1=pod 2 3=head1 NAME 4 5OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, 6OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, 7OCSP_RESPID_set_by_key_ex, OCSP_RESPID_set_by_key, OCSP_RESPID_match_ex, 8OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx 9- OCSP response functions 10 11=head1 SYNOPSIS 12 13 #include <openssl/ocsp.h> 14 15 int OCSP_response_status(OCSP_RESPONSE *resp); 16 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); 17 OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); 18 void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); 19 20 int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); 21 int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, 22 OSSL_LIB_CTX *libctx, const char *propq); 23 int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); 24 int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, 25 const char *propq); 26 int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); 27 28 int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, 29 const EVP_MD *dgst, STACK_OF(X509) *certs, 30 unsigned long flags); 31 int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, 32 STACK_OF(X509) *certs, unsigned long flags); 33 34=head1 DESCRIPTION 35 36OCSP_response_status() returns the OCSP response status of I<resp>. It returns 37one of the values: I<OCSP_RESPONSE_STATUS_SUCCESSFUL>, 38I<OCSP_RESPONSE_STATUS_MALFORMEDREQUEST>, 39I<OCSP_RESPONSE_STATUS_INTERNALERROR>, I<OCSP_RESPONSE_STATUS_TRYLATER> 40I<OCSP_RESPONSE_STATUS_SIGREQUIRED>, or I<OCSP_RESPONSE_STATUS_UNAUTHORIZED>. 41 42OCSP_response_get1_basic() decodes and returns the I<OCSP_BASICRESP> structure 43contained in I<resp>. 44 45OCSP_response_create() creates and returns an I<OCSP_RESPONSE> structure for 46I<status> and optionally including basic response I<bs>. 47 48OCSP_RESPONSE_free() frees up OCSP response I<resp>. 49If the argument is NULL, nothing is done. 50 51OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the 52subject name in the supplied X509 certificate I<cert> for the OCSP responder. 53 54OCSP_RESPID_set_by_key_ex() sets the key of the OCSP_RESPID to be the same as the 55key in the supplied X509 certificate I<cert> for the OCSP responder. The key is 56stored as a SHA1 hash. To calculate the hash the SHA1 algorithm is fetched using 57the library ctx I<libctx> and the property query string I<propq> (see 58L<crypto(7)/ALGORITHM FETCHING> for further information). 59 60OCSP_RESPID_set_by_key() does the same as OCSP_RESPID_set_by_key_ex() except 61that the default library context is used with an empty property query string. 62 63Note that an OCSP_RESPID can only have one of the name, or the key set. Calling 64OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing 65setting. 66 67OCSP_RESPID_match_ex() tests whether the OCSP_RESPID given in I<respid> matches 68with the X509 certificate I<cert> based on the SHA1 hash. To calculate the hash 69the SHA1 algorithm is fetched using the library ctx I<libctx> and the property 70query string I<propq> (see L<crypto(7)/ALGORITHM FETCHING> for further 71information). 72 73OCSP_RESPID_match() does the same as OCSP_RESPID_match_ex() except that the 74default library context is used with an empty property query string. 75 76OCSP_basic_sign() signs OCSP response I<brsp> using certificate I<signer>, private key 77I<key>, digest I<dgst> and additional certificates I<certs>. If the I<flags> option 78I<OCSP_NOCERTS> is set then no certificates will be included in the response. If the 79I<flags> option I<OCSP_RESPID_KEY> is set then the responder is identified by key ID 80rather than by name. OCSP_basic_sign_ctx() also signs OCSP response I<brsp> but 81uses the parameters contained in digest context I<ctx>. 82 83=head1 RETURN VALUES 84 85OCSP_RESPONSE_status() returns a status value. 86 87OCSP_response_get1_basic() returns an I<OCSP_BASICRESP> structure pointer or 88I<NULL> if an error occurred. 89 90OCSP_response_create() returns an I<OCSP_RESPONSE> structure pointer or I<NULL> 91if an error occurred. 92 93OCSP_RESPONSE_free() does not return a value. 94 95OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(), and 96OCSP_basic_sign_ctx() return 1 on success or 0 97on failure. 98 99OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match 100or 0 otherwise. 101 102=head1 NOTES 103 104OCSP_response_get1_basic() is only called if the status of a response is 105I<OCSP_RESPONSE_STATUS_SUCCESSFUL>. 106 107=head1 SEE ALSO 108 109L<crypto(7)> 110L<OCSP_cert_to_id(3)> 111L<OCSP_request_add1_nonce(3)> 112L<OCSP_REQUEST_new(3)> 113L<OCSP_resp_find_status(3)> 114L<OCSP_sendreq_new(3)> 115L<OCSP_RESPID_new(3)> 116L<OCSP_RESPID_free(3)> 117 118=head1 HISTORY 119 120The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match() 121functions were added in OpenSSL 1.1.0a. 122 123The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1. 124 125=head1 COPYRIGHT 126 127Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 128 129Licensed under the Apache License 2.0 (the "License"). You may not use 130this file except in compliance with the License. You can obtain a copy 131in the file LICENSE in the source distribution or at 132L<https://www.openssl.org/source/license.html>. 133 134=cut 135