mirror of
https://github.com/openssl/openssl.git
synced 2025-01-06 13:26:43 +08:00
c9603dfa42
Restore parameters of OCSP_REQ_CTX_new(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_i2d(). Fix a bug (wrong HTTP method selected on req == NULL in OCSP_sendreq_new(). Minor further fixes in OSSL_HTTP_REQ_CTX.pod Fixes #13873 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13898)
123 lines
4.1 KiB
Plaintext
123 lines
4.1 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
OCSP_sendreq_new,
|
|
OCSP_sendreq_nbio,
|
|
OCSP_sendreq_bio,
|
|
OCSP_REQ_CTX_i2d,
|
|
OCSP_REQ_CTX_add1_header,
|
|
OCSP_REQ_CTX_free,
|
|
OCSP_set_max_response_length,
|
|
OCSP_REQ_CTX_set1_req
|
|
- OCSP responder query functions
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/ocsp.h>
|
|
|
|
OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
|
|
const OCSP_REQUEST *req, int maxline);
|
|
|
|
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
|
|
|
|
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
|
|
|
|
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
|
|
B<OPENSSL_API_COMPAT> with a suitable version value, see
|
|
L<openssl_user_macros(7)>:
|
|
|
|
int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req);
|
|
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx,
|
|
const char *name, const char *value);
|
|
void OCSP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
|
|
void OCSP_set_max_response_length(OCSP_REQ_CT *rctx,
|
|
unsigned long len);
|
|
int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
These functions perform an OCSP POST request / response transfer over HTTP,
|
|
using the HTTP request functions described in L<OSSL_HTTP_REQ_CTX(3)>.
|
|
|
|
The function OCSP_sendreq_new() builds a complete B<OSSL_HTTP_REQ_CTX>
|
|
structure using connection B<BIO> I<io>, the URL path I<path>, the OCSP
|
|
request I<req>, and with a response header maximum line length of I<maxline>.
|
|
If I<maxline> is zero a default value of 4k is used.
|
|
The I<req> may be set to NULL and provided later using OCSP_REQ_CTX_set1_req()
|
|
or L<OSSL_HTTP_REQ_CTX_i2d(3)> .
|
|
|
|
The I<io> and I<path> arguments to OCSP_sendreq_new() correspond to the
|
|
components of the URL.
|
|
For example if the responder URL is C<http://example.com/ocspreq> the BIO
|
|
I<io> should be connected to host C<example.com> on port 80 and I<path>
|
|
should be set to C</ocspreq>.
|
|
|
|
OCSP_sendreq_nbio() performs I/O on the OCSP request context I<rctx>.
|
|
When the operation is complete it assigns the response, a pointer to a
|
|
B<OCSP_RESPONSE> structure, in I<*presp>.
|
|
|
|
OCSP_sendreq_bio() is the same as a call to OCSP_sendreq_new() followed by
|
|
OCSP_sendreq_nbio() and then OCSP_REQ_CTX_free() in a single call, with a
|
|
response header maximum line length 4k. It waits indefinitely on a response.
|
|
It does not support setting a timeout or adding headers and is retained
|
|
for compatibility; use OCSP_sendreq_nbio() instead.
|
|
|
|
OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following:
|
|
|
|
OSSL_HTTP_REQ_CTX_i2d(rctx, "application/ocsp-request", it, req)
|
|
|
|
OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:
|
|
|
|
OSSL_HTTP_REQ_CTX_i2d(rctx, "application/ocsp-request",
|
|
ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)
|
|
|
|
The other deprecated type and functions have been superseded by the
|
|
following equivalents:
|
|
B<OCSP_REQ_CTX> by L<OSSL_HTTP_REQ_CTX(3)>,
|
|
OCSP_REQ_CTX_add1_header() by L<OSSL_HTTP_REQ_CTX_add1_header(3)>,
|
|
OCSP_REQ_CTX_free() by L<OSSL_HTTP_REQ_CTX_free(3)>, and
|
|
OCSP_set_max_response_length() by
|
|
L<OSSL_HTTP_REQ_CTX_set_max_response_length(3)>.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
OCSP_sendreq_new() returns a valid B<OSSL_HTTP_REQ_CTX> structure or NULL
|
|
if an error occurred.
|
|
|
|
OCSP_sendreq_nbio(), OCSP_REQ_CTX_i2d(), and OCSP_REQ_CTX_set1_req()
|
|
return 1 for success and 0 for failure.
|
|
|
|
OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
|
|
responder or NULL if an error occurred.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<OSSL_HTTP_REQ_CTX(3)>
|
|
L<OCSP_cert_to_id(3)>,
|
|
L<OCSP_request_add1_nonce(3)>,
|
|
L<OCSP_REQUEST_new(3)>,
|
|
L<OCSP_resp_find_status(3)>,
|
|
L<OCSP_response_status(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
B<OCSP_REQ_CTX>,
|
|
OCSP_REQ_CTX_i2d(),
|
|
OCSP_REQ_CTX_add1_header(),
|
|
OCSP_REQ_CTX_free(),
|
|
OCSP_set_max_response_length(),
|
|
and OCSP_REQ_CTX_set1_req()
|
|
were deprecated in OpenSSL 3.0.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|