OpenBSD manual page server

Manual Page Search Parameters

OCSP_CRLID_NEW(3) Library Functions Manual OCSP_CRLID_NEW(3)

OCSP_CRLID_new, OCSP_CRLID_free, OCSP_crlID_newOCSP CRL extension

#include <openssl/ocsp.h>

OCSP_CRLID *
OCSP_CRLID_new(void);

void
OCSP_CRLID_free(OCSP_CRLID *crlid);

X509_EXTENSION *
OCSP_crlID_new(const char *url, long *number, char *time);

If a client asks about the validity of a certificate and it turns out to be invalid, the responder may optionally communicate which certificate revocation list the certificate was found on. The required data is stored as an ASN.1 CrlID structure in the singleExtensions field of the SingleResponse structure. The CrlID is represented by an OCSP_CRLID object, which will be stored inside the OCSP_SINGLERESP object documented in OCSP_SINGLERESP_new(3).

() allocates and initializes an empty OCSP_CRLID object. () frees crlid.

() accepts the url at which the CRL is available, the CRL number, and/or the time at which the CRL was created. Each argument can be NULL, in which case the respective field is omitted. The resulting CrlID structure is encoded in ASN.1 using X509V3_EXT_i2d(3) with criticality 0.

OCSP_CRLID_new() returns a new OCSP_CRLID object or NULL if an error occurred.

OCSP_crlID_new() returns a new X509_EXTENSION object or NULL if an error occurred.

OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), X509_EXTENSION_new(3)

RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.4.2: CRL References

OCSP_CRLID_new(), OCSP_CRLID_free(), and OCSP_crlID_new() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

The function names OCSP_CRLID_new() and OCSP_crlID_new() only differ in case.

January 15, 2022 OpenBSD-7.6