Scroll to navigation

OCSP_REQUEST_NEW(3) Library Functions Manual OCSP_REQUEST_NEW(3)

NAME

OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_SIGNATURE_new, OCSP_SIGNATURE_free, OCSP_REQINFO_new, OCSP_REQINFO_free, OCSP_ONEREQ_new, OCSP_ONEREQ_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0OCSP request functions

SYNOPSIS

#include <openssl/ocsp.h>

OCSP_REQUEST *
OCSP_REQUEST_new(void);

void
OCSP_REQUEST_free(OCSP_REQUEST *req);

OCSP_SIGNATURE *
OCSP_SIGNATURE_new(void);

void
OCSP_SIGNATURE_free(OCSP_SIGNATURE *signature);

OCSP_REQINFO *
OCSP_REQINFO_new(void);

void
OCSP_REQINFO_free(OCSP_REQINFO *reqinfo);

OCSP_ONEREQ *
OCSP_ONEREQ_new(void);

void
OCSP_ONEREQ_free(OCSP_ONEREQ *onereq);

OCSP_ONEREQ *
OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);

int
OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);

int
OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);

int
OCSP_request_onereq_count(OCSP_REQUEST *req);

OCSP_ONEREQ *
OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);

DESCRIPTION

() allocates and initializes an empty OCSP_REQUEST object, representing an ASN.1 OCSPRequest structure defined in RFC 6960. () frees req.

() allocates and initializes an empty OCSP_SIGNATURE object, representing an ASN.1 Signature structure defined in RFC 6960. Such an object is used inside OCSP_REQUEST. () frees signature.

() allocates and initializes an empty OCSP_REQINFO object, representing an ASN.1 TBSRequest structure defined in RFC 6960. Such an object is used inside OCSP_REQUEST. It asks about the validity of one or more certificates. () frees reqinfo.

() allocates and initializes an empty OCSP_ONEREQ object, representing an ASN.1 Request structure defined in RFC 6960. Such objects are used inside OCSP_REQINFO. Each one asks about the validity of one certificate. () frees onereq.

() adds certificate ID cid to req. It returns the OCSP_ONEREQ object added so an application can add additional extensions to the request. The cid parameter must not be freed up after the operation.

() signs OCSP request req using certificate signer, private key key, digest dgst, and additional certificates certs. If the flags option OCSP_NOCERTS is set, then no certificates will be included in the request.

() adds certificate cert to request req. The application is responsible for freeing up cert after use.

() returns the total number of OCSP_ONEREQ objects in req.

() returns an internal pointer to the OCSP_ONEREQ contained in req of index i. The index value i runs from 0 to OCSP_request_onereq_count(req) - 1.

() and OCSP_request_onereq_get0() are mainly used by OCSP responders.

RETURN VALUES

OCSP_REQUEST_new(), OCSP_SIGNATURE_new(), OCSP_REQINFO_new(), and OCSP_ONEREQ_new() return an empty OCSP_REQUEST, OCSP_SIGNATURE, OCSP_REQINFO, or OCSP_ONEREQ object, respectively, or NULL if an error occurred.

OCSP_request_add0_id() returns the OCSP_ONEREQ object containing cid or NULL if an error occurred.

OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success or 0 for failure.

OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ objects in req.

OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ object or NULL if the index value is out of range.

EXAMPLES

Create an OCSP_REQUEST object for certificate cert with issuer issuer:

OCSP_REQUEST *req;
OCSP_ID *cid;

req = OCSP_REQUEST_new();
if (req == NULL)
	/* error */
cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
if (cid == NULL)
	/* error */

if (OCSP_REQUEST_add0_id(req, cid) == NULL)
	/* error */

 /* Do something with req, e.g. query responder */

OCSP_REQUEST_free(req);

SEE ALSO

ACCESS_DESCRIPTION_new(3), crypto(3), d2i_OCSP_REQUEST(3), d2i_OCSP_RESPONSE(3), EVP_DigestInit(3), OCSP_cert_to_id(3), OCSP_CRLID_new(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3), OCSP_SERVICELOC_new(3), X509_ocspid_print(3)

STANDARDS

RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.1: Request Syntax

HISTORY

These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

February 19, 2022 Linux 6.4.0-150600.23.30-default