mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
29f178bddf
The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests and responses (ASN.1-encoded and plain) * does not include potentially busy loops when waiting for responses but * makes use of a new timeout mechanism integrated with socket-based BIO * supports the use of HTTP proxies and TLS, including HTTPS over proxies * supports HTTP redirection via codes 301 and 302 for GET requests * returns more useful diagnostics in various error situations Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/, crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10667)
116 lines
4.0 KiB
Plaintext
116 lines
4.0 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
|
|
OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
|
|
OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/ocsp.h>
|
|
|
|
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
|
|
OCSP_REQUEST *req, int maxline);
|
|
|
|
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
|
|
|
|
void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
|
|
|
|
void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx,
|
|
unsigned long len);
|
|
|
|
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
|
|
const char *name, const char *value);
|
|
|
|
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
|
|
|
|
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
|
|
responder B<io>, the URL path B<path>, the OCSP request B<req> and with a
|
|
response header maximum line length of B<maxline>. If B<maxline> is zero a
|
|
default value of 4k is used. The OCSP request B<req> may be set to B<NULL>
|
|
and provided later if required.
|
|
|
|
OCSP_sendreq_nbio() performs I/O on the OCSP request context B<rctx>.
|
|
When the operation is complete it returns the response in B<*presp>.
|
|
|
|
OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
|
|
|
|
OCSP_set_max_response_length() sets the maximum response length
|
|
for B<rctx> to B<len>. If the response exceeds this length an error occurs.
|
|
If not set a default value of 100k is used.
|
|
|
|
OCSP_REQ_CTX_add1_header() adds header B<name> with value B<value> to the
|
|
context B<rctx>. It can be called more than once to add multiple headers.
|
|
It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req>
|
|
parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if
|
|
additional headers are set.
|
|
|
|
OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
|
|
function should be called after any calls to OCSP_REQ_CTX_add1_header().
|
|
|
|
OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
|
|
path B<path>, the OCSP request B<req> and with a response header maximum line
|
|
length 4k. It waits indefinitely on a response.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL>
|
|
if an error occurred.
|
|
|
|
OCSP_sendreq_nbio(), OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req()
|
|
return B<1> for success and B<0> for failure.
|
|
|
|
OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
|
|
responder or B<NULL> if an error occurred.
|
|
|
|
OCSP_REQ_CTX_free() and OCSP_set_max_response_length()
|
|
do not return values.
|
|
|
|
=head1 NOTES
|
|
|
|
These functions only perform a minimal HTTP query to a responder. If an
|
|
application wishes to support more advanced features it should use an
|
|
alternative more complete HTTP library.
|
|
|
|
Currently only HTTP POST queries to responders are supported.
|
|
|
|
The arguments to OCSP_sendreq_new() correspond to the components of the URL.
|
|
For example if the responder URL is B<http://ocsp.com/ocspreq> the BIO
|
|
B<io> should be connected to host B<ocsp.com> on port 80 and B<path>
|
|
should be set to B<"/ocspreq">
|
|
|
|
The headers added with OCSP_REQ_CTX_add1_header() are of the form
|
|
"B<name>: B<value>" or just "B<name>" if B<value> is B<NULL>. So to add
|
|
a Host header for B<ocsp.com> you would call:
|
|
|
|
OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
|
|
|
|
OCSP_sendreq_bio() does not support timeout nor setting extra headers.
|
|
It is retained for compatibility.
|
|
Better use B<OCSP_sendreq_nbio()> instead.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<crypto(7)>,
|
|
L<OCSP_cert_to_id(3)>,
|
|
L<OCSP_request_add1_nonce(3)>,
|
|
L<OCSP_REQUEST_new(3)>,
|
|
L<OCSP_resp_find_status(3)>,
|
|
L<OCSP_response_status(3)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|