1*a0b616e6Sjsg.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.12 2022/02/19 13:09:36 jsg Exp $ 24fdd93abSschwarze.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 34fdd93abSschwarze.\" 47e161a3dSschwarze.\" This file is a derived work. 57e161a3dSschwarze.\" The changes are covered by the following Copyright and license: 67e161a3dSschwarze.\" 77e161a3dSschwarze.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 87e161a3dSschwarze.\" 97e161a3dSschwarze.\" Permission to use, copy, modify, and distribute this software for any 107e161a3dSschwarze.\" purpose with or without fee is hereby granted, provided that the above 117e161a3dSschwarze.\" copyright notice and this permission notice appear in all copies. 127e161a3dSschwarze.\" 137e161a3dSschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 147e161a3dSschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 157e161a3dSschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 167e161a3dSschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 177e161a3dSschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 187e161a3dSschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 197e161a3dSschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 207e161a3dSschwarze.\" 217e161a3dSschwarze.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>. 224fdd93abSschwarze.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. 234fdd93abSschwarze.\" 244fdd93abSschwarze.\" Redistribution and use in source and binary forms, with or without 254fdd93abSschwarze.\" modification, are permitted provided that the following conditions 264fdd93abSschwarze.\" are met: 274fdd93abSschwarze.\" 284fdd93abSschwarze.\" 1. Redistributions of source code must retain the above copyright 294fdd93abSschwarze.\" notice, this list of conditions and the following disclaimer. 304fdd93abSschwarze.\" 314fdd93abSschwarze.\" 2. Redistributions in binary form must reproduce the above copyright 324fdd93abSschwarze.\" notice, this list of conditions and the following disclaimer in 334fdd93abSschwarze.\" the documentation and/or other materials provided with the 344fdd93abSschwarze.\" distribution. 354fdd93abSschwarze.\" 364fdd93abSschwarze.\" 3. All advertising materials mentioning features or use of this 374fdd93abSschwarze.\" software must display the following acknowledgment: 384fdd93abSschwarze.\" "This product includes software developed by the OpenSSL Project 394fdd93abSschwarze.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 404fdd93abSschwarze.\" 414fdd93abSschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 424fdd93abSschwarze.\" endorse or promote products derived from this software without 434fdd93abSschwarze.\" prior written permission. For written permission, please contact 444fdd93abSschwarze.\" openssl-core@openssl.org. 454fdd93abSschwarze.\" 464fdd93abSschwarze.\" 5. Products derived from this software may not be called "OpenSSL" 474fdd93abSschwarze.\" nor may "OpenSSL" appear in their names without prior written 484fdd93abSschwarze.\" permission of the OpenSSL Project. 494fdd93abSschwarze.\" 504fdd93abSschwarze.\" 6. Redistributions of any form whatsoever must retain the following 514fdd93abSschwarze.\" acknowledgment: 524fdd93abSschwarze.\" "This product includes software developed by the OpenSSL Project 534fdd93abSschwarze.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 544fdd93abSschwarze.\" 554fdd93abSschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 564fdd93abSschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 574fdd93abSschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 584fdd93abSschwarze.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 594fdd93abSschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 604fdd93abSschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 614fdd93abSschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 624fdd93abSschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 634fdd93abSschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 644fdd93abSschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 654fdd93abSschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 664fdd93abSschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE. 674fdd93abSschwarze.\" 68*a0b616e6Sjsg.Dd $Mdocdate: February 19 2022 $ 694fdd93abSschwarze.Dt OCSP_REQUEST_NEW 3 704fdd93abSschwarze.Os 714fdd93abSschwarze.Sh NAME 724fdd93abSschwarze.Nm OCSP_REQUEST_new , 734fdd93abSschwarze.Nm OCSP_REQUEST_free , 747e161a3dSschwarze.Nm OCSP_SIGNATURE_new , 757e161a3dSschwarze.Nm OCSP_SIGNATURE_free , 767e161a3dSschwarze.Nm OCSP_REQINFO_new , 777e161a3dSschwarze.Nm OCSP_REQINFO_free , 787e161a3dSschwarze.Nm OCSP_ONEREQ_new , 797e161a3dSschwarze.Nm OCSP_ONEREQ_free , 804fdd93abSschwarze.Nm OCSP_request_add0_id , 814fdd93abSschwarze.Nm OCSP_request_sign , 824fdd93abSschwarze.Nm OCSP_request_add1_cert , 834fdd93abSschwarze.Nm OCSP_request_onereq_count , 84ddda17d6Sjmc.Nm OCSP_request_onereq_get0 854fdd93abSschwarze.Nd OCSP request functions 864fdd93abSschwarze.Sh SYNOPSIS 874fdd93abSschwarze.In openssl/ocsp.h 884fdd93abSschwarze.Ft OCSP_REQUEST * 894fdd93abSschwarze.Fn OCSP_REQUEST_new void 904fdd93abSschwarze.Ft void 917e161a3dSschwarze.Fn OCSP_REQUEST_free "OCSP_REQUEST *req" 927e161a3dSschwarze.Ft OCSP_SIGNATURE * 937e161a3dSschwarze.Fn OCSP_SIGNATURE_new void 947e161a3dSschwarze.Ft void 957e161a3dSschwarze.Fn OCSP_SIGNATURE_free "OCSP_SIGNATURE *signature" 967e161a3dSschwarze.Ft OCSP_REQINFO * 977e161a3dSschwarze.Fn OCSP_REQINFO_new void 987e161a3dSschwarze.Ft void 997e161a3dSschwarze.Fn OCSP_REQINFO_free "OCSP_REQINFO *reqinfo" 1007e161a3dSschwarze.Ft OCSP_ONEREQ * 1017e161a3dSschwarze.Fn OCSP_ONEREQ_new void 1027e161a3dSschwarze.Ft void 1037e161a3dSschwarze.Fn OCSP_ONEREQ_free "OCSP_ONEREQ *onereq" 1044fdd93abSschwarze.Ft OCSP_ONEREQ * 1054fdd93abSschwarze.Fo OCSP_request_add0_id 1064fdd93abSschwarze.Fa "OCSP_REQUEST *req" 1074fdd93abSschwarze.Fa "OCSP_CERTID *cid" 1084fdd93abSschwarze.Fc 1094fdd93abSschwarze.Ft int 1104fdd93abSschwarze.Fo OCSP_request_sign 1114fdd93abSschwarze.Fa "OCSP_REQUEST *req" 1124fdd93abSschwarze.Fa "X509 *signer" 1134fdd93abSschwarze.Fa "EVP_PKEY *key" 1144fdd93abSschwarze.Fa "const EVP_MD *dgst" 1154fdd93abSschwarze.Fa "STACK_OF(X509) *certs" 1164fdd93abSschwarze.Fa "unsigned long flags" 1174fdd93abSschwarze.Fc 1184fdd93abSschwarze.Ft int 1194fdd93abSschwarze.Fo OCSP_request_add1_cert 1204fdd93abSschwarze.Fa "OCSP_REQUEST *req" 1214fdd93abSschwarze.Fa "X509 *cert" 1224fdd93abSschwarze.Fc 1234fdd93abSschwarze.Ft int 1244fdd93abSschwarze.Fo OCSP_request_onereq_count 1254fdd93abSschwarze.Fa "OCSP_REQUEST *req" 1264fdd93abSschwarze.Fc 1274fdd93abSschwarze.Ft OCSP_ONEREQ * 1284fdd93abSschwarze.Fo OCSP_request_onereq_get0 1294fdd93abSschwarze.Fa "OCSP_REQUEST *req" 1304fdd93abSschwarze.Fa "int i" 1314fdd93abSschwarze.Fc 1324fdd93abSschwarze.Sh DESCRIPTION 1334fdd93abSschwarze.Fn OCSP_REQUEST_new 1347e161a3dSschwarzeallocates and initializes an empty 1354fdd93abSschwarze.Vt OCSP_REQUEST 13656bc162bSschwarzeobject, representing an ASN.1 13756bc162bSschwarze.Vt OCSPRequest 13856bc162bSschwarzestructure defined in RFC 6960. 1394fdd93abSschwarze.Fn OCSP_REQUEST_free 1407e161a3dSschwarzefrees 1414fdd93abSschwarze.Fa req . 1424fdd93abSschwarze.Pp 1437e161a3dSschwarze.Fn OCSP_SIGNATURE_new 1447e161a3dSschwarzeallocates and initializes an empty 1457e161a3dSschwarze.Vt OCSP_SIGNATURE 14656bc162bSschwarzeobject, representing an ASN.1 14756bc162bSschwarze.Vt Signature 14856bc162bSschwarzestructure defined in RFC 6960. 1497e161a3dSschwarzeSuch an object is used inside 1507e161a3dSschwarze.Vt OCSP_REQUEST . 1517e161a3dSschwarze.Fn OCSP_SIGNATURE_free 1527e161a3dSschwarzefrees 1537e161a3dSschwarze.Fa signature . 1547e161a3dSschwarze.Pp 1557e161a3dSschwarze.Fn OCSP_REQINFO_new 1567e161a3dSschwarzeallocates and initializes an empty 1577e161a3dSschwarze.Vt OCSP_REQINFO 15856bc162bSschwarzeobject, representing an ASN.1 15956bc162bSschwarze.Vt TBSRequest 16056bc162bSschwarzestructure defined in RFC 6960. 1617e161a3dSschwarzeSuch an object is used inside 1627e161a3dSschwarze.Vt OCSP_REQUEST . 1637e161a3dSschwarzeIt asks about the validity of one or more certificates. 1647e161a3dSschwarze.Fn OCSP_REQINFO_free 1657e161a3dSschwarzefrees 1667e161a3dSschwarze.Fa reqinfo . 1677e161a3dSschwarze.Pp 1687e161a3dSschwarze.Fn OCSP_ONEREQ_new 1697e161a3dSschwarzeallocates and initializes an empty 1707e161a3dSschwarze.Vt OCSP_ONEREQ 17156bc162bSschwarzeobject, representing an ASN.1 17256bc162bSschwarze.Vt Request 17356bc162bSschwarzestructure defined in RFC 6960. 1747e161a3dSschwarzeSuch objects are used inside 1757e161a3dSschwarze.Vt OCSP_REQINFO . 176*a0b616e6SjsgEach one asks about the validity of one certificate. 1777e161a3dSschwarze.Fn OCSP_ONEREQ_free 1787e161a3dSschwarzefrees 1797e161a3dSschwarze.Fa onereq . 1807e161a3dSschwarze.Pp 1814fdd93abSschwarze.Fn OCSP_request_add0_id 1824fdd93abSschwarzeadds certificate ID 1834fdd93abSschwarze.Fa cid 1844fdd93abSschwarzeto 1854fdd93abSschwarze.Fa req . 1864fdd93abSschwarzeIt returns the 1874fdd93abSschwarze.Vt OCSP_ONEREQ 1887e161a3dSschwarzeobject added so an application can add additional extensions to the 1894fdd93abSschwarzerequest. 1904fdd93abSschwarzeThe 1914fdd93abSschwarze.Fa cid 1924fdd93abSschwarzeparameter must not be freed up after the operation. 1934fdd93abSschwarze.Pp 1944fdd93abSschwarze.Fn OCSP_request_sign 1954fdd93abSschwarzesigns OCSP request 1964fdd93abSschwarze.Fa req 1974fdd93abSschwarzeusing certificate 1984fdd93abSschwarze.Fa signer , 1994fdd93abSschwarzeprivate key 2004fdd93abSschwarze.Fa key , 2014fdd93abSschwarzedigest 2024fdd93abSschwarze.Fa dgst , 2034fdd93abSschwarzeand additional certificates 2044fdd93abSschwarze.Fa certs . 2054fdd93abSschwarzeIf the 2064fdd93abSschwarze.Fa flags 2074fdd93abSschwarzeoption 2084fdd93abSschwarze.Dv OCSP_NOCERTS 2094fdd93abSschwarzeis set, then no certificates will be included in the request. 2104fdd93abSschwarze.Pp 2114fdd93abSschwarze.Fn OCSP_request_add1_cert 2124fdd93abSschwarzeadds certificate 2134fdd93abSschwarze.Fa cert 2144fdd93abSschwarzeto request 2154fdd93abSschwarze.Fa req . 2164fdd93abSschwarzeThe application is responsible for freeing up 2174fdd93abSschwarze.Fa cert 2184fdd93abSschwarzeafter use. 2194fdd93abSschwarze.Pp 2204fdd93abSschwarze.Fn OCSP_request_onereq_count 2214fdd93abSschwarzereturns the total number of 2224fdd93abSschwarze.Vt OCSP_ONEREQ 2237e161a3dSschwarzeobjects in 2244fdd93abSschwarze.Fa req . 2254fdd93abSschwarze.Pp 2264fdd93abSschwarze.Fn OCSP_request_onereq_get0 2274fdd93abSschwarzereturns an internal pointer to the 2284fdd93abSschwarze.Vt OCSP_ONEREQ 2294fdd93abSschwarzecontained in 2304fdd93abSschwarze.Fa req 2314fdd93abSschwarzeof index 2324fdd93abSschwarze.Fa i . 2334fdd93abSschwarzeThe index value 2344fdd93abSschwarze.Fa i 2354fdd93abSschwarzeruns from 0 to 2364fdd93abSschwarze.Fn OCSP_request_onereq_count req No - 1 . 2374fdd93abSschwarze.Pp 2384fdd93abSschwarze.Fn OCSP_request_onereq_count 2394fdd93abSschwarzeand 2404fdd93abSschwarze.Fn OCSP_request_onereq_get0 2414fdd93abSschwarzeare mainly used by OCSP responders. 2424fdd93abSschwarze.Sh RETURN VALUES 2437e161a3dSschwarze.Fn OCSP_REQUEST_new , 2447e161a3dSschwarze.Fn OCSP_SIGNATURE_new , 2457e161a3dSschwarze.Fn OCSP_REQINFO_new , 2467e161a3dSschwarzeand 2477e161a3dSschwarze.Fn OCSP_ONEREQ_new 2487e161a3dSschwarzereturn an empty 2497e161a3dSschwarze.Vt OCSP_REQUEST , 2507e161a3dSschwarze.Vt OCSP_SIGNATURE , 2517e161a3dSschwarze.Vt OCSP_REQINFO , 2527e161a3dSschwarzeor 2537e161a3dSschwarze.Vt OCSP_ONEREQ 2547e161a3dSschwarzeobject, respectively, or 2554fdd93abSschwarze.Dv NULL 2564fdd93abSschwarzeif an error occurred. 2574fdd93abSschwarze.Pp 2584fdd93abSschwarze.Fn OCSP_request_add0_id 2594fdd93abSschwarzereturns the 2604fdd93abSschwarze.Vt OCSP_ONEREQ 2617e161a3dSschwarzeobject containing 2624fdd93abSschwarze.Fa cid 2634fdd93abSschwarzeor 2644fdd93abSschwarze.Dv NULL 2654fdd93abSschwarzeif an error occurred. 2664fdd93abSschwarze.Pp 2674fdd93abSschwarze.Fn OCSP_request_sign 2684fdd93abSschwarzeand 2694fdd93abSschwarze.Fn OCSP_request_add1_cert 2704fdd93abSschwarzereturn 1 for success or 0 for failure. 2714fdd93abSschwarze.Pp 2724fdd93abSschwarze.Fn OCSP_request_onereq_count 2734fdd93abSschwarzereturns the total number of 2744fdd93abSschwarze.Vt OCSP_ONEREQ 2757e161a3dSschwarzeobjects in 2764fdd93abSschwarze.Fa req . 2774fdd93abSschwarze.Pp 2784fdd93abSschwarze.Fn OCSP_request_onereq_get0 2794fdd93abSschwarzereturns a pointer to an 2804fdd93abSschwarze.Vt OCSP_ONEREQ 2817e161a3dSschwarzeobject or 2824fdd93abSschwarze.Dv NULL 283ddda17d6Sjmcif the index value is out of range. 284ddda17d6Sjmc.Sh EXAMPLES 2854fdd93abSschwarzeCreate an 2864fdd93abSschwarze.Vt OCSP_REQUEST 2877e161a3dSschwarzeobject for certificate 2884fdd93abSschwarze.Fa cert 2894fdd93abSschwarzewith issuer 2904fdd93abSschwarze.Fa issuer : 2914fdd93abSschwarze.Bd -literal -offset indent 2924fdd93abSschwarzeOCSP_REQUEST *req; 2934fdd93abSschwarzeOCSP_ID *cid; 2944fdd93abSschwarze 2954fdd93abSschwarzereq = OCSP_REQUEST_new(); 2964fdd93abSschwarzeif (req == NULL) 2974fdd93abSschwarze /* error */ 2984fdd93abSschwarzecid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); 2994fdd93abSschwarzeif (cid == NULL) 3004fdd93abSschwarze /* error */ 3014fdd93abSschwarze 3024fdd93abSschwarzeif (OCSP_REQUEST_add0_id(req, cid) == NULL) 3034fdd93abSschwarze /* error */ 3044fdd93abSschwarze 3054fdd93abSschwarze /* Do something with req, e.g. query responder */ 3064fdd93abSschwarze 3074fdd93abSschwarzeOCSP_REQUEST_free(req); 3084fdd93abSschwarze.Ed 3094fdd93abSschwarze.Sh SEE ALSO 310b365cb80Sschwarze.Xr ACCESS_DESCRIPTION_new 3 , 31100d4e240Sschwarze.Xr crypto 3 , 312c4c55c71Sschwarze.Xr d2i_OCSP_REQUEST 3 , 313c4c55c71Sschwarze.Xr d2i_OCSP_RESPONSE 3 , 314c4c55c71Sschwarze.Xr EVP_DigestInit 3 , 3154fdd93abSschwarze.Xr OCSP_cert_to_id 3 , 316c4c55c71Sschwarze.Xr OCSP_CRLID_new 3 , 3174fdd93abSschwarze.Xr OCSP_request_add1_nonce 3 , 3184fdd93abSschwarze.Xr OCSP_resp_find_status 3 , 3194fdd93abSschwarze.Xr OCSP_response_status 3 , 320eb447716Sschwarze.Xr OCSP_sendreq_new 3 , 3219ef74966Sschwarze.Xr OCSP_SERVICELOC_new 3 , 3229ef74966Sschwarze.Xr X509_ocspid_print 3 3237e161a3dSschwarze.Sh STANDARDS 3247e161a3dSschwarzeRFC 6960: X.509 Internet Public Key Infrastructure Online Certificate 3257e161a3dSschwarzeStatus Protocol, section 4.1: Request Syntax 32680d1afcdSschwarze.Sh HISTORY 32780d1afcdSschwarzeThese functions first appeared in OpenSSL 0.9.7 32880d1afcdSschwarzeand have been available since 32980d1afcdSschwarze.Ox 3.2 . 330