관리-도구

편집 파일: OCSP_sendreq_new.html

<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>OCSP_sendreq_new</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>

<body>

<ul id="index">
 <li><a href="#NAME">NAME</a></li>
 <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
 <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
 <li><a href="#RETURN-VALUES">RETURN VALUES</a></li>
 <li><a href="#NOTES">NOTES</a></li>
 <li><a href="#SEE-ALSO">SEE ALSO</a></li>
 <li><a href="#COPYRIGHT">COPYRIGHT</a></li>
</ul>

OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio, OCSP_REQ_CTX_i2d - OCSP responder query functions

<h1 id="SYNOPSIS">SYNOPSIS</h1>

<pre><code> #include &lt;openssl/ocsp.h&gt;

OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
                                int maxline);

int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);

void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);

void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);

int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
                              const char *name, const char *value);

int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);

OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);

int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type,
 const ASN1_ITEM *it, ASN1_VALUE *req);</code></pre>

<h1 id="DESCRIPTION">DESCRIPTION</h1>

The function OCSP_sendreq_new() returns an OCSP_CTX structure using the responder io, the URL path path, the OCSP request req and with a response header maximum line length of maxline. If maxline is zero a default value of 4k is used. The OCSP request req may be set to NULL and provided later if required.

OCSP_sendreq_nbio() performs nonblocking I/O on the OCSP request context rctx. When the operation is complete it returns the response in *presp.

OCSP_REQ_CTX_free() frees up the OCSP context rctx.

OCSP_set_max_response_length() sets the maximum response length for rctx to len. If the response exceeds this length an error occurs. If not set a default value of 100k is used.

OCSP_REQ_CTX_add1_header() adds header name with value value to the context rctx. It can be called more than once to add multiple headers. It MUST be called before any calls to OCSP_sendreq_nbio(). The req parameter in the initial to OCSP_sendreq_new() call MUST be set to NULL if additional headers are set.

OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This function should be called after any calls to OCSP_REQ_CTX_add1_header(). OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:

<pre><code> OCSP_REQ_CTX_i2d(rctx, &quot;application/ocsp-request&quot;,
 ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)</code></pre>

OCSP_REQ_CTX_i2d() sets the request context rctx to have the request req, which has the ASN.1 type it. The content_type, if not NULL, will be included in the HTTP request. The function should be called after all other headers have already been added.

OCSP_sendreq_bio() performs an OCSP request using the responder io, the URL path path, and the OCSP request req with a response header maximum line length 4k. It waits indefinitely on a response.

<h1 id="RETURN-VALUES">RETURN VALUES</h1>

OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL if an error occurred.

OCSP_sendreq_nbio() returns 1 if the operation was completed successfully, -1 if the operation should be retried and 0 if an error occurred.

OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_set1_req(), and OCSP_REQ_CTX_i2d() return 1 for success and 0 for failure.

OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the responder or NULL if an error occurred.

OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.

<h1 id="NOTES">NOTES</h1>

These functions only perform a minimal HTTP query to a responder. If an application wishes to support more advanced features it should use an alternative more complete HTTP library.

Currently only HTTP POST queries to responders are supported.

The arguments to OCSP_sendreq_new() correspond to the components of the URL. For example if the responder URL is http://ocsp.com/ocspreq the BIO io should be connected to host ocsp.com on port 80 and path should be set to &quot;/ocspreq&quot;

The headers added with OCSP_REQ_CTX_add1_header() are of the form &quot;name: value&quot; or just &quot;name&quot; if value is NULL. So to add a Host header for ocsp.com you would call:

<pre><code> OCSP_REQ_CTX_add1_header(ctx, &quot;Host&quot;, &quot;ocsp.com&quot;);</code></pre>

If OCSP_sendreq_nbio() indicates an operation should be retried the corresponding BIO can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a select() call on the underlying socket).

OCSP_sendreq_bio() does not support retries and so cannot handle nonblocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended.

<a href="../man7/crypto.html">crypto(7)</a>, <a href="../man3/OCSP_cert_to_id.html">OCSP_cert_to_id(3)</a>, <a href="../man3/OCSP_request_add1_nonce.html">OCSP_request_add1_nonce(3)</a>, <a href="../man3/OCSP_REQUEST_new.html">OCSP_REQUEST_new(3)</a>, <a href="../man3/OCSP_resp_find_status.html">OCSP_resp_find_status(3)</a>, <a href="../man3/OCSP_response_status.html">OCSP_response_status(3)</a>

<h1 id="COPYRIGHT">COPYRIGHT</h1>

Licensed under the OpenSSL license (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.

</body>

</html>