| OCSP_SENDREQ_NEW(3) | Library Functions Manual | OCSP_SENDREQ_NEW(3) |
NAME¶
OCSP_sendreq_new,
OCSP_sendreq_nbio,
OCSP_REQ_CTX_free,
OCSP_REQ_CTX_add1_header,
OCSP_REQ_CTX_set1_req,
OCSP_parse_url,
OCSP_sendreq_bio — OCSP
responder query functions
SYNOPSIS¶
#include
<openssl/ocsp.h>
OCSP_REQ_CTX *
OCSP_sendreq_new(BIO *io,
const char *path, OCSP_REQUEST
*req, int maxline);
int
OCSP_sendreq_nbio(OCSP_RESPONSE
**presp, OCSP_REQ_CTX *rctx);
void
OCSP_REQ_CTX_free(OCSP_REQ_CTX
*rctx);
int
OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX
*rctx, const char *name, const
char *value);
int
OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX
*rctx, OCSP_REQUEST *req);
int
OCSP_parse_url(const char *url,
char **phost, char **pport,
char **ppath, int *pssl);
OCSP_RESPONSE *
OCSP_sendreq_bio(BIO *io,
const char *path, OCSP_REQUEST
*req);
DESCRIPTION¶
The function
OCSP_sendreq_new()
returns an OCSP_REQ_CTX structure using the responder
io, the URI path path, the OCSP
request req and with a response header maximum line
length of maxline. If maxline is
zero, a default value of 4k is used. The OCSP request
req may be set to NULL and
provided later if required.
The arguments to
OCSP_sendreq_new()
correspond to the components of the URI. For example, if the responder URI
is http://ocsp.com/ocspreq, the BIO
io should be connected to host
ocsp.com on port 80 and path
should be set to "/ocspreq".
OCSP_sendreq_nbio()
performs non-blocking I/O on the OCSP request context
rctx. When the operation is complete, it returns the
response in *presp. If
OCSP_sendreq_nbio() indicates an operation should be
retried, the corresponding BIO can be examined to determine which operation
(read or write) should be retried and appropriate action can be taken, for
example a select(2) call on the underlying socket.
OCSP_REQ_CTX_free()
frees up the OCSP context rctx.
OCSP_REQ_CTX_add1_header()
adds header name with value
value to the context rctx. The
added headers are of the form "name:
value" or just
"name" if value is
NULL.
OCSP_REQ_CTX_add1_header() can be called more than
once to add multiple headers. It must be called before any calls to
OCSP_sendreq_nbio(). The req
parameter in the initial to OCSP_sendreq_new() call
must be set to NULL if additional headers are
set.
OCSP_REQ_CTX_set1_req()
sets the OCSP request in rctx to
req. This function should be called after any calls to
OCSP_REQ_CTX_add1_header().
OCSP_parse_url()
is a utility function to parse a url of the form
http[s]://host[:port][/path]
and store pointers to newly allocated copies of the strings
host, port, and
path in *phost, *pport, and *ppath, respectively. By
default, *ppath is set to "/" and *pport to "443" for
https or "80" for http. For
https, *pssl is set to 1; otherwise,
to 0.
OCSP_sendreq_bio()
performs an OCSP request using the responder io, the
URI path path, the OCSP request
req. It does not support retries and so cannot handle
non-blocking I/O efficiently. It is retained for compatibility and its use
in new applications is not recommended.
RETURN VALUES¶
OCSP_sendreq_new() returns a valid
OCSP_REQ_CTX structure or NULL
if an error occurred.
OCSP_sendreq_nbio() returns 1 if the
operation was completed successfully, -1 if the operation should be retried,
or 0 if an error occurred.
OCSP_REQ_CTX_add1_header(),
OCSP_REQ_CTX_set1_req(), and
OCSP_parse_url() return 1 for success or 0 for
failure.
OCSP_sendreq_bio() returns the
OCSP_RESPONSE structure sent by the responder or
NULL if an error occurred.
EXAMPLES¶
Add a Host header for ocsp.com:
OCSP_REQ_CTX_add1_header(ctx, Host,
ocsp.com );SEE ALSO¶
OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), X509_get1_ocsp(3)
HISTORY¶
OCSP_parse_url() and
OCSP_sendreq_bio() first appeared in OpenSSL 0.9.7
and have been available since OpenBSD 3.2.
OCSP_sendreq_new(),
OCSP_sendreq_nbio(), and
OCSP_REQ_CTX_free() first appeared in OpenSSL 0.9.8h
and have been available since OpenBSD 4.5.
OCSP_REQ_CTX_add1_header() and
OCSP_REQ_CTX_set1_req() first appeared in OpenSSL
1.0.0 and have been available since OpenBSD 4.9.
CAVEATS¶
These functions only perform a minimal HTTP query to a responder. If an application wishes to support more advanced features, it should use an alternative, more complete, HTTP library.
Currently only HTTP POST queries to responders are supported.
| March 31, 2022 | Linux 6.4.0-150700.53.19-default |