1=pod
2
3=head1 NAME
4
5OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
6OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
7OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
8
9=head1 SYNOPSIS
10
11 #include <openssl/ocsp.h>
12
13 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
14                                int maxline);
15
16 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
17
18 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
19
20 void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
21
22 int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
23                              const char *name, const char *value);
24
25 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
26
27 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
28
29=head1 DESCRIPTION
30
31The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
32responder B<io>, the URL path B<path>, the OCSP request B<req> and with a
33response header maximum line length of B<maxline>. If B<maxline> is zero a
34default value of 4k is used. The OCSP request B<req> may be set to B<NULL>
35and provided later if required.
36
37OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context
38B<rctx>. When the operation is complete it returns the response in B<*presp>.
39
40OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
41
42OCSP_set_max_response_length() sets the maximum response length for B<rctx>
43to B<len>. If the response exceeds this length an error occurs. If not
44set a default value of 100k is used.
45
46OCSP_REQ_CTX_add1_header() adds header B<name> with value B<value> to the
47context B<rctx>. It can be called more than once to add multiple headers.
48It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req>
49parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if
50additional headers are set.
51
52OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
53function should be called after any calls to OCSP_REQ_CTX_add1_header().
54
55OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
56path B<path>, and the OCSP request B<req> with a response header maximum line
57length 4k. It waits indefinitely on a response.
58
59=head1 RETURN VALUES
60
61OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL> if
62an error occurred.
63
64OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully,
65B<-1> if the operation should be retried and B<0> if an error occurred.
66
67OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success
68and B<0> for failure.
69
70OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
71responder or B<NULL> if an error occurred.
72
73OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.
74
75=head1 NOTES
76
77These functions only perform a minimal HTTP query to a responder. If an
78application wishes to support more advanced features it should use an
79alternative more complete HTTP library.
80
81Currently only HTTP POST queries to responders are supported.
82
83The arguments to OCSP_sendreq_new() correspond to the components of the URL.
84For example if the responder URL is B<http://ocsp.com/ocspreq> the BIO
85B<io> should be connected to host B<ocsp.com> on port 80 and B<path>
86should be set to B<"/ocspreq">
87
88The headers added with OCSP_REQ_CTX_add1_header() are of the form
89"B<name>: B<value>" or just "B<name>" if B<value> is B<NULL>. So to add
90a Host header for B<ocsp.com> you would call:
91
92 OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
93
94If OCSP_sendreq_nbio() indicates an operation should be retried the
95corresponding BIO can be examined to determine which operation (read or
96write) should be retried and appropriate action taken (for example a select()
97call on the underlying socket).
98
99OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking
100I/O efficiently. It is retained for compatibility and its use in new
101applications is not recommended.
102
103=head1 SEE ALSO
104
105L<crypto(7)>,
106L<OCSP_cert_to_id(3)>,
107L<OCSP_request_add1_nonce(3)>,
108L<OCSP_REQUEST_new(3)>,
109L<OCSP_resp_find_status(3)>,
110L<OCSP_response_status(3)>
111
112=head1 COPYRIGHT
113
114Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
115
116Licensed under the OpenSSL license (the "License").  You may not use
117this file except in compliance with the License.  You can obtain a copy
118in the file LICENSE in the source distribution or at
119L<https://www.openssl.org/source/license.html>.
120
121=cut
122