NAME¶

OCSP_CRLID_new, OCSP_CRLID_free, OCSP_crlID_new — OCSP CRL extension

SYNOPSIS¶

#include <openssl/ocsp.h>

OCSP_CRLID *
OCSP_CRLID_new(void);

void
OCSP_CRLID_free(OCSP_CRLID *crlid);

X509_EXTENSION *
OCSP_crlID_new(const char *url, long *number, char *time);

DESCRIPTION¶

If a client asks about the validity of a certificate and it turns out to be invalid, the responder may optionally communicate which certificate revocation list the certificate was found on. The required data is stored as an ASN.1 CrlID structure in the singleExtensions field of the SingleResponse structure. The CrlID is represented by an OCSP_CRLID object, which will be stored inside the OCSP_SINGLERESP object documented in OCSP_SINGLERESP_new(3).

OCSP_CRLID_new() allocates and initializes an empty OCSP_CRLID object. OCSP_CRLID_free() frees crlid.

OCSP_crlID_new() accepts the url at which the CRL is available, the CRL number, and/or the time at which the CRL was created. Each argument can be NULL, in which case the respective field is omitted. The resulting CrlID structure is encoded in ASN.1 using X509V3_EXT_i2d(3) with criticality 0.

RETURN VALUES¶

OCSP_CRLID_new() returns a new OCSP_CRLID object or NULL if an error occurred.

OCSP_crlID_new() returns a new X509_EXTENSION object or NULL if an error occurred.

SEE ALSO¶

OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), X509_EXTENSION_new(3)

STANDARDS¶

RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.4.2: CRL References

HISTORY¶

OCSP_CRLID_new(), OCSP_CRLID_free(), and OCSP_crlID_new() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

CAVEATS¶

The function names OCSP_CRLID_new() and OCSP_crlID_new() only differ in case.