1OCSP_RESPONSE_STATUS(3ossl)         OpenSSL        OCSP_RESPONSE_STATUS(3ossl)
2
3
4

NAME

6       OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create,
7       OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key_ex,
8       OCSP_RESPID_set_by_key, OCSP_RESPID_match_ex, OCSP_RESPID_match,
9       OCSP_basic_sign, OCSP_basic_sign_ctx - OCSP response functions
10

SYNOPSIS

12        #include <openssl/ocsp.h>
13
14        int OCSP_response_status(OCSP_RESPONSE *resp);
15        OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
16        OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
17        void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
18
19        int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
20        int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert,
21                                      OSSL_LIB_CTX *libctx, const char *propq);
22        int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
23        int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx,
24                                 const char *propq);
25        int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
26
27        int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
28                            const EVP_MD *dgst, STACK_OF(X509) *certs,
29                            unsigned long flags);
30        int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx,
31                                STACK_OF(X509) *certs, unsigned long flags);
32

DESCRIPTION

34       OCSP_response_status() returns the OCSP response status of resp. It
35       returns one of the values: OCSP_RESPONSE_STATUS_SUCCESSFUL,
36       OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
37       OCSP_RESPONSE_STATUS_INTERNALERROR, OCSP_RESPONSE_STATUS_TRYLATER
38       OCSP_RESPONSE_STATUS_SIGREQUIRED, or OCSP_RESPONSE_STATUS_UNAUTHORIZED.
39
40       OCSP_response_get1_basic() decodes and returns the OCSP_BASICRESP
41       structure contained in resp.
42
43       OCSP_response_create() creates and returns an OCSP_RESPONSE structure
44       for status and optionally including basic response bs.
45
46       OCSP_RESPONSE_free() frees up OCSP response resp.
47
48       OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the
49       same as the subject name in the supplied X509 certificate cert for the
50       OCSP responder.
51
52       OCSP_RESPID_set_by_key_ex() sets the key of the OCSP_RESPID to be the
53       same as the key in the supplied X509 certificate cert for the OCSP
54       responder. The key is stored as a SHA1 hash. To calculate the hash the
55       SHA1 algorithm is fetched using the library ctx libctx and the property
56       query string propq (see "ALGORITHM FETCHING" in crypto(7) for further
57       information).
58
59       OCSP_RESPID_set_by_key() does the same as OCSP_RESPID_set_by_key_ex()
60       except that the default library context is used with an empty property
61       query string.
62
63       Note that an OCSP_RESPID can only have one of the name, or the key set.
64       Calling OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will
65       clear any existing setting.
66
67       OCSP_RESPID_match_ex() tests whether the OCSP_RESPID given in respid
68       matches with the X509 certificate cert based on the SHA1 hash. To
69       calculate the hash the SHA1 algorithm is fetched using the library ctx
70       libctx and the property query string propq (see "ALGORITHM FETCHING" in
71       crypto(7) for further information).
72
73       OCSP_RESPID_match() does the same as OCSP_RESPID_match_ex() except that
74       the default library context is used with an empty property query
75       string.
76
77       OCSP_basic_sign() signs OCSP response brsp using certificate signer,
78       private key key, digest dgst and additional certificates certs. If the
79       flags option OCSP_NOCERTS is set then no certificates will be included
80       in the response. If the flags option OCSP_RESPID_KEY is set then the
81       responder is identified by key ID rather than by name.
82       OCSP_basic_sign_ctx() also signs OCSP response brsp but uses the
83       parameters contained in digest context ctx.
84

RETURN VALUES

86       OCSP_RESPONSE_status() returns a status value.
87
88       OCSP_response_get1_basic() returns an OCSP_BASICRESP structure pointer
89       or NULL if an error occurred.
90
91       OCSP_response_create() returns an OCSP_RESPONSE structure pointer or
92       NULL if an error occurred.
93
94       OCSP_RESPONSE_free() does not return a value.
95
96       OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(),
97       and OCSP_basic_sign_ctx() return 1 on success or 0 on failure.
98
99       OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509
100       certificate match or 0 otherwise.
101

NOTES

103       OCSP_response_get1_basic() is only called if the status of a response
104       is OCSP_RESPONSE_STATUS_SUCCESSFUL.
105

SEE ALSO

107       crypto(7) OCSP_cert_to_id(3) OCSP_request_add1_nonce(3)
108       OCSP_REQUEST_new(3) OCSP_resp_find_status(3) OCSP_sendreq_new(3)
109       OCSP_RESPID_new(3) OCSP_RESPID_free(3)
110

HISTORY

112       The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and
113       OCSP_RESPID_match() functions were added in OpenSSL 1.1.0a.
114
115       The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.
116

COPYRIGHT

118       Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
119
120       Licensed under the Apache License 2.0 (the "License").  You may not use
121       this file except in compliance with the License.  You can obtain a copy
122       in the file LICENSE in the source distribution or at
123       <https://www.openssl.org/source/license.html>.
124
125
126
1273.0.9                             2023-07-27       OCSP_RESPONSE_STATUS(3ossl)