NAME

OCSP_REQ_CTX, OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_sendreq_bio, OCSP_REQ_CTX_i2d, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_set1_req - OCSP responder query functions

SYNOPSIS

 #include <openssl/ocsp.h>

 OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
                                     const OCSP_REQUEST *req, int buf_size);
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);

The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining OPENSSL_API_COMPAT with a suitable version value, see openssl_user_macros(7):

 typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
 int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req);
 int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx,
                              const char *name, const char *value);
 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
 void OCSP_set_max_response_length(OCSP_REQ_CT *rctx, unsigned long len);
 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);

DESCRIPTION

These functions perform an OCSP POST request / response transfer over HTTP, using the HTTP request functions described in OSSL_HTTP_REQ_CTX(3).

The function OCSP_sendreq_new() builds a complete OSSL_HTTP_REQ_CTX structure with the BIO io to be used for requests and reponse, the URL path path, optionally the OCSP request req, and a response header maximum line length of buf_size. If buf_size is zero a default value of 4KiB is used. The req may be set to NULL and provided later using OCSP_REQ_CTX_set1_req() or OSSL_HTTP_REQ_CTX_set1_req(3). The io and path arguments to OCSP_sendreq_new() correspond to the components of the URL. For example if the responder URL is "http://example.com/ocspreq" the BIO io should haven been connected to host "example.com" on port 80 and path should be set to "/ocspreq".

OCSP_sendreq_nbio() attempts to send the request prepared in rctx and to gather the response via HTTP, using the BIO io and path that were given when calling OCSP_sendreq_new(). If the operation gets completed it assigns the response, a pointer to a OCSP_RESPONSE structure, in *presp. The function may need to be called again if its result is -1, which indicates BIO_should_retry(3). In such a case it is advisable to sleep a little in between, using BIO_wait(3) on the read BIO to prevent a busy loop.

OCSP_sendreq_bio() combines OCSP_sendreq_new() with as many calls of OCSP_sendreq_nbio() as needed and then OCSP_REQ_CTX_free(), with a response header maximum line length 4k. It waits indefinitely on a response. It does not support setting a timeout or adding headers and is retained for compatibility; use OSSL_HTTP_transfer(3) instead.

OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following:

  OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request", it, req)

OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:

 OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request",
                            ASN1_ITEM_rptr(OCSP_REQUEST),
                            (const ASN1_VALUE *)req)

The deprecated type and the remaining deprecated functions have been superseded by the following equivalents: OCSP_REQ_CTX by OSSL_HTTP_REQ_CTX(3), OCSP_REQ_CTX_add1_header() by OSSL_HTTP_REQ_CTX_add1_header(3), OCSP_REQ_CTX_free() by OSSL_HTTP_REQ_CTX_free(3), and OCSP_set_max_response_length() by OSSL_HTTP_REQ_CTX_set_max_response_length(3).

RETURN VALUES

OCSP_sendreq_new() returns a valid OSSL_HTTP_REQ_CTX structure or NULL if an error occurred.

OCSP_sendreq_nbio() returns 1 for success, 0 on error, -1 if retry is needed.

OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the responder or NULL if an error occurred.

HISTORY

OCSP_REQ_CTX, OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_free(), OCSP_set_max_response_length(), and OCSP_REQ_CTX_set1_req() were deprecated in OpenSSL 3.0.

COPYRIGHT