1=pod 2 3=head1 NAME 4 5OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, 6OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, 7OCSP_RESPID_set_by_key_ex, OCSP_RESPID_set_by_key, OCSP_RESPID_match_ex, 8OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx 9- OCSP response functions 10 11=head1 SYNOPSIS 12 13 #include <openssl/ocsp.h> 14 15 int OCSP_response_status(OCSP_RESPONSE *resp); 16 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); 17 OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); 18 void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); 19 20 int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); 21 int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, 22 OSSL_LIB_CTX *libctx, const char *propq); 23 int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); 24 int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, 25 const char *propq); 26 int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); 27 28 int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, 29 const EVP_MD *dgst, STACK_OF(X509) *certs, 30 unsigned long flags); 31 int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, 32 STACK_OF(X509) *certs, unsigned long flags); 33 34=head1 DESCRIPTION 35 36OCSP_response_status() returns the OCSP response status of I<resp>. It returns 37one of the values: I<OCSP_RESPONSE_STATUS_SUCCESSFUL>, 38I<OCSP_RESPONSE_STATUS_MALFORMEDREQUEST>, 39I<OCSP_RESPONSE_STATUS_INTERNALERROR>, I<OCSP_RESPONSE_STATUS_TRYLATER> 40I<OCSP_RESPONSE_STATUS_SIGREQUIRED>, or I<OCSP_RESPONSE_STATUS_UNAUTHORIZED>. 41 42OCSP_response_get1_basic() decodes and returns the I<OCSP_BASICRESP> structure 43contained in I<resp>. 44 45OCSP_response_create() creates and returns an I<OCSP_RESPONSE> structure for 46I<status> and optionally including basic response I<bs>. 47 48OCSP_RESPONSE_free() frees up OCSP response I<resp>. 49 50OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the 51subject name in the supplied X509 certificate I<cert> for the OCSP responder. 52 53OCSP_RESPID_set_by_key_ex() sets the key of the OCSP_RESPID to be the same as the 54key in the supplied X509 certificate I<cert> for the OCSP responder. The key is 55stored as a SHA1 hash. To calculate the hash the SHA1 algorithm is fetched using 56the library ctx I<libctx> and the property query string I<propq> (see 57L<crypto(7)/ALGORITHM FETCHING> for further information). 58 59OCSP_RESPID_set_by_key() does the same as OCSP_RESPID_set_by_key_ex() except 60that the default library context is used with an empty property query string. 61 62Note that an OCSP_RESPID can only have one of the name, or the key set. Calling 63OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing 64setting. 65 66OCSP_RESPID_match_ex() tests whether the OCSP_RESPID given in I<respid> matches 67with the X509 certificate I<cert> based on the SHA1 hash. To calculate the hash 68the SHA1 algorithm is fetched using the library ctx I<libctx> and the property 69query string I<propq> (see L<crypto(7)/ALGORITHM FETCHING> for further 70information). 71 72OCSP_RESPID_match() does the same as OCSP_RESPID_match_ex() except that the 73default library context is used with an empty property query string. 74 75OCSP_basic_sign() signs OCSP response I<brsp> using certificate I<signer>, private key 76I<key>, digest I<dgst> and additional certificates I<certs>. If the I<flags> option 77I<OCSP_NOCERTS> is set then no certificates will be included in the response. If the 78I<flags> option I<OCSP_RESPID_KEY> is set then the responder is identified by key ID 79rather than by name. OCSP_basic_sign_ctx() also signs OCSP response I<brsp> but 80uses the parameters contained in digest context I<ctx>. 81 82=head1 RETURN VALUES 83 84OCSP_RESPONSE_status() returns a status value. 85 86OCSP_response_get1_basic() returns an I<OCSP_BASICRESP> structure pointer or 87I<NULL> if an error occurred. 88 89OCSP_response_create() returns an I<OCSP_RESPONSE> structure pointer or I<NULL> 90if an error occurred. 91 92OCSP_RESPONSE_free() does not return a value. 93 94OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(), and 95OCSP_basic_sign_ctx() return 1 on success or 0 96on failure. 97 98OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match 99or 0 otherwise. 100 101=head1 NOTES 102 103OCSP_response_get1_basic() is only called if the status of a response is 104I<OCSP_RESPONSE_STATUS_SUCCESSFUL>. 105 106=head1 SEE ALSO 107 108L<crypto(7)> 109L<OCSP_cert_to_id(3)> 110L<OCSP_request_add1_nonce(3)> 111L<OCSP_REQUEST_new(3)> 112L<OCSP_resp_find_status(3)> 113L<OCSP_sendreq_new(3)> 114L<OCSP_RESPID_new(3)> 115L<OCSP_RESPID_free(3)> 116 117=head1 HISTORY 118 119The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match() 120functions were added in OpenSSL 1.1.0a. 121 122The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1. 123 124=head1 COPYRIGHT 125 126Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 127 128Licensed under the Apache License 2.0 (the "License"). You may not use 129this file except in compliance with the License. You can obtain a copy 130in the file LICENSE in the source distribution or at 131L<https://www.openssl.org/source/license.html>. 132 133=cut 134
