|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_add_cert
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_add_cert}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_add_cert} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_crt_t @var{cert})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{digest}: hash algorithm, a @code{gnutls_digest_algorithm_t} value
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer}: issuer of @code{subject} certificate
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cert}: certificate to request status for
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will add another request to the OCSP request for a
|
|
Packit Service |
4684c1 |
particular certificate. The issuer name hash, issuer key hash, and
|
|
Packit Service |
4684c1 |
serial number fields is populated as follows. The issuer name and
|
|
Packit Service |
4684c1 |
the serial number is taken from @code{cert} . The issuer key is taken
|
|
Packit Service |
4684c1 |
from @code{issuer} . The hashed values will be hashed using the @code{digest} algorithm, normally @code{GNUTLS_DIG_SHA1} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_add_cert_id
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_add_cert_id}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_add_cert_id} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, const gnutls_datum_t * @var{issuer_name_hash}, const gnutls_datum_t * @var{issuer_key_hash}, const gnutls_datum_t * @var{serial_number})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{digest}: hash algorithm, a @code{gnutls_digest_algorithm_t} value
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer_name_hash}: hash of issuer's DN
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer_key_hash}: hash of issuer's public key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{serial_number}: serial number of certificate to check
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will add another request to the OCSP request for a
|
|
Packit Service |
4684c1 |
particular certificate having the issuer name hash of
|
|
Packit Service |
4684c1 |
@code{issuer_name_hash} and issuer key hash of @code{issuer_key_hash} (both
|
|
Packit Service |
4684c1 |
hashed using @code{digest} ) and serial number @code{serial_number} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The information needed corresponds to the CertID structure:
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
<informalexample><programlisting>
|
|
Packit Service |
4684c1 |
CertID ::= SEQUENCE @{
|
|
Packit Service |
4684c1 |
hashAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
|
|
Packit Service |
4684c1 |
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
|
|
Packit Service |
4684c1 |
serialNumber CertificateSerialNumber @}
|
|
Packit Service |
4684c1 |
</programlisting></informalexample>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_deinit
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_deinit}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_ocsp_req_deinit} (gnutls_ocsp_req_t @var{req})
|
|
Packit Service |
4684c1 |
@var{req}: The data to be deinitialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will deinitialize a OCSP request structure.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_export
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_export}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_export} (gnutls_ocsp_req_const_t @var{req}, gnutls_datum_t * @var{data})
|
|
Packit Service |
4684c1 |
@var{req}: Holds the OCSP request
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: newly allocate buffer holding DER encoded OCSP request
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will export the OCSP request to DER format.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit Service |
4684c1 |
returned, and 0 on success.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_get_cert_id
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_get_cert_id}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_get_cert_id} (gnutls_ocsp_req_const_t @var{req}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{indx}: Specifies which extension OID to get. Use (0) to get the first one.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{digest}: output variable with @code{gnutls_digest_algorithm_t} hash algorithm
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer_name_hash}: output buffer with hash of issuer's DN
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer_key_hash}: output buffer with hash of issuer's public key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{serial_number}: output buffer with serial number of certificate to check
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the certificate information of the
|
|
Packit Service |
4684c1 |
@code{indx} 'ed request in the OCSP request. The information returned
|
|
Packit Service |
4684c1 |
corresponds to the CertID structure:
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
<informalexample><programlisting>
|
|
Packit Service |
4684c1 |
CertID ::= SEQUENCE @{
|
|
Packit Service |
4684c1 |
hashAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
|
|
Packit Service |
4684c1 |
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
|
|
Packit Service |
4684c1 |
serialNumber CertificateSerialNumber @}
|
|
Packit Service |
4684c1 |
</programlisting></informalexample>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Each of the pointers to output variables may be NULL to indicate
|
|
Packit Service |
4684c1 |
that the caller is not interested in that value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned. If you have reached the last
|
|
Packit Service |
4684c1 |
CertID available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be
|
|
Packit Service |
4684c1 |
returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_get_extension
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_get_extension}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_get_extension} (gnutls_ocsp_req_const_t @var{req}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{indx}: Specifies which extension OID to get. Use (0) to get the first one.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{oid}: will hold newly allocated buffer with OID of extension, may be NULL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{critical}: output variable with critical flag, may be NULL.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: will hold newly allocated buffer with extension data, may be NULL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return all information about the requested
|
|
Packit Service |
4684c1 |
extension in the OCSP request. The information returned is the
|
|
Packit Service |
4684c1 |
OID, the critical flag, and the data itself. The extension OID
|
|
Packit Service |
4684c1 |
will be stored as a string. Any of @code{oid} , @code{critical} , and @code{data} may
|
|
Packit Service |
4684c1 |
be NULL which means that the caller is not interested in getting
|
|
Packit Service |
4684c1 |
that information back.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The caller needs to deallocate memory by calling @code{gnutls_free()} on
|
|
Packit Service |
4684c1 |
@code{oid} ->data and @code{data} ->data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned. If you have reached the last
|
|
Packit Service |
4684c1 |
extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will
|
|
Packit Service |
4684c1 |
be returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_get_nonce
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_get_nonce}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_get_nonce} (gnutls_ocsp_req_const_t @var{req}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{critical}: whether nonce extension is marked critical, or NULL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{nonce}: will hold newly allocated buffer with nonce data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the OCSP request nonce extension data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The caller needs to deallocate memory by calling @code{gnutls_free()} on
|
|
Packit Service |
4684c1 |
@code{nonce} ->data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_get_version
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_get_version}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_get_version} (gnutls_ocsp_req_const_t @var{req})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the version of the OCSP request.
|
|
Packit Service |
4684c1 |
Typically this is always 1 indicating version 1.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} version of OCSP request, or a negative error code on error.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_import
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_import}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_import} (gnutls_ocsp_req_t @var{req}, const gnutls_datum_t * @var{data})
|
|
Packit Service |
4684c1 |
@var{req}: The data to store the parsed request.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: DER encoded OCSP request.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will convert the given DER encoded OCSP request to
|
|
Packit Service |
4684c1 |
the native @code{gnutls_ocsp_req_t} format. The output will be stored in
|
|
Packit Service |
4684c1 |
@code{req} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_init
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_init}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_init} (gnutls_ocsp_req_t * @var{req})
|
|
Packit Service |
4684c1 |
@var{req}: A pointer to the type to be initialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will initialize an OCSP request structure.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_print
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_print}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_print} (gnutls_ocsp_req_const_t @var{req}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out})
|
|
Packit Service |
4684c1 |
@var{req}: The data to be printed
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{format}: Indicate the format to use
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{out}: Newly allocated datum with (0) terminated string.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will pretty print a OCSP request, suitable for
|
|
Packit Service |
4684c1 |
display to a human.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If the format is @code{GNUTLS_OCSP_PRINT_FULL} then all fields of the
|
|
Packit Service |
4684c1 |
request will be output, on multiple lines.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The output @code{out} ->data needs to be deallocate using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_randomize_nonce
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_randomize_nonce}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_randomize_nonce} (gnutls_ocsp_req_t @var{req})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will add or update an nonce extension to the OCSP
|
|
Packit Service |
4684c1 |
request with a newly generated random value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_set_extension
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_set_extension}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_set_extension} (gnutls_ocsp_req_t @var{req}, const char * @var{oid}, unsigned int @var{critical}, const gnutls_datum_t * @var{data})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{oid}: buffer with OID of extension as a string.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{critical}: critical flag, normally false.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: the extension data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will add an extension to the OCSP request. Calling
|
|
Packit Service |
4684c1 |
this function multiple times for the same OID will overwrite values
|
|
Packit Service |
4684c1 |
from earlier calls.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_req_set_nonce
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_req_set_nonce}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_req_set_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int @var{critical}, const gnutls_datum_t * @var{nonce})
|
|
Packit Service |
4684c1 |
@var{req}: should contain a @code{gnutls_ocsp_req_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{critical}: critical flag, normally false.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{nonce}: the nonce data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will add an nonce extension to the OCSP request.
|
|
Packit Service |
4684c1 |
Calling this function multiple times will overwrite values from
|
|
Packit Service |
4684c1 |
earlier calls.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_check_crt
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_check_crt}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_check_crt} (gnutls_ocsp_resp_const_t @var{resp}, unsigned int @var{indx}, gnutls_x509_crt_t @var{crt})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{indx}: Specifies response number to get. Use (0) to get the first one.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{crt}: The certificate to check
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will check whether the OCSP response
|
|
Packit Service |
4684c1 |
is about the provided certificate.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.1.3
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_deinit
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_deinit}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_ocsp_resp_deinit} (gnutls_ocsp_resp_t @var{resp})
|
|
Packit Service |
4684c1 |
@var{resp}: The data to be deinitialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will deinitialize a OCSP response structure.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_export
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_export}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_export} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{data})
|
|
Packit Service |
4684c1 |
@var{resp}: Holds the OCSP response
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: newly allocate buffer holding DER encoded OCSP response
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will export the OCSP response to DER format.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit Service |
4684c1 |
returned, and 0 on success.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_export2
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_export2}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_export2} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt})
|
|
Packit Service |
4684c1 |
@var{resp}: Holds the OCSP response
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: newly allocate buffer holding DER or PEM encoded OCSP response
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: DER or PEM
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will export the OCSP response to DER or PEM format.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit Service |
4684c1 |
returned, and 0 on success.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.6.3
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_certs
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_certs}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_certs} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_crt_t ** @var{certs}, size_t * @var{ncerts})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{certs}: newly allocated array with @code{gnutls_x509_crt_t} certificates
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{ncerts}: output variable with number of allocated certs.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will extract the X.509 certificates found in the
|
|
Packit Service |
4684c1 |
Basic OCSP Response. The @code{certs} output variable will hold a newly
|
|
Packit Service |
4684c1 |
allocated zero-terminated array with X.509 certificates.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Every certificate in the array needs to be de-allocated with
|
|
Packit Service |
4684c1 |
@code{gnutls_x509_crt_deinit()} and the array itself must be freed using
|
|
Packit Service |
4684c1 |
@code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Both the @code{certs} and @code{ncerts} variables may be NULL. Then the
|
|
Packit Service |
4684c1 |
function will work as normal but will not return the NULL:d
|
|
Packit Service |
4684c1 |
information. This can be used to get the number of certificates
|
|
Packit Service |
4684c1 |
only, or to just get the certificate array without its size.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_extension
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_extension}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_extension} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{indx}: Specifies which extension OID to get. Use (0) to get the first one.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{oid}: will hold newly allocated buffer with OID of extension, may be NULL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{critical}: output variable with critical flag, may be NULL.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: will hold newly allocated buffer with extension data, may be NULL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return all information about the requested
|
|
Packit Service |
4684c1 |
extension in the OCSP response. The information returned is the
|
|
Packit Service |
4684c1 |
OID, the critical flag, and the data itself. The extension OID
|
|
Packit Service |
4684c1 |
will be stored as a string. Any of @code{oid} , @code{critical} , and @code{data} may
|
|
Packit Service |
4684c1 |
be NULL which means that the caller is not interested in getting
|
|
Packit Service |
4684c1 |
that information back.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The caller needs to deallocate memory by calling @code{gnutls_free()} on
|
|
Packit Service |
4684c1 |
@code{oid} ->data and @code{data} ->data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned. If you have reached the last
|
|
Packit Service |
4684c1 |
extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will
|
|
Packit Service |
4684c1 |
be returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_nonce
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_nonce}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_nonce} (gnutls_ocsp_resp_const_t @var{resp}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{critical}: whether nonce extension is marked critical
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{nonce}: will hold newly allocated buffer with nonce data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the Basic OCSP Response nonce extension
|
|
Packit Service |
4684c1 |
data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The caller needs to deallocate memory by calling @code{gnutls_free()} on
|
|
Packit Service |
4684c1 |
@code{nonce} ->data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_produced
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_produced}
|
|
Packit Service |
4684c1 |
@deftypefun {time_t} {gnutls_ocsp_resp_get_produced} (gnutls_ocsp_resp_const_t @var{resp})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the time when the OCSP response was
|
|
Packit Service |
4684c1 |
signed.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} signing time, or (time_t)-1 on error.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_responder
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_responder}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_responder} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{dn})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{dn}: newly allocated buffer with name
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will extract the name of the Basic OCSP Response in
|
|
Packit Service |
4684c1 |
the provided buffer. The name will be in the form
|
|
Packit Service |
4684c1 |
"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
|
|
Packit Service |
4684c1 |
will be ASCII or UTF-8 encoded, depending on the certificate data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If the responder ID is not a name but a hash, this function
|
|
Packit Service |
4684c1 |
will return zero and the @code{dn} elements will be set to @code{NULL} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The caller needs to deallocate memory by calling @code{gnutls_free()} on
|
|
Packit Service |
4684c1 |
@code{dn} ->data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function does not output a fully RFC4514 compliant string, if
|
|
Packit Service |
4684c1 |
that is required see @code{gnutls_ocsp_resp_get_responder2()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned. When no data exist it will
|
|
Packit Service |
4684c1 |
return success and set @code{dn} elements to zero.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_responder2
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_responder2}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_responder2} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{dn}, unsigned @var{flags})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{dn}: newly allocated buffer with name
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will extract the name of the Basic OCSP Response in
|
|
Packit Service |
4684c1 |
the provided buffer. The name will be in the form
|
|
Packit Service |
4684c1 |
"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
|
|
Packit Service |
4684c1 |
will be ASCII or UTF-8 encoded, depending on the certificate data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If the responder ID is not a name but a hash, this function
|
|
Packit Service |
4684c1 |
will return zero and the @code{dn} elements will be set to @code{NULL} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The caller needs to deallocate memory by calling @code{gnutls_free()} on
|
|
Packit Service |
4684c1 |
@code{dn} ->data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output
|
|
Packit Service |
4684c1 |
format will match the format output by previous to 3.5.6 versions of GnuTLS
|
|
Packit Service |
4684c1 |
which was not not fully RFC4514-compliant.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned. When no data exist it will return
|
|
Packit Service |
4684c1 |
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} .
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_responder_raw_id
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_responder_raw_id}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_responder_raw_id} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{type}, gnutls_datum_t * @var{raw})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{type}: should be @code{GNUTLS_OCSP_RESP_ID_KEY} or @code{GNUTLS_OCSP_RESP_ID_DN}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{raw}: newly allocated buffer with the raw ID
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will extract the raw key (or DN) ID of the Basic OCSP Response in
|
|
Packit Service |
4684c1 |
the provided buffer. If the responder ID is not a key ID then
|
|
Packit Service |
4684c1 |
this function will return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The caller needs to deallocate memory by calling @code{gnutls_free()} on
|
|
Packit Service |
4684c1 |
@code{dn} ->data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_response
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_response}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_response} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{response_type_oid}, gnutls_datum_t * @var{response})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{response_type_oid}: newly allocated output buffer with response type OID
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{response}: newly allocated output buffer with DER encoded response
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will extract the response type OID in and the
|
|
Packit Service |
4684c1 |
response data from an OCSP response. Normally the
|
|
Packit Service |
4684c1 |
@code{response_type_oid} is always "1.3.6.1.5.5.7.48.1.1" which means the
|
|
Packit Service |
4684c1 |
@code{response} should be decoded as a Basic OCSP Response, but
|
|
Packit Service |
4684c1 |
technically other response types could be used.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function is typically only useful when you want to extract the
|
|
Packit Service |
4684c1 |
response type OID of an response for diagnostic purposes.
|
|
Packit Service |
4684c1 |
Otherwise @code{gnutls_ocsp_resp_import()} will decode the basic OCSP
|
|
Packit Service |
4684c1 |
response part and the caller need not worry about that aspect.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_signature
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_signature}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_signature} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_datum_t * @var{sig})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{sig}: newly allocated output buffer with signature data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will extract the signature field of a OCSP response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_signature_algorithm
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_signature_algorithm}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_signature_algorithm} (gnutls_ocsp_resp_const_t @var{resp})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return a value of the @code{gnutls_sign_algorithm_t}
|
|
Packit Service |
4684c1 |
enumeration that is the signature algorithm that has been used to
|
|
Packit Service |
4684c1 |
sign the OCSP response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} a @code{gnutls_sign_algorithm_t} value, or a negative error code
|
|
Packit Service |
4684c1 |
on error.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_single
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_single}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_single} (gnutls_ocsp_resp_const_t @var{resp}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}, unsigned int * @var{cert_status}, time_t * @var{this_update}, time_t * @var{next_update}, time_t * @var{revocation_time}, unsigned int * @var{revocation_reason})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{indx}: Specifies response number to get. Use (0) to get the first one.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{digest}: output variable with @code{gnutls_digest_algorithm_t} hash algorithm
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer_name_hash}: output buffer with hash of issuer's DN
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer_key_hash}: output buffer with hash of issuer's public key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{serial_number}: output buffer with serial number of certificate to check
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cert_status}: a certificate status, a @code{gnutls_ocsp_cert_status_t} enum.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{this_update}: time at which the status is known to be correct.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{next_update}: when newer information will be available, or (time_t)-1 if unspecified
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{revocation_time}: when @code{cert_status} is @code{GNUTLS_OCSP_CERT_REVOKED} , holds time of revocation.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{revocation_reason}: revocation reason, a @code{gnutls_x509_crl_reason_t} enum.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the certificate information of the
|
|
Packit Service |
4684c1 |
@code{indx} 'ed response in the Basic OCSP Response @code{resp} . The
|
|
Packit Service |
4684c1 |
information returned corresponds to the OCSP SingleResponse structure
|
|
Packit Service |
4684c1 |
except the final singleExtensions.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Each of the pointers to output variables may be NULL to indicate
|
|
Packit Service |
4684c1 |
that the caller is not interested in that value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error code is returned. If you have reached the last
|
|
Packit Service |
4684c1 |
CertID available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be
|
|
Packit Service |
4684c1 |
returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_status
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_status}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_status} (gnutls_ocsp_resp_const_t @var{resp})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the status of a OCSP response, an
|
|
Packit Service |
4684c1 |
@code{gnutls_ocsp_resp_status_t} enumeration.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} status of OCSP request as a @code{gnutls_ocsp_resp_status_t} , or
|
|
Packit Service |
4684c1 |
a negative error code on error.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_get_version
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_get_version}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_get_version} (gnutls_ocsp_resp_const_t @var{resp})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the version of the Basic OCSP Response.
|
|
Packit Service |
4684c1 |
Typically this is always 1 indicating version 1.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} version of Basic OCSP response, or a negative error code
|
|
Packit Service |
4684c1 |
on error.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_import
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_import}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_import} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data})
|
|
Packit Service |
4684c1 |
@var{resp}: The data to store the parsed response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: DER encoded OCSP response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will convert the given DER encoded OCSP response to
|
|
Packit Service |
4684c1 |
the native @code{gnutls_ocsp_resp_t} format. It also decodes the Basic
|
|
Packit Service |
4684c1 |
OCSP Response part, if any. The output will be stored in @code{resp} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_import2
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_import2}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_import2} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt})
|
|
Packit Service |
4684c1 |
@var{resp}: The data to store the parsed response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: DER or PEM encoded OCSP response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: DER or PEM
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will convert the given OCSP response to
|
|
Packit Service |
4684c1 |
the native @code{gnutls_ocsp_resp_t} format. It also decodes the Basic
|
|
Packit Service |
4684c1 |
OCSP Response part, if any. The output will be stored in @code{resp} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.6.3
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_init
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_init}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_init} (gnutls_ocsp_resp_t * @var{resp})
|
|
Packit Service |
4684c1 |
@var{resp}: A pointer to the type to be initialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will initialize an OCSP response structure.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_list_import2
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_list_import2}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_list_import2} (gnutls_ocsp_resp_t ** @var{ocsps}, unsigned int * @var{size}, const gnutls_datum_t * @var{resp_data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{ocsps}: Will hold the parsed OCSP response list.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{size}: It will contain the size of the list.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{resp_data}: The PEM encoded OCSP list.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{format}: One of @code{GNUTLS_X509_FMT_PEM} or @code{GNUTLS_X509_FMT_DER}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will convert the given PEM encoded OCSP response list
|
|
Packit Service |
4684c1 |
to the native gnutls_ocsp_resp_t format. The output will be stored
|
|
Packit Service |
4684c1 |
in @code{ocsps} which will be allocated and initialized.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The OCSP responses should have a header of "OCSP RESPONSE".
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
To deinitialize responses, you need to deinitialize each @code{gnutls_ocsp_resp_t}
|
|
Packit Service |
4684c1 |
structure independently, and use @code{gnutls_free()} at @code{ocsps} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
In PEM files, when no OCSP responses are detected
|
|
Packit Service |
4684c1 |
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} the number of responses read or a negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.6.3
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_print
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_print}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_print} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out})
|
|
Packit Service |
4684c1 |
@var{resp}: The data to be printed
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{format}: Indicate the format to use
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{out}: Newly allocated datum with (0) terminated string.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will pretty print a OCSP response, suitable for
|
|
Packit Service |
4684c1 |
display to a human.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If the format is @code{GNUTLS_OCSP_PRINT_FULL} then all fields of the
|
|
Packit Service |
4684c1 |
response will be output, on multiple lines.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The output @code{out} ->data needs to be deallocate using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_verify
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_verify}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{trustlist}: trust anchors as a @code{gnutls_x509_trust_list_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: verification flags from @code{gnutls_certificate_verify_flags}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Verify signature of the Basic OCSP Response against the public key
|
|
Packit Service |
4684c1 |
in the certificate of a trusted signer. The @code{trustlist} should be
|
|
Packit Service |
4684c1 |
populated with trust anchors. The function will extract the signer
|
|
Packit Service |
4684c1 |
certificate from the Basic OCSP Response and will verify it against
|
|
Packit Service |
4684c1 |
the @code{trustlist} . A trusted signer is a certificate that is either
|
|
Packit Service |
4684c1 |
in @code{trustlist} , or it is signed directly by a certificate in
|
|
Packit Service |
4684c1 |
@code{trustlist} and has the id-ad-ocspSigning Extended Key Usage bit
|
|
Packit Service |
4684c1 |
set.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The output @code{verify} variable will hold verification status codes
|
|
Packit Service |
4684c1 |
(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the
|
|
Packit Service |
4684c1 |
function returned @code{GNUTLS_E_SUCCESS} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that the function returns @code{GNUTLS_E_SUCCESS} even when
|
|
Packit Service |
4684c1 |
verification failed. The caller must always inspect the @code{verify} variable to find out the verification status.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The @code{flags} variable should be 0 for now.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_ocsp_resp_verify_direct
|
|
Packit Service |
4684c1 |
@anchor{gnutls_ocsp_resp_verify_direct}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_verify_direct} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_crt_t @var{issuer}, unsigned int * @var{verify}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer}: certificate believed to have signed the response
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: verification flags from @code{gnutls_certificate_verify_flags}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Verify signature of the Basic OCSP Response against the public key
|
|
Packit Service |
4684c1 |
in the @code{issuer} certificate.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The output @code{verify} variable will hold verification status codes
|
|
Packit Service |
4684c1 |
(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the
|
|
Packit Service |
4684c1 |
function returned @code{GNUTLS_E_SUCCESS} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that the function returns @code{GNUTLS_E_SUCCESS} even when
|
|
Packit Service |
4684c1 |
verification failed. The caller must always inspect the @code{verify} variable to find out the verification status.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The @code{flags} variable should be 0 for now.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|