59 OCSP_resp_find_status() searches I<bs> for an OCSP response for I<id>. If it is
60 successful the fields of the response are returned in I<*status>, I<*reason>,
61 I<*revtime>, I<*thisupd> and I<*nextupd>.  The I<*status> value will be one of
63 B<V_OCSP_CERTSTATUS_UNKNOWN>. The I<*reason> and I<*revtime> fields are only
64 set if the status is B<V_OCSP_CERTSTATUS_REVOKED>. If set the I<*reason> field
72 OCSP_resp_count() returns the number of B<OCSP_SINGLERESP> structures in I<bs>.
74 OCSP_resp_get0() returns the B<OCSP_SINGLERESP> structure in I<bs> corresponding
75 to index I<idx>, where I<idx> runs from 0 to OCSP_resp_count(bs) - 1.
77 OCSP_resp_find() searches I<bs> for I<id> and returns the index of the first
78 matching entry after I<last> or starting from the beginning if I<last> is -1.
80 OCSP_single_get0_status() extracts the fields of I<single> in I<*reason>,
81 I<*revtime>, I<*thisupd> and I<*nextupd>.
84 single response I<bs>.
86 OCSP_resp_get0_signature() returns the signature from I<bs>.
88 OCSP_resp_get0_tbs_sigalg() returns the B<signatureAlgorithm> from I<bs>.
90 OCSP_resp_get0_respdata() returns the B<tbsResponseData> from I<bs>.
92 OCSP_resp_get0_certs() returns any certificates included in I<bs>.
95 signed I<bs>.  The OCSP protocol does not require that this certificate
97 can be supplied via the I<extra_certs> if the certificates that may have
100 OCSP_resp_get0_id() gets the responder id of I<bs>. If the responder ID is
101 a name then <*pname> is set to the name and I<*pid> is set to NULL. If the
102 responder ID is by key ID then I<*pid> is set to the key ID and I<*pname>
106 but leaves ownership of I<*pid> and I<*pname> with the caller,
109 OCSP_check_validity() checks the validity of its I<thisupd> and I<nextupd>
111 OCSP_single_get0_status(). If I<sec> is nonzero it indicates how many seconds
112 leeway should be allowed in the check. If I<maxsec> is positive it indicates
113 the maximum age of I<thisupd> in seconds.
115 OCSP_basic_verify() checks that the basic response message I<bs> is correctly
116 signed and that the signer certificate can be validated. It takes I<st> as
117 the trusted store and I<certs> as a set of untrusted intermediate certificates.
119 in I<certs>. It then searches the certificates the responder may have included
120 in I<bs> unless I<flags> contains B<OCSP_NOINTERN>.
122 Next, unless I<flags> contains B<OCSP_NOSIGS>, the function checks
123 the signature of I<bs> and fails on error. Then the function already returns
124 success if I<flags> contains B<OCSP_NOVERIFY> or if the signer certificate
125 was found in I<certs> and I<flags> contains B<OCSP_TRUSTOTHER>.
127 If I<flags> contains B<OCSP_PARTIAL_CHAIN> it takes intermediate CA
128 certificates in I<st> as trust anchors.
131 If I<flags> contains B<OCSP_NOCHAIN> it ignores all certificates in I<certs>
132 and in I<bs>, else it takes them as untrusted intermediate CA certificates
145 OCSP_resp_find_status() returns 1 if I<id> is found in I<bs> and 0 otherwise.
147 OCSP_resp_count() returns the total number of B<OCSP_SINGLERESP> fields in I<bs>
151 NULL on error, such as I<idx> being out of range.
153 OCSP_resp_find() returns the index of I<id> in I<bs> (which may be 0)
154 or -1 on error, such as when I<id> was not found.
156 OCSP_single_get0_status() returns the status of I<single> or -1 if an error
159 OCSP_resp_get0_produced_at() returns the B<producedAt> field from I<bs>.
161 OCSP_resp_get0_signature() returns the signature from I<bs>.
163 OCSP_resp_get0_tbs_sigalg() returns the B<signatureAlgorithm> field from I<bs>.
165 OCSP_resp_get0_respdata() returns the B<tbsResponseData> field from I<bs>.
167 OCSP_resp_get0_certs() returns any certificates included in I<bs>.
174 OCSP_check_validity() returns 1 if I<thisupd> and I<nextupd> are valid time
175 values and the current time + I<sec> is not before I<thisupd> and,
176 if I<maxsec> >= 0, the current time - I<maxsec> is not past I<nextupd>.
190 account for clock skew the I<maxsec> field can be set to nonzero in
193 I<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted
196 The values written to I<*revtime>, I<*thisupd> and I<*nextupd> by

Last Index update Tue Oct 01 22:02:31 UTC 2024

Dedicated to & Maintained by Room-11