aboutsummaryrefslogtreecommitdiffstats
path: root/doc/man3/OCSP_sendreq_new.pod
blob: 16d5a21dfcaec53d52b0e54a2c741e45a906e5d9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
=pod

=head1 NAME

OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions

=head1 SYNOPSIS

 #include <openssl/ocsp.h>

 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
                                int maxline);

 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);

 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);

 void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);

 int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
                              const char *name, const char *value);

 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);

 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);

=head1 DESCRIPTION

The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
responder B<io>, the URL path B<path>, the OCSP request B<req> and with a
response header maximum line length of B<maxline>. If B<maxline> is zero a
default value of 4k is used. The OCSP request B<req> may be set to B<NULL>
and provided later if required.

OCSP_sendreq_nbio() performs nonblocking I/O on the OCSP request context
B<rctx>. When the operation is complete it returns the response in B<*presp>.

OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.

OCSP_set_max_response_length() sets the maximum response length for B<rctx>
to B<len>. If the response exceeds this length an error occurs. If not
set a default value of 100k is used.

OCSP_REQ_CTX_add1_header() adds header B<name> with value B<value> to the
context B<rctx>. It can be called more than once to add multiple headers.
It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req>
parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if
additional headers are set.

OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
function should be called after any calls to OCSP_REQ_CTX_add1_header().

OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
path B<path>, and the OCSP request B<req> with a response header maximum line
length 4k. It waits indefinitely on a response.

=head1 RETURN VALUES

OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL> if
an error occurred.

OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully,
B<-1> if the operation should be retried and B<0> if an error occurred.

OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success
and B<0> for failure.

OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
responder or B<NULL> if an error occurred.

OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.

=head1 NOTES

These functions only perform a minimal HTTP query to a responder. If an
application wishes to support more advanced features it should use an
alternative more complete HTTP library.

Currently only HTTP POST queries to responders are supported.

The arguments to OCSP_sendreq_new() correspond to the components of the URL.
For example if the responder URL is B<http://ocsp.com/ocspreq> the BIO
B<io> should be connected to host B<ocsp.com> on port 80 and B<path>
should be set to B<"/ocspreq">

The headers added with OCSP_REQ_CTX_add1_header() are of the form
"B<name>: B<value>" or just "B<name>" if B<value> is B<NULL>. So to add
a Host header for B<ocsp.com> you would call:

 OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");

If OCSP_sendreq_nbio() indicates an operation should be retried the
corresponding BIO can be examined to determine which operation (read or
write) should be retried and appropriate action taken (for example a select()
call on the underlying socket).

OCSP_sendreq_bio() does not support retries and so cannot handle nonblocking
I/O efficiently. It is retained for compatibility and its use in new
applications is not recommended.

=head1 SEE ALSO

L<crypto(7)>,
L<OCSP_cert_to_id(3)>,
L<OCSP_request_add1_nonce(3)>,
L<OCSP_REQUEST_new(3)>,
L<OCSP_resp_find_status(3)>,
L<OCSP_response_status(3)>

=head1 COPYRIGHT

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut