1.\" $OpenBSD: OCSP_CRLID_new.3,v 1.8 2022/01/15 23:38:50 jsg Exp $ 2.\" 3.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: January 15 2022 $ 18.Dt OCSP_CRLID_NEW 3 19.Os 20.Sh NAME 21.Nm OCSP_CRLID_new , 22.Nm OCSP_CRLID_free , 23.Nm OCSP_crlID_new 24.Nd OCSP CRL extension 25.Sh SYNOPSIS 26.In openssl/ocsp.h 27.Ft OCSP_CRLID * 28.Fn OCSP_CRLID_new void 29.Ft void 30.Fn OCSP_CRLID_free "OCSP_CRLID *crlid" 31.Ft X509_EXTENSION * 32.Fo OCSP_crlID_new 33.Fa "const char *url" 34.Fa "long *number" 35.Fa "char *time" 36.Fc 37.Sh DESCRIPTION 38If a client asks about the validity of a certificate and it turns 39out to be invalid, the responder may optionally communicate which 40certificate revocation list the certificate was found on. 41The required data is stored as an ASN.1 42.Vt CrlID 43structure in the singleExtensions field of the 44.Vt SingleResponse 45structure. 46The 47.Vt CrlID 48is represented by an 49.Vt OCSP_CRLID 50object, which will be stored inside the 51.Vt OCSP_SINGLERESP 52object documented in 53.Xr OCSP_SINGLERESP_new 3 . 54.Pp 55.Fn OCSP_CRLID_new 56allocates and initializes an empty 57.Vt OCSP_CRLID 58object. 59.Fn OCSP_CRLID_free 60frees 61.Fa crlid . 62.Pp 63.Fn OCSP_crlID_new 64accepts the 65.Fa url 66at which the CRL is available, the CRL 67.Fa number , 68and/or the 69.Fa time 70at which the CRL was created. 71Each argument can be 72.Dv NULL , 73in which case the respective field is omitted. 74The resulting 75.Vt CrlID 76structure is encoded in ASN.1 using 77.Xr X509V3_EXT_i2d 3 78with criticality 0. 79.Sh RETURN VALUES 80.Fn OCSP_CRLID_new 81returns a new 82.Vt OCSP_CRLID 83object or 84.Dv NULL 85if an error occurred. 86.Pp 87.Fn OCSP_crlID_new 88returns a new 89.Vt X509_EXTENSION 90object or 91.Dv NULL 92if an error occurred. 93.Sh SEE ALSO 94.Xr OCSP_REQUEST_new 3 , 95.Xr OCSP_resp_find_status 3 , 96.Xr OCSP_response_status 3 , 97.Xr X509_EXTENSION_new 3 98.Sh STANDARDS 99RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate 100Status Protocol, section 4.4.2: CRL References 101.Sh HISTORY 102.Fn OCSP_CRLID_new , 103.Fn OCSP_CRLID_free , 104and 105.Fn OCSP_crlID_new 106first appeared in OpenSSL 0.9.7 and have been available since 107.Ox 3.2 . 108.Sh CAVEATS 109The function names 110.Fn OCSP_CRLID_new 111and 112.Fn OCSP_crlID_new 113only differ in case. 114