"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.1.1b/doc/man3/OCSP_REQUEST_new.pod" (26 Feb 2019, 3504 Bytes) of package /linux/misc/openssl-1.1.1b.tar.gz:

Caution: As a special service "Fossies" has tried to format the requested pod source page into HTML format but links to other pod pages may be missing or even errorneous. Alternatively you can here view or download the uninterpreted pod source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.


OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 - OCSP request functions


 #include <openssl/ocsp.h>


 OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);

 int OCSP_request_sign(OCSP_REQUEST *req,
                       X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
                       STACK_OF(X509) *certs, unsigned long flags);

 int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);

 int OCSP_request_onereq_count(OCSP_REQUEST *req);
 OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);


OCSP_REQUEST_new() allocates and returns an empty OCSP_REQUEST structure.

OCSP_REQUEST_free() frees up the request structure req.

OCSP_request_add0_id() adds certificate ID cid to req. It returns the OCSP_ONEREQ structure added so an application can add additional extensions to the request. The id parameter MUST NOT be freed up after the operation.

OCSP_request_sign() signs OCSP request req using certificate signer, private key key, digest dgst and additional certificates certs. If the flags option OCSP_NOCERTS is set then no certificates will be included in the request.

OCSP_request_add1_cert() adds certificate cert to request req. The application is responsible for freeing up cert after use.

OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ structures in req.

OCSP_request_onereq_get0() returns an internal pointer to the OCSP_ONEREQ contained in req of index i. The index value i runs from 0 to OCSP_request_onereq_count(req) - 1.


OCSP_REQUEST_new() returns an empty OCSP_REQUEST structure or NULL if an error occurred.

OCSP_request_add0_id() returns the OCSP_ONEREQ structure containing cid or NULL if an error occurred.

OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success and 0 for failure.

OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ structures in req.

OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ structure or NULL if the index value is out or range.


An OCSP request structure contains one or more OCSP_ONEREQ structures corresponding to each certificate.

OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by OCSP responders.


Create an OCSP_REQUEST structure for certificate cert with issuer issuer:

 OCSP_ID *cid;

 req = OCSP_REQUEST_new();
 if (req == NULL)
    /* error */
 cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
 if (cid == NULL)
    /* error */

 if (OCSP_REQUEST_add0_id(req, cid) == NULL)
    /* error */

 /* Do something with req, e.g. query responder */



crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3)


Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.