1.\" $OpenBSD: OCSP_cert_to_id.3,v 1.4 2016/12/12 20:41:48 schwarze Exp $ 2.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 3.\" 4.\" This file is a derived work. 5.\" The changes are covered by the following Copyright and license: 6.\" 7.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 8.\" 9.\" Permission to use, copy, modify, and distribute this software for any 10.\" purpose with or without fee is hereby granted, provided that the above 11.\" copyright notice and this permission notice appear in all copies. 12.\" 13.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20.\" 21.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>. 22.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. 23.\" 24.\" Redistribution and use in source and binary forms, with or without 25.\" modification, are permitted provided that the following conditions 26.\" are met: 27.\" 28.\" 1. Redistributions of source code must retain the above copyright 29.\" notice, this list of conditions and the following disclaimer. 30.\" 31.\" 2. Redistributions in binary form must reproduce the above copyright 32.\" notice, this list of conditions and the following disclaimer in 33.\" the documentation and/or other materials provided with the 34.\" distribution. 35.\" 36.\" 3. All advertising materials mentioning features or use of this 37.\" software must display the following acknowledgment: 38.\" "This product includes software developed by the OpenSSL Project 39.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 40.\" 41.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 42.\" endorse or promote products derived from this software without 43.\" prior written permission. For written permission, please contact 44.\" openssl-core@openssl.org. 45.\" 46.\" 5. Products derived from this software may not be called "OpenSSL" 47.\" nor may "OpenSSL" appear in their names without prior written 48.\" permission of the OpenSSL Project. 49.\" 50.\" 6. Redistributions of any form whatsoever must retain the following 51.\" acknowledgment: 52.\" "This product includes software developed by the OpenSSL Project 53.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 54.\" 55.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 56.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 57.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 58.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 59.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 60.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 61.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 62.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 65.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 66.\" OF THE POSSIBILITY OF SUCH DAMAGE. 67.\" 68.Dd $Mdocdate: December 12 2016 $ 69.Dt OCSP_CERT_TO_ID 3 70.Os 71.Sh NAME 72.Nm OCSP_CERTID_new , 73.Nm OCSP_CERTID_free , 74.Nm OCSP_cert_to_id , 75.Nm OCSP_cert_id_new , 76.Nm OCSP_id_issuer_cmp , 77.Nm OCSP_id_cmp , 78.Nm OCSP_id_get0_info 79.Nd OCSP certificate ID utility functions 80.Sh SYNOPSIS 81.In openssl/ocsp.h 82.Ft OCSP_CERTID * 83.Fn OCSP_CERTID_new void 84.Ft void 85.Fn OCSP_CERTID_free "OCSP_CERTID *id" 86.Ft OCSP_CERTID * 87.Fo OCSP_cert_to_id 88.Fa "const EVP_MD *dgst" 89.Fa "X509 *subject" 90.Fa "X509 *issuer" 91.Fc 92.Ft OCSP_CERTID * 93.Fo OCSP_cert_id_new 94.Fa "const EVP_MD *dgst" 95.Fa "X509_NAME *issuerName" 96.Fa "ASN1_BIT_STRING *issuerKey" 97.Fa "ASN1_INTEGER *serialNumber" 98.Fc 99.Ft int 100.Fo OCSP_id_issuer_cmp 101.Fa "OCSP_CERTID *a" 102.Fa "OCSP_CERTID *b" 103.Fc 104.Ft int 105.Fo OCSP_id_cmp 106.Fa "OCSP_CERTID *a" 107.Fa "OCSP_CERTID *b" 108.Fc 109.Ft int 110.Fo OCSP_id_get0_info 111.Fa "ASN1_OCTET_STRING **piNameHash" 112.Fa "ASN1_OBJECT **pmd" 113.Fa "ASN1_OCTET_STRING **pikeyHash" 114.Fa "ASN1_INTEGER **pserial" 115.Fa "OCSP_CERTID *cid" 116.Fc 117.Sh DESCRIPTION 118.Fn OCSP_CERTID_new 119allocates and initializes an empty 120.Vt OCSP_CERTID 121object, representing an ASN.1 CertID structure defined in RFC 6960. 122It can store hashes of an issuer's distinguished name and public 123key together with a serial number of a certificate. 124It is used by the 125.Vt OCSP_ONEREQ 126object described in 127.Xr OCSP_ONEREQ_new 3 128and by the 129.Vt OCSP_SINGLERESP 130object described in 131.Xr OCSP_SINGLERESP_new 3 . 132.Fn OCSP_CERTID_free 133frees 134.Fa id . 135.Pp 136.Fn OCSP_cert_to_id 137creates and returns a new 138.Vt OCSP_CERTID 139object using message digest 140.Fa dgst 141for certificate 142.Fa subject 143with issuer 144.Fa issuer . 145If 146.Fa dgst 147is 148.Dv NULL 149then SHA1 is used. 150.Pp 151.Fn OCSP_cert_id_new 152creates and returns a new 153.Vt OCSP_CERTID 154using 155.Fa dgst 156and issuer name 157.Fa issuerName , 158issuer key hash 159.Fa issuerKey 160and serial number 161.Fa serialNumber . 162.Pp 163.Fn OCSP_id_cmp 164compares 165.Vt OCSP_CERTID 166.Fa a 167and 168.Fa b . 169.Pp 170.Fn OCSP_id_issuer_cmp 171compares only the issuer name of 172.Vt OCSP_CERTID 173.Fa a 174and 175.Fa b . 176.Pp 177.Fn OCSP_id_get0_info 178returns the issuer name hash, hash OID, issuer key hash and serial 179number contained in 180.Fa cid . 181If any of the values are not required the corresponding parameter can be 182set to 183.Dv NULL . 184The values returned by 185.Fn OCSP_id_get0_info 186are internal pointers and must not be freed up by an application: 187they will be freed when the corresponding 188.Vt OCSP_CERTID 189object is freed. 190.Pp 191OCSP clients will typically only use 192.Fn OCSP_cert_to_id 193or 194.Fn OCSP_cert_id_new : 195the other functions are used by responder applications. 196.Sh RETURN VALUES 197.Fn OCSP_CERTID_new , 198.Fn OCSP_cert_to_id , 199and 200.Fn OCSP_cert_id_new 201return either a pointer to a valid 202.Vt OCSP_CERTID 203object or 204.Dv NULL 205if an error occurred. 206.Pp 207.Fn OCSP_id_cmp 208and 209.Fn OCSP_id_issuer_cmp 210return 0 for a match or non-zero otherwise. 211.Pp 212.Fn OCSP_id_get0_info 213returns 1 for success or 0 for failure. 214.Sh SEE ALSO 215.Xr OCSP_request_add1_nonce 3 , 216.Xr OCSP_REQUEST_new 3 , 217.Xr OCSP_resp_find_status 3 , 218.Xr OCSP_response_status 3 , 219.Xr OCSP_sendreq_new 3 220.Sh STANDARDS 221RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate 222Status Protocol, section 4: Details of the Protocol 223