-*- mode: troff; coding: utf-8 -*-
Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
Standard preamble:
========================================================================
..
.... \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================
Title "OCSP_response_status 3"
way too many mistakes in technical documents.
\fBOCSP_response_get1_basic() decodes and returns the OCSP_BASICRESP structure contained in resp.
\fBOCSP_response_create() creates and returns an OCSP_RESPONSE structure for \fIstatus and optionally including basic response bs.
\fBOCSP_RESPONSE_free() frees up OCSP response resp. If the argument is NULL, nothing is done.
\fBOCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the subject name in the supplied X509 certificate cert for the OCSP responder.
\fBOCSP_RESPID_set_by_key_ex() sets the key of the OCSP_RESPID to be the same as the key in the supplied X509 certificate cert for the OCSP responder. The key is stored as a SHA1 hash. To calculate the hash the SHA1 algorithm is fetched using the library ctx libctx and the property query string propq (see "ALGORITHM FETCHING" in crypto\|(7) for further information).
\fBOCSP_RESPID_set_by_key() does the same as OCSP_RESPID_set_by_key_ex() except that the default library context is used with an empty property query string.
Note that an OCSP_RESPID can only have one of the name, or the key set. Calling \fBOCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing setting.
\fBOCSP_RESPID_match_ex() tests whether the OCSP_RESPID given in respid matches with the X509 certificate cert based on the SHA1 hash. To calculate the hash the SHA1 algorithm is fetched using the library ctx libctx and the property query string propq (see "ALGORITHM FETCHING" in crypto\|(7) for further information).
\fBOCSP_RESPID_match() does the same as OCSP_RESPID_match_ex() except that the default library context is used with an empty property query string.
\fBOCSP_basic_sign() signs OCSP response brsp using certificate signer, private key \fIkey, digest dgst and additional certificates certs. If the flags option \fIOCSP_NOCERTS is set then no certificates will be included in the response. If the \fIflags option OCSP_RESPID_KEY is set then the responder is identified by key ID rather than by name. OCSP_basic_sign_ctx() also signs OCSP response brsp but uses the parameters contained in digest context ctx.
\fBOCSP_response_get1_basic() returns an OCSP_BASICRESP structure pointer or \fINULL if an error occurred.
\fBOCSP_response_create() returns an OCSP_RESPONSE structure pointer or NULL if an error occurred.
\fBOCSP_RESPONSE_free() does not return a value.
\fBOCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(), and \fBOCSP_basic_sign_ctx() return 1 on success or 0 on failure.
\fBOCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match or 0 otherwise.
The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.