NAME
OCSP_CRLID_new
,
OCSP_CRLID_free
,
OCSP_crlID_new
—
OCSP CRL extension
SYNOPSIS
#include
<openssl/ocsp.h>
OCSP_CRLID *
OCSP_CRLID_new
(void);
void
OCSP_CRLID_free
(OCSP_CRLID
*crlid);
X509_EXTENSION *
OCSP_crlID_new
(const char *url,
long *number, char *time);
DESCRIPTION
If a client asks about the validity of a certificate and it turns out to be invalid, the responder may optionally communicate which certificate revocation list the certificate was found on. The required data is stored as an ASN.1 CrlID structure in the singleExtensions field of the SingleResponse structure. The CrlID is represented by an OCSP_CRLID object, which will be stored inside the OCSP_SINGLERESP object documented in OCSP_SINGLERESP_new(3).
OCSP_CRLID_new
()
allocates and initializes an empty OCSP_CRLID object.
OCSP_CRLID_free
()
frees crlid.
OCSP_crlID_new
()
accepts the url at which the CRL is available, the CRL
number, and/or the time at which
the CRL was created. Each argument can be NULL
, in
which case the respective field is omitted. The resulting
CrlID structure is encoded in ASN.1 using
X509V3_EXT_i2d(3) with criticality 0.
RETURN VALUES
OCSP_CRLID_new
() returns a new
OCSP_CRLID object or NULL
if
an error occurred.
OCSP_crlID_new
() returns a new
X509_EXTENSION object or NULL
if an error occurred.
SEE ALSO
OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), X509_EXTENSION_new(3)
STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.4.2: CRL References
HISTORY
OCSP_CRLID_new
(),
OCSP_CRLID_free
(), and
OCSP_crlID_new
() first appeared in OpenSSL 0.9.7 and
have been available since OpenBSD 3.2.
CAVEATS
The function names OCSP_CRLID_new
() and
OCSP_crlID_new
() only differ in case.