Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help

       OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
       OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
       OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio,	OCSP_REQ_CTX_i2d - OCSP
       responder query functions

	#include <openssl/ocsp.h>

	OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io,	const char *path, OCSP_REQUEST *req,
				       int maxline);

	int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);

	void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);

	void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);

	int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
				     const char	*name, const char *value);

	int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);

	OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST	*req);

	int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type,
			     const ASN1_ITEM *it, ASN1_VALUE *req);

       The function OCSP_sendreq_new() returns an OCSP_CTX structure using the
       responder io, the URL path path,	the OCSP request req and with a
       response	header maximum line length of maxline. If maxline is zero a
       default value of	4k is used. The	OCSP request req may be	set to NULL
       and provided later if required.

       OCSP_sendreq_nbio() performs nonblocking	I/O on the OCSP	request
       context rctx. When the operation	is complete it returns the response in

       OCSP_REQ_CTX_free() frees up the	OCSP context rctx.

       OCSP_set_max_response_length() sets the maximum response	length for
       rctx to len. If the response exceeds this length	an error occurs. If
       not set a default value of 100k is used.

       OCSP_REQ_CTX_add1_header() adds header name with	value value to the
       context rctx. It	can be called more than	once to	add multiple headers.
       It MUST be called before	any calls to OCSP_sendreq_nbio(). The req
       parameter in the	initial	to OCSP_sendreq_new() call MUST	be set to NULL
       if additional headers are set.

       OCSP_REQ_CTX_set1_req() sets the	OCSP request in	rctx to	req. This
       function	should be called after any calls to
       OCSP_REQ_CTX_add1_header().  OCSP_REQ_CTX_set1_req(rctx,	req) is
       equivalent to the following:

	OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request",
			       ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)

       OCSP_REQ_CTX_i2d() sets the request context rctx	to have	the request
       req, which has the ASN.1	type it.  The content_type, if not NULL, will
       be included in the HTTP request.	 The function should be	called after
       all other headers have already been added.

       OCSP_sendreq_bio() performs an OCSP request using the responder io, the
       URL path	path, and the OCSP request req with a response header maximum
       line length 4k. It waits	indefinitely on	a response.

       OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL if an
       error occurred.

       OCSP_sendreq_nbio() returns 1 if	the operation was completed
       successfully, -1	if the operation should	be retried and 0 if an error

       OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_set1_req(), and
       OCSP_REQ_CTX_i2d() return 1 for success and 0 for failure.

       OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the
       responder or NULL if an error occurred.

       OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return

       These functions only perform a minimal HTTP query to a responder. If an
       application wishes to support more advanced features it should use an
       alternative more	complete HTTP library.

       Currently only HTTP POST	queries	to responders are supported.

       The arguments to	OCSP_sendreq_new() correspond to the components	of the
       URL.  For example if the	responder URL is the
       BIO io should be	connected to host on port 80 and path should
       be set to "/ocspreq"

       The headers added with OCSP_REQ_CTX_add1_header() are of	the form
       "name: value" or	just "name" if value is	NULL. So to add	a Host header
       for you	would call:

	OCSP_REQ_CTX_add1_header(ctx, "Host", "");

       If OCSP_sendreq_nbio() indicates	an operation should be retried the
       corresponding BIO can be	examined to determine which operation (read or
       write) should be	retried	and appropriate	action taken (for example a
       select()	call on	the underlying socket).

       OCSP_sendreq_bio() does not support retries and so cannot handle
       nonblocking I/O efficiently. It is retained for compatibility and its
       use in new applications is not recommended.

       crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3),
       OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3)

       Copyright 2015-2020 The OpenSSL Project Authors.	All Rights Reserved.

       Licensed	under the OpenSSL license (the "License").  You	may not	use
       this file except	in compliance with the License.	 You can obtain	a copy
       in the file LICENSE in the source distribution or at

1.1.1o				  2022-05-03		   OCSP_SENDREQ_NEW(3)


Want to link to this manual page? Use this URL:

home | help