1*f8bfd92aSschwarze.\" $OpenBSD: OCSP_SERVICELOC_new.3,v 1.8 2019/08/23 12:23:39 schwarze Exp $ 2eb447716Sschwarze.\" 3eb447716Sschwarze.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 4eb447716Sschwarze.\" 5eb447716Sschwarze.\" Permission to use, copy, modify, and distribute this software for any 6eb447716Sschwarze.\" purpose with or without fee is hereby granted, provided that the above 7eb447716Sschwarze.\" copyright notice and this permission notice appear in all copies. 8eb447716Sschwarze.\" 9eb447716Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10eb447716Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11eb447716Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12eb447716Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13eb447716Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14eb447716Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15eb447716Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16eb447716Sschwarze.\" 17*f8bfd92aSschwarze.Dd $Mdocdate: August 23 2019 $ 18eb447716Sschwarze.Dt OCSP_SERVICELOC_NEW 3 19eb447716Sschwarze.Os 20eb447716Sschwarze.Sh NAME 21eb447716Sschwarze.Nm OCSP_SERVICELOC_new , 22eb447716Sschwarze.Nm OCSP_SERVICELOC_free , 23eb447716Sschwarze.Nm OCSP_url_svcloc_new 24eb447716Sschwarze.Nd OCSP service locator extension 25eb447716Sschwarze.Sh SYNOPSIS 26eb447716Sschwarze.In openssl/ocsp.h 27eb447716Sschwarze.Ft OCSP_SERVICELOC * 28eb447716Sschwarze.Fn OCSP_SERVICELOC_new void 29eb447716Sschwarze.Ft void 30eb447716Sschwarze.Fn OCSP_SERVICELOC_free "OCSP_SERVICELOC *sloc" 31eb447716Sschwarze.Ft X509_EXTENSION * 32eb447716Sschwarze.Fo OCSP_url_svcloc_new 33eb447716Sschwarze.Fa "X509_NAME *issuer" 348697367bSschwarze.Fa "const char **urls" 35eb447716Sschwarze.Fc 36eb447716Sschwarze.Sh DESCRIPTION 37eb447716SschwarzeDue to restrictions of network routing, a client may be unable to 38eb447716Sschwarzedirectly contact the authoritative OCSP server for a certificate 39eb447716Sschwarzethat needs to be checked. 40eb447716SschwarzeIn that case, the request can be sent via a proxy server. 4156bc162bSschwarzeAn ASN.1 4256bc162bSschwarze.Vt ServiceLocator 4356bc162bSschwarzestructure is included in the singleRequestExtensions field of the 4456bc162bSschwarze.Vt Request 4556bc162bSschwarzestructure to indicate where to forward the request. 4656bc162bSschwarzeThe 4756bc162bSschwarze.Vt ServiceLocator 4856bc162bSschwarzeis represented by a 49eb447716Sschwarze.Vt OCSP_SERVICELOC 50eb447716Sschwarzeobject, which will be stored inside the 51eb447716Sschwarze.Vt OCSP_ONEREQ 52eb447716Sschwarzeobject documented in 53eb447716Sschwarze.Xr OCSP_ONEREQ_new 3 . 54eb447716Sschwarze.Pp 55eb447716Sschwarze.Fn OCSP_SERVICELOC_new 56eb447716Sschwarzeallocates and initializes an empty 57eb447716Sschwarze.Vt OCSP_SERVICELOC 58eb447716Sschwarzeobject. 59eb447716Sschwarze.Fn OCSP_SERVICELOC_free 60eb447716Sschwarzefrees 61eb447716Sschwarze.Fa sloc . 62eb447716Sschwarze.Pp 63eb447716Sschwarze.Fn OCSP_url_svcloc_new 64eb447716Sschwarzerequires an 65eb447716Sschwarze.Fa issuer 66bda13fd6Sjmcname and optionally accepts an array of 67eb447716Sschwarze.Fa urls . 68eb447716SschwarzeIf 69eb447716Sschwarze.Fa urls 70eb447716Sschwarzeor its first element is 71eb447716Sschwarze.Dv NULL , 7256bc162bSschwarzethe locator field is omitted from the 7356bc162bSschwarze.Vt ServiceLocator 7456bc162bSschwarzestructure and only the issuer is included. 7556bc162bSschwarzeThe resulting 7656bc162bSschwarze.Vt ServiceLocator 7756bc162bSschwarzestructure is encoded in ASN.1 using 78eb447716Sschwarze.Xr X509V3_EXT_i2d 3 79eb447716Sschwarzewith criticality 0. 80eb447716Sschwarze.Sh RETURN VALUES 81eb447716Sschwarze.Fn OCSP_SERVICELOC_new 82eb447716Sschwarzereturns a new 83eb447716Sschwarze.Vt OCSP_SERVICELOC 84eb447716Sschwarzeobject or 85eb447716Sschwarze.Dv NULL 86eb447716Sschwarzeif an error occurred. 87eb447716Sschwarze.Pp 88eb447716Sschwarze.Fn OCSP_url_svcloc_new 89eb447716Sschwarzereturns a new 90eb447716Sschwarze.Vt X509_EXTENSION 91eb447716Sschwarzeobject or 92eb447716Sschwarze.Dv NULL 93eb447716Sschwarzeif an error occurred. 94eb447716Sschwarze.Sh SEE ALSO 9569abbf6cSschwarze.Xr OCSP_REQUEST_new 3 , 967d198614Sschwarze.Xr X509_EXTENSION_new 3 , 97*f8bfd92aSschwarze.Xr X509_get1_ocsp 3 , 9869abbf6cSschwarze.Xr X509_get_issuer_name 3 , 9969abbf6cSschwarze.Xr X509_NAME_new 3 100eb447716Sschwarze.Sh STANDARDS 101eb447716SschwarzeRFC 6960: X.509 Internet Public Key Infrastructure Online Certificate 102eb447716SschwarzeStatus Protocol, section 4.4.6: Service Locator 10380d1afcdSschwarze.Sh HISTORY 10480d1afcdSschwarze.Fn OCSP_SERVICELOC_new , 10580d1afcdSschwarze.Fn OCSP_SERVICELOC_free , 10680d1afcdSschwarzeand 10780d1afcdSschwarze.Fn OCSP_url_svcloc_new 10880d1afcdSschwarzefirst appeared in OpenSSL 0.9.7 and have been available since 10980d1afcdSschwarze.Ox 3.2 . 110