1*69abbf6cSschwarze.\" $OpenBSD: OCSP_SERVICELOC_new.3,v 1.3 2016/12/14 16:20:28 schwarze Exp $ 2eb447716Sschwarze.\" 3eb447716Sschwarze.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 4eb447716Sschwarze.\" 5eb447716Sschwarze.\" Permission to use, copy, modify, and distribute this software for any 6eb447716Sschwarze.\" purpose with or without fee is hereby granted, provided that the above 7eb447716Sschwarze.\" copyright notice and this permission notice appear in all copies. 8eb447716Sschwarze.\" 9eb447716Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10eb447716Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11eb447716Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12eb447716Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13eb447716Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14eb447716Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15eb447716Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16eb447716Sschwarze.\" 17*69abbf6cSschwarze.Dd $Mdocdate: December 14 2016 $ 18eb447716Sschwarze.Dt OCSP_SERVICELOC_NEW 3 19eb447716Sschwarze.Os 20eb447716Sschwarze.Sh NAME 21eb447716Sschwarze.Nm OCSP_SERVICELOC_new , 22eb447716Sschwarze.Nm OCSP_SERVICELOC_free , 23eb447716Sschwarze.Nm OCSP_url_svcloc_new 24eb447716Sschwarze.Nd OCSP service locator extension 25eb447716Sschwarze.Sh SYNOPSIS 26eb447716Sschwarze.In openssl/ocsp.h 27eb447716Sschwarze.Ft OCSP_SERVICELOC * 28eb447716Sschwarze.Fn OCSP_SERVICELOC_new void 29eb447716Sschwarze.Ft void 30eb447716Sschwarze.Fn OCSP_SERVICELOC_free "OCSP_SERVICELOC *sloc" 31eb447716Sschwarze.Ft X509_EXTENSION * 32eb447716Sschwarze.Fo OCSP_url_svcloc_new 33eb447716Sschwarze.Fa "X509_NAME *issuer" 34eb447716Sschwarze.Fa "char **urls" 35eb447716Sschwarze.Fc 36eb447716Sschwarze.Sh DESCRIPTION 37eb447716SschwarzeDue to restrictions of network routing, a client may be unable to 38eb447716Sschwarzedirectly contact the authoritative OCSP server for a certificate 39eb447716Sschwarzethat needs to be checked. 40eb447716SschwarzeIn that case, the request can be sent via a proxy server. 41eb447716SschwarzeAn ASN.1 ServiceLocator structure is included in the 42eb447716SschwarzesingleRequestExtensions field of the Request structure to indicate 43eb447716Sschwarzewhere to forward the request. 44eb447716SschwarzeThe ServiceLocator is represented by a 45eb447716Sschwarze.Vt OCSP_SERVICELOC 46eb447716Sschwarzeobject, which will be stored inside the 47eb447716Sschwarze.Vt OCSP_ONEREQ 48eb447716Sschwarzeobject documented in 49eb447716Sschwarze.Xr OCSP_ONEREQ_new 3 . 50eb447716Sschwarze.Pp 51eb447716Sschwarze.Fn OCSP_SERVICELOC_new 52eb447716Sschwarzeallocates and initializes an empty 53eb447716Sschwarze.Vt OCSP_SERVICELOC 54eb447716Sschwarzeobject. 55eb447716Sschwarze.Fn OCSP_SERVICELOC_free 56eb447716Sschwarzefrees 57eb447716Sschwarze.Fa sloc . 58eb447716Sschwarze.Pp 59eb447716Sschwarze.Fn OCSP_url_svcloc_new 60eb447716Sschwarzerequires an 61eb447716Sschwarze.Fa issuer 62bda13fd6Sjmcname and optionally accepts an array of 63eb447716Sschwarze.Fa urls . 64eb447716SschwarzeIf 65eb447716Sschwarze.Fa urls 66eb447716Sschwarzeor its first element is 67eb447716Sschwarze.Dv NULL , 68eb447716Sschwarzethe locator field is omitted from the ServiceLocator structure 69eb447716Sschwarzeand only the issuer is included. 70eb447716SschwarzeThe resulting ServiceLocator structure is encoded in ASN.1 using 71eb447716Sschwarze.Xr X509V3_EXT_i2d 3 72eb447716Sschwarzewith criticality 0. 73eb447716Sschwarze.Sh RETURN VALUES 74eb447716Sschwarze.Fn OCSP_SERVICELOC_new 75eb447716Sschwarzereturns a new 76eb447716Sschwarze.Vt OCSP_SERVICELOC 77eb447716Sschwarzeobject or 78eb447716Sschwarze.Dv NULL 79eb447716Sschwarzeif an error occurred. 80eb447716Sschwarze.Pp 81eb447716Sschwarze.Fn OCSP_url_svcloc_new 82eb447716Sschwarzereturns a new 83eb447716Sschwarze.Vt X509_EXTENSION 84eb447716Sschwarzeobject or 85eb447716Sschwarze.Dv NULL 86eb447716Sschwarzeif an error occurred. 87eb447716Sschwarze.Sh SEE ALSO 88*69abbf6cSschwarze.Xr OCSP_REQUEST_new 3 , 89*69abbf6cSschwarze.Xr X509_get_issuer_name 3 , 90*69abbf6cSschwarze.Xr X509_NAME_new 3 91eb447716Sschwarze.Sh STANDARDS 92eb447716SschwarzeRFC 6960: X.509 Internet Public Key Infrastructure Online Certificate 93eb447716SschwarzeStatus Protocol, section 4.4.6: Service Locator 94