#include <openssl/ocsp.h> OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline); int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name, const char *value); int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context rctx. When the operation is complete it returns the response in *presp.
OCSP_REQ_CTX_free() frees up the OCSP context rctx.
OCSP_set_max_response_length() sets the maximum response length for rctx to len. If the response exceeds this length an error occurs. If not set a default value of 100k is used.
OCSP_REQ_CTX_add1_header() adds header name with value value to the context rctx. It can be called more than once to add multiple headers. It MUST be called before any calls to OCSP_sendreq_nbio(). The req parameter in the initial to OCSP_sendreq_new() call MUST be set to NULL if additional headers are set.
OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This function should be called after any calls to OCSP_REQ_CTX_add1_header().
OCSP_sendreq_bio() performs an OCSP request using the responder io, the URL path path, and the OCSP request req with a response header maximum line length 4k. It waits indefinitely on a response.
OCSP_sendreq_nbio() returns 1 if the operation was completed successfully, -1 if the operation should be retried and 0 if an error occurred.
OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return 1 for success and 0 for failure.
OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the responder or NULL if an error occurred.
OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.
Currently only HTTP POST queries to responders are supported.
The arguments to OCSP_sendreq_new() correspond to the components of the URL. For example if the responder URL is http://ocsp.com/ocspreq the BIO io should be connected to host ocsp.com on port 80 and path should be set to ``/ocspreq''
The headers added with OCSP_REQ_CTX_add1_header() are of the form "name: value`` or just ''name" if value is NULL. So to add a Host header for ocsp.com you would call:
OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
If OCSP_sendreq_nbio() indicates an operation should be retried the corresponding BIO can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a select() call on the underlying socket).
OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended.
Licensed under the OpenSSL license (the ``License''). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.