NAME
OCSP_sendreq_new
,
OCSP_sendreq_nbio
,
OCSP_REQ_CTX_free
,
OCSP_REQ_CTX_add1_header
,
OCSP_REQ_CTX_set1_req
,
OCSP_parse_url
,
OCSP_sendreq_bio
—
OCSP responder query
functions
SYNOPSIS
#include
<openssl/ocsp.h>
OCSP_REQ_CTX *
OCSP_sendreq_new
(BIO *io,
const char *path, OCSP_REQUEST
*req, int maxline);
int
OCSP_sendreq_nbio
(OCSP_RESPONSE
**presp, OCSP_REQ_CTX *rctx);
void
OCSP_REQ_CTX_free
(OCSP_REQ_CTX
*rctx);
int
OCSP_REQ_CTX_add1_header
(OCSP_REQ_CTX
*rctx, const char *name, const
char *value);
int
OCSP_REQ_CTX_set1_req
(OCSP_REQ_CTX
*rctx, OCSP_REQUEST *req);
int
OCSP_parse_url
(const char *url,
char **phost, char **pport,
char **ppath, int *pssl);
OCSP_RESPONSE *
OCSP_sendreq_bio
(BIO *io,
const char *path, OCSP_REQUEST
*req);
DESCRIPTION
The function
OCSP_sendreq_new
()
returns an OCSP_REQ_CTX structure using the responder
io, the URI path path, the OCSP
request req and with a response header maximum line
length of maxline. If maxline is
zero, a default value of 4k is used. The OCSP request
req may be set to NULL
and
provided later if required.
The arguments to
OCSP_sendreq_new
()
correspond to the components of the URI. For example, if the responder URI
is http://ocsp.com/ocspreq, the BIO
io should be connected to host
ocsp.com on port 80 and path
should be set to "/ocspreq".
OCSP_sendreq_nbio
()
performs non-blocking I/O on the OCSP request context
rctx. When the operation is complete it returns the
response in *presp. If
OCSP_sendreq_nbio
() indicates an operation should be
retried, the corresponding BIO can be examined to determine which operation
(read or write) should be retried and appropriate action can be taken, for
example a select(2) call on the underlying socket.
OCSP_REQ_CTX_free
()
frees up the OCSP context rctx.
OCSP_REQ_CTX_add1_header
()
adds header name with value
value to the context rctx. The
added headers are of the form "name:
value" or just
"name" if value is
NULL
.
OCSP_REQ_CTX_add1_header
() can be called more than
once to add multiple headers. It must be called before any calls to
OCSP_sendreq_nbio
(). The req
parameter in the initial to OCSP_sendreq_new
() call
must be set to NULL
if additional headers are
set.
OCSP_REQ_CTX_set1_req
()
sets the OCSP request in rctx to
req. This function should be called after any calls to
OCSP_REQ_CTX_add1_header
().
OCSP_parse_url
()
is a utility function to parse a url of the form
http[s]://host[:port][/path]
and store pointers to newly allocated copies of the strings
host, port, and
path in *phost, *pport, and *ppath, respectively. By
default, *ppath is set to "/" and *pport to "443" for
https or "80" for http. For
https, *pssl is set to 1; otherwise,
to 0.
OCSP_sendreq_bio
()
performs an OCSP request using the responder io, the
URI path path, the OCSP request
req. It does not support retries and so cannot handle
non-blocking I/O efficiently. It is retained for compatibility and its use
in new applications is not recommended.
RETURN VALUES
OCSP_sendreq_new
() returns a valid
OCSP_REQ_CTX structure or NULL
if an error occurred.
OCSP_sendreq_nbio
() returns 1 if the
operation was completed successfully, -1 if the operation should be retried,
or 0 if an error occurred.
OCSP_REQ_CTX_add1_header
(),
OCSP_REQ_CTX_set1_req
(), and
OCSP_parse_url
() return 1 for success or 0 for
failure.
OCSP_sendreq_bio
() returns the
OCSP_RESPONSE structure sent by the responder or
NULL
if an error occurred.
EXAMPLES
Add a Host header for ocsp.com:
OCSP_REQ_CTX_add1_header(ctx, Host,
ocsp.com );
SEE ALSO
OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), X509_get1_ocsp(3)
HISTORY
OCSP_parse_url
() and
OCSP_sendreq_bio
() first appeared in OpenSSL 0.9.7
and have been available since OpenBSD 3.2.
OCSP_sendreq_new
(),
OCSP_sendreq_nbio
(), and
OCSP_REQ_CTX_free
() first appeared in OpenSSL 0.9.8h
and have been available since OpenBSD 4.5.
OCSP_REQ_CTX_add1_header
() and
OCSP_REQ_CTX_set1_req
() first appeared in OpenSSL
1.0.0 and have been available since OpenBSD 4.9.
CAVEATS
These functions only perform a minimal HTTP query to a responder. If an application wishes to support more advanced features, it should use an alternative, more complete, HTTP library.
Currently only HTTP POST queries to responders are supported.