table of contents
OCSP_SERVICELOC_NEW(3) | Library Functions Manual | OCSP_SERVICELOC_NEW(3) |
NAME¶
OCSP_SERVICELOC_new
,
OCSP_SERVICELOC_free
,
OCSP_url_svcloc_new
— OCSP
service locator extension
SYNOPSIS¶
#include
<openssl/ocsp.h>
OCSP_SERVICELOC *
OCSP_SERVICELOC_new
(void);
void
OCSP_SERVICELOC_free
(OCSP_SERVICELOC
*sloc);
X509_EXTENSION *
OCSP_url_svcloc_new
(X509_NAME
*issuer, const char **urls);
DESCRIPTION¶
Due to restrictions of network routing, a client may be unable to directly contact the authoritative OCSP server for a certificate that needs to be checked. In that case, the request can be sent via a proxy server. An ASN.1 ServiceLocator structure is included in the singleRequestExtensions field of the Request structure to indicate where to forward the request. The ServiceLocator is represented by a OCSP_SERVICELOC object, which will be stored inside the OCSP_ONEREQ object documented in OCSP_ONEREQ_new(3).
OCSP_SERVICELOC_new
()
allocates and initializes an empty OCSP_SERVICELOC
object.
OCSP_SERVICELOC_free
()
frees sloc.
OCSP_url_svcloc_new
()
requires an issuer name and optionally accepts an
array of urls. If urls or its
first element is NULL
, the locator field is omitted
from the ServiceLocator structure and only the issuer
is included. The resulting ServiceLocator structure is
encoded in ASN.1 using X509V3_EXT_i2d(3) with criticality
0.
RETURN VALUES¶
OCSP_SERVICELOC_new
() returns a new
OCSP_SERVICELOC object or NULL
if an error occurred.
OCSP_url_svcloc_new
() returns a new
X509_EXTENSION object or NULL
if an error occurred.
SEE ALSO¶
OCSP_REQUEST_new(3), X509_EXTENSION_new(3), X509_get1_ocsp(3), X509_get_issuer_name(3), X509_NAME_new(3)
STANDARDS¶
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.4.6: Service Locator
HISTORY¶
OCSP_SERVICELOC_new
(),
OCSP_SERVICELOC_free
(), and
OCSP_url_svcloc_new
() first appeared in OpenSSL
0.9.7 and have been available since OpenBSD 3.2.
August 23, 2019 | Linux 6.4.0-150600.23.25-default |