Scroll to navigation

OCSP_SENDREQ_NEW(3) Library Functions Manual OCSP_SENDREQ_NEW(3)

NAME

OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_parse_url, OCSP_sendreq_bioOCSP responder query functions

SYNOPSIS

#include <openssl/ocsp.h>

OCSP_REQ_CTX *
OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline);

int
OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);

void
OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);

int
OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name, const char *value);

int
OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);

int
OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, int *pssl);

OCSP_RESPONSE *
OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);

DESCRIPTION

The function () returns an OCSP_REQ_CTX structure using the responder io, the URI path path, the OCSP request req and with a response header maximum line length of maxline. If maxline is zero, a default value of 4k is used. The OCSP request req may be set to NULL and provided later if required.

The arguments to () correspond to the components of the URI. For example, if the responder URI is http://ocsp.com/ocspreq, the BIO io should be connected to host ocsp.com on port 80 and path should be set to "/ocspreq".

() performs non-blocking I/O on the OCSP request context rctx. When the operation is complete, it returns the response in *presp. If OCSP_sendreq_nbio() indicates an operation should be retried, the corresponding BIO can be examined to determine which operation (read or write) should be retried and appropriate action can be taken, for example a select(2) call on the underlying socket.

() frees up the OCSP context rctx.

() adds header name with value value to the context rctx. The added headers are of the form "name: value" or just "name" if value is NULL. OCSP_REQ_CTX_add1_header() can be called more than once to add multiple headers. It must be called before any calls to OCSP_sendreq_nbio(). The req parameter in the initial to OCSP_sendreq_new() call must be set to NULL if additional headers are set.

() sets the OCSP request in rctx to req. This function should be called after any calls to OCSP_REQ_CTX_add1_header().

() is a utility function to parse a url of the form http[]://host[:port][/path] and store pointers to newly allocated copies of the strings host, port, and path in *phost, *pport, and *ppath, respectively. By default, *ppath is set to "/" and *pport to "443" for https or "80" for http. For https, *pssl is set to 1; otherwise, to 0.

() performs an OCSP request using the responder io, the URI path path, the OCSP request req. It does not support retries and so cannot handle non-blocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended.

RETURN VALUES

OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL if an error occurred.

OCSP_sendreq_nbio() returns 1 if the operation was completed successfully, -1 if the operation should be retried, or 0 if an error occurred.

OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_set1_req(), and OCSP_parse_url() return 1 for success or 0 for failure.

OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the responder or NULL if an error occurred.

EXAMPLES

Add a Host header for ocsp.com:

OCSP_REQ_CTX_add1_header(ctx, Host, ocsp.com );

SEE ALSO

OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), X509_get1_ocsp(3)

HISTORY

OCSP_parse_url() and OCSP_sendreq_bio() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

OCSP_sendreq_new(), OCSP_sendreq_nbio(), and OCSP_REQ_CTX_free() first appeared in OpenSSL 0.9.8h and have been available since OpenBSD 4.5.

OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.

CAVEATS

These functions only perform a minimal HTTP query to a responder. If an application wishes to support more advanced features, it should use an alternative, more complete, HTTP library.

Currently only HTTP POST queries to responders are supported.

March 31, 2022 Linux 6.4.0-150600.23.25-default