOPSIS
#include
<openssl/ocsp.h>
OCSP_REQUEST *
OCSP_REQUEST_new(void);
void
OCSP_REQUEST_free(OCSP_REQUEST
*req);
OCSP_SIGNATURE *
OCSP_SIGNATURE_new(void);
void
OCSP_SIGNATURE_free(OCSP_SIGNATURE
*signature);
OCSP_REQINFO *
OCSP_REQINFO_new(void);
void
OCSP_REQINFO_free(OCSP_REQINFO
*reqinfo);
OCSP_ONEREQ *
OCSP_ONEREQ_new(void);
void
OCSP_ONEREQ_free(OCSP_ONEREQ
*onereq);
OCSP_ONEREQ *
OCSP_request_add0_id(OCSP_REQUEST
*req, OCSP_CERTID *cid);
int
OCSP_request_sign(OCSP_REQUEST
*req, X509 *signer, EVP_PKEY
*key, const EVP_MD *dgst,
STACK_OF(X509) *certs, unsigned long
flags);
int
OCSP_request_add1_cert(OCSP_REQUEST
*req, X509 *cert);
int
OCSP_request_onereq_count(OCSP_REQUEST
*req);
OCSP_ONEREQ *
OCSP_request_onereq_get0(OCSP_REQUEST
*req, int i);
DESCRIPTION
OCSP_REQUEST_new()
allocates and initializes an empty OCSP_REQUEST
object, representing an ASN.1 OCSPRequest structure
defined in RFC 6960.
OCSP_REQUEST_free()
frees req.
OCSP_SIGNATURE_new()
allocates and initializes an empty OCSP_SIGNATURE
object, representing an ASN.1 Signature structure
defined in RFC 6960. Such an object is used inside
OCSP_REQUEST.
OCSP_SIGNATURE_free()
frees signature.
OCSP_REQINFO_new()
allocates and initializes an empty OCSP_REQINFO
object, representing an ASN.1 TBSRequest structure
defined in RFC 6960. Such an object is used inside
OCSP_REQUEST. It asks about the validity of one or
more certificates.
OCSP_REQINFO_free()
frees reqinfo.
OCSP_ONEREQ_new()
allocates and initializes an empty OCSP_ONEREQ object,
representing an ASN.1 Request structure defined in RFC
6960. Such objects are used inside OCSP_REQINFO. Each
one asks about the validity of one certificate.
OCSP_ONEREQ_free()
frees onereq.
OCSP_request_add0_id()
adds certificate ID cid to req.
It returns the OCSP_ONEREQ object added so an
application can add additional extensions to the request. The
cid parameter must not be freed up after the
operation.
OCSP_request_sign()
signs OCSP request req using certificate
signer, private key key, digest
dgst, and additional certificates
certs. If the flags option
OCSP_NOCERTS is set, then no certificates will be
included in the request.
OCSP_request_add1_cert()
adds certificate cert to request
req. The application is responsible for freeing up
cert after use.
OCSP_request_onereq_count()
returns the total number of OCSP_ONEREQ objects in
req.
OCSP_request_onereq_get0()
returns an internal pointer to the OCSP_ONEREQ
contained in req of index i. The
index value i runs from 0 to
OCSP_request_onereq_count(req)
- 1.
OCSP_request_onereq_count()
and OCSP_request_onereq_get0() are mainly used by
OCSP responders.
RETURN VALUES
OCSP_REQUEST_new(),
OCSP_SIGNATURE_new(),
OCSP_REQINFO_new(), and
OCSP_ONEREQ_new() return an empty
OCSP_REQUEST, OCSP_SIGNATURE,
OCSP_REQINFO, or OCSP_ONEREQ
object, respectively, or NULL if an error
occurred.
OCSP_request_add0_id() returns the
OCSP_ONEREQ object containing
cid or NULL if an error
occurred.
OCSP_request_sign() and
OCSP_request_add1_cert() return 1 for success or 0
for failure.
OCSP_request_onereq_count() returns the
total number of OCSP_ONEREQ objects in
req.
OCSP_request_onereq_get0() returns a
pointer to an OCSP_ONEREQ object or
NULL if the index value is out of range.
EXAMPLES
Create an OCSP_REQUEST object for certificate cert with issuer issuer:
OCSP_REQUEST *req; OCSP_ID *cid; req = OCSP_REQUEST_new(); if (req == NULL) /* error */ cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); if (cid == NULL) /* error */ if (OCSP_REQUEST_add0_id(req, cid) == NULL) /* error */ /* Do something with req, e.g. query responder */ OCSP_REQUEST_free(req);
SEE ALSO
ACCESS_DESCRIPTION_new(3), crypto(3), d2i_OCSP_REQUEST(3), d2i_OCSP_RESPONSE(3), EVP_DigestInit(3), OCSP_cert_to_id(3), OCSP_CRLID_new(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3), OCSP_SERVICELOC_new(3), X509_ocspid_print(3)
STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.1: Request Syntax
HISTORY
These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.
| February 19, 2022 | Sortix 1.1.0-dev |