1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5b077aed3SPierre ProncheryOCSP_REQ_CTX, 688e852c0SJung-uk KimOCSP_sendreq_new, 788e852c0SJung-uk KimOCSP_sendreq_nbio, 8b077aed3SPierre ProncheryOCSP_sendreq_bio, 9b077aed3SPierre ProncheryOCSP_REQ_CTX_i2d, 10b077aed3SPierre ProncheryOCSP_REQ_CTX_add1_header, 1188e852c0SJung-uk KimOCSP_REQ_CTX_free, 1288e852c0SJung-uk KimOCSP_set_max_response_length, 13b077aed3SPierre ProncheryOCSP_REQ_CTX_set1_req 1488e852c0SJung-uk Kim- OCSP responder query functions 15e71b7053SJung-uk Kim 16e71b7053SJung-uk Kim=head1 SYNOPSIS 17e71b7053SJung-uk Kim 18e71b7053SJung-uk Kim #include <openssl/ocsp.h> 19e71b7053SJung-uk Kim 20b077aed3SPierre Pronchery OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, 21b077aed3SPierre Pronchery const OCSP_REQUEST *req, int buf_size); 2217f01e99SJung-uk Kim OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); 23e71b7053SJung-uk Kim 24b077aed3SPierre ProncheryThe following functions have been deprecated since OpenSSL 3.0, and can be 25b077aed3SPierre Proncheryhidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 26b077aed3SPierre Proncherysee L<openssl_user_macros(7)>: 27b077aed3SPierre Pronchery 28b077aed3SPierre Pronchery typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; 29b077aed3SPierre Pronchery int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx); 30b077aed3SPierre Pronchery int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req); 31b077aed3SPierre Pronchery int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx, 32b077aed3SPierre Pronchery const char *name, const char *value); 33b077aed3SPierre Pronchery void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); 34b077aed3SPierre Pronchery void OCSP_set_max_response_length(OCSP_REQ_CT *rctx, unsigned long len); 35b077aed3SPierre Pronchery int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); 3688e852c0SJung-uk Kim 37e71b7053SJung-uk Kim=head1 DESCRIPTION 38e71b7053SJung-uk Kim 39b077aed3SPierre ProncheryThese functions perform an OCSP POST request / response transfer over HTTP, 40b077aed3SPierre Proncheryusing the HTTP request functions described in L<OSSL_HTTP_REQ_CTX(3)>. 41e71b7053SJung-uk Kim 42b077aed3SPierre ProncheryThe function OCSP_sendreq_new() builds a complete B<OSSL_HTTP_REQ_CTX> structure 43*aa795734SPierre Proncherywith the B<BIO> I<io> to be used for requests and response, the URL path I<path>, 44b077aed3SPierre Proncheryoptionally the OCSP request I<req>, and a response header maximum line length 45b077aed3SPierre Proncheryof I<buf_size>. If I<buf_size> is zero a default value of 4KiB is used. 46b077aed3SPierre ProncheryThe I<req> may be set to NULL and provided later using OCSP_REQ_CTX_set1_req() 47b077aed3SPierre Proncheryor L<OSSL_HTTP_REQ_CTX_set1_req(3)>. 48b077aed3SPierre ProncheryThe I<io> and I<path> arguments to OCSP_sendreq_new() correspond to the 49b077aed3SPierre Proncherycomponents of the URL. 50b077aed3SPierre ProncheryFor example if the responder URL is C<http://example.com/ocspreq> the BIO 51b077aed3SPierre ProncheryI<io> should haven been connected to host C<example.com> on port 80 and I<path> 52b077aed3SPierre Proncheryshould be set to C</ocspreq>. 53e71b7053SJung-uk Kim 54b077aed3SPierre ProncheryOCSP_sendreq_nbio() attempts to send the request prepared in I<rctx> 55b077aed3SPierre Proncheryand to gather the response via HTTP, using the BIO I<io> and I<path> 56b077aed3SPierre Proncherythat were given when calling OCSP_sendreq_new(). 57b077aed3SPierre ProncheryIf the operation gets completed it assigns the response, 58b077aed3SPierre Proncherya pointer to a B<OCSP_RESPONSE> structure, in I<*presp>. 59b077aed3SPierre ProncheryThe function may need to be called again if its result is -1, which indicates 60b077aed3SPierre ProncheryL<BIO_should_retry(3)>. In such a case it is advisable to sleep a little in 61b077aed3SPierre Proncherybetween, using L<BIO_wait(3)> on the read BIO to prevent a busy loop. 62e71b7053SJung-uk Kim 63b077aed3SPierre ProncheryOCSP_sendreq_bio() combines OCSP_sendreq_new() with as many calls of 64b077aed3SPierre ProncheryOCSP_sendreq_nbio() as needed and then OCSP_REQ_CTX_free(), with a 65b077aed3SPierre Proncheryresponse header maximum line length 4k. It waits indefinitely on a response. 66b077aed3SPierre ProncheryIt does not support setting a timeout or adding headers and is retained 67b077aed3SPierre Proncheryfor compatibility; use L<OSSL_HTTP_transfer(3)> instead. 68e71b7053SJung-uk Kim 69b077aed3SPierre ProncheryOCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following: 70e71b7053SJung-uk Kim 71b077aed3SPierre Pronchery OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request", it, req) 72b077aed3SPierre Pronchery 7388e852c0SJung-uk KimOCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following: 7488e852c0SJung-uk Kim 75b077aed3SPierre Pronchery OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request", 76b077aed3SPierre Pronchery ASN1_ITEM_rptr(OCSP_REQUEST), 77b077aed3SPierre Pronchery (const ASN1_VALUE *)req) 7888e852c0SJung-uk Kim 79b077aed3SPierre ProncheryThe deprecated type and the remaining deprecated functions 80b077aed3SPierre Proncheryhave been superseded by the following equivalents: 81b077aed3SPierre ProncheryB<OCSP_REQ_CTX> by L<OSSL_HTTP_REQ_CTX(3)>, 82b077aed3SPierre ProncheryOCSP_REQ_CTX_add1_header() by L<OSSL_HTTP_REQ_CTX_add1_header(3)>, 83b077aed3SPierre ProncheryOCSP_REQ_CTX_free() by L<OSSL_HTTP_REQ_CTX_free(3)>, and 84b077aed3SPierre ProncheryOCSP_set_max_response_length() by 85b077aed3SPierre ProncheryL<OSSL_HTTP_REQ_CTX_set_max_response_length(3)>. 86e71b7053SJung-uk Kim 87e71b7053SJung-uk Kim=head1 RETURN VALUES 88e71b7053SJung-uk Kim 89b077aed3SPierre ProncheryOCSP_sendreq_new() returns a valid B<OSSL_HTTP_REQ_CTX> structure or NULL 90b077aed3SPierre Proncheryif an error occurred. 91e71b7053SJung-uk Kim 92b077aed3SPierre ProncheryOCSP_sendreq_nbio() returns 1 for success, 0 on error, -1 if retry is needed. 93e71b7053SJung-uk Kim 94e71b7053SJung-uk KimOCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the 95b077aed3SPierre Proncheryresponder or NULL if an error occurred. 96e71b7053SJung-uk Kim 97e71b7053SJung-uk Kim=head1 SEE ALSO 98e71b7053SJung-uk Kim 99b077aed3SPierre ProncheryL<OSSL_HTTP_REQ_CTX(3)>, L<OSSL_HTTP_transfer(3)>, 100e71b7053SJung-uk KimL<OCSP_cert_to_id(3)>, 101e71b7053SJung-uk KimL<OCSP_request_add1_nonce(3)>, 102e71b7053SJung-uk KimL<OCSP_REQUEST_new(3)>, 103e71b7053SJung-uk KimL<OCSP_resp_find_status(3)>, 104e71b7053SJung-uk KimL<OCSP_response_status(3)> 105e71b7053SJung-uk Kim 106b077aed3SPierre Pronchery=head1 HISTORY 107b077aed3SPierre Pronchery 108b077aed3SPierre ProncheryB<OCSP_REQ_CTX>, 109b077aed3SPierre ProncheryOCSP_REQ_CTX_i2d(), 110b077aed3SPierre ProncheryOCSP_REQ_CTX_add1_header(), 111b077aed3SPierre ProncheryOCSP_REQ_CTX_free(), 112b077aed3SPierre ProncheryOCSP_set_max_response_length(), 113b077aed3SPierre Proncheryand OCSP_REQ_CTX_set1_req() 114b077aed3SPierre Proncherywere deprecated in OpenSSL 3.0. 115b077aed3SPierre Pronchery 116e71b7053SJung-uk Kim=head1 COPYRIGHT 117e71b7053SJung-uk Kim 118*aa795734SPierre ProncheryCopyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. 119e71b7053SJung-uk Kim 120b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 121e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 122e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 123e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 124e71b7053SJung-uk Kim 125e71b7053SJung-uk Kim=cut 126