1=pod 2 3=head1 NAME 4 5OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, 6OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, 7OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions 8 9=head1 SYNOPSIS 10 11 #include <openssl/ocsp.h> 12 13 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, 14 int maxline); 15 16 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); 17 18 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); 19 20 void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); 21 22 int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, 23 const char *name, const char *value); 24 25 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); 26 27 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req, 28 int maxline); 29 30=head1 DESCRIPTION 31 32The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the 33responder B<io>, the URL path B<path>, the OCSP request B<req> and with a 34response header maximum line length of B<maxline>. If B<maxline> is zero a 35default value of 4k is used. The OCSP request B<req> may be set to B<NULL> 36and provided later if required. 37 38OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context 39B<rctx>. When the operation is complete it returns the response in B<*presp>. 40 41OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>. 42 43OCSP_set_max_response_length() sets the maximum response length for B<rctx> 44to B<len>. If the response exceeds this length an error occurs. If not 45set a default value of 100k is used. 46 47OCSP_REQ_CTX_add1_header() adds header B<name> with value B<value> to the 48context B<rctx>. It can be called more than once to add multiple headers. 49It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req> 50parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if 51additional headers are set. 52 53OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This 54function should be called after any calls to OCSP_REQ_CTX_add1_header(). 55 56OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL 57path B<path>, the OCSP request B<req> and with a response header maximum line 58length of B<maxline>. If B<maxline> is zero a default value of 4k is used. 59 60=head1 RETURN VALUES 61 62OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL> if 63an error occurred. 64 65OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully, 66B<-1> if the operation should be retried and B<0> if an error occurred. 67 68OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success 69and B<0> for failure. 70 71OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the 72responder or B<NULL> if an error occurred. 73 74OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values. 75 76=head1 NOTES 77 78These functions only perform a minimal HTTP query to a responder. If an 79application wishes to support more advanced features it should use an 80alternative more complete HTTP library. 81 82Currently only HTTP POST queries to responders are supported. 83 84The arguments to OCSP_sendreq_new() correspond to the components of the URL. 85For example if the responder URL is B<http://ocsp.com/ocspreq> the BIO 86B<io> should be connected to host B<ocsp.com> on port 80 and B<path> 87should be set to B<"/ocspreq"> 88 89The headers added with OCSP_REQ_CTX_add1_header() are of the form 90"B<name>: B<value>" or just "B<name>" if B<value> is B<NULL>. So to add 91a Host header for B<ocsp.com> you would call: 92 93 OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); 94 95If OCSP_sendreq_nbio() indicates an operation should be retried the 96corresponding BIO can be examined to determine which operation (read or 97write) should be retried and appropriate action taken (for example a select() 98call on the underlying socket). 99 100OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking 101I/O efficiently. It is retained for compatibility and its use in new 102applications is not recommended. 103 104=head1 SEE ALSO 105 106L<crypto(7)>, 107L<OCSP_cert_to_id(3)>, 108L<OCSP_request_add1_nonce(3)>, 109L<OCSP_REQUEST_new(3)>, 110L<OCSP_resp_find_status(3)>, 111L<OCSP_response_status(3)> 112 113=head1 COPYRIGHT 114 115Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 116 117Licensed under the OpenSSL license (the "License"). You may not use 118this file except in compliance with the License. You can obtain a copy 119in the file LICENSE in the source distribution or at 120L<https://www.openssl.org/source/license.html>. 121 122=cut 123