OCSP_check_validity (3)
Leading comments
Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) Standard preamble: ========================================================================
NAME
OCSP_resp_get0_certs, OCSP_resp_get0_id, OCSP_resp_get0_produced_at, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functionsSYNOPSIS
#include <openssl/ocsp.h> int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd); const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( const OCSP_BASICRESP* single); const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname); int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
DESCRIPTION
OCSP_resp_find_status() searches bs for anOCSP_resp_count() returns the number of
OCSP_resp_get0() returns the
OCSP_resp_find() searches bs for id and returns the index of the first matching entry after last or starting from the beginning if last is -1.
OCSP_single_get0_status() extracts the fields of single in *reason, *revtime, *thisupd and *nextupd.
OCSP_resp_get0_produced_at() extracts the producedAt field from the single response bs.
OCSP_resp_get0_certs() returns any certificates included in bs.
OCSP_resp_get0_id() gets the responder id of <bs>. If the responder
OCSP_check_validity() checks the validity of thisupd and nextupd values which will be typically obtained from OCSP_resp_find_status() or OCSP_single_get0_status(). If sec is non-zero it indicates how many seconds leeway should be allowed in the check. If maxsec is positive it indicates the maximum age of thisupd in seconds.
RETURN VALUES
OCSP_resp_find_status() returns 1 if id is found in bs and 0 otherwise.OCSP_resp_count() returns the total number of
OCSP_resp_get0() returns a pointer to an
OCSP_resp_find() returns the index of id in bs (which may be 0) or -1 if id was not found.
OCSP_single_get0_status() returns the status of single or -1 if an error occurred.
NOTES
Applications will typically call OCSP_resp_find_status() using the certificateAn
The values written to *revtime, *thisupd and *nextupd by OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers which
SEE ALSO
crypto(3), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_response_status(3), OCSP_sendreq_new(3)COPYRIGHT
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.Licensed under the OpenSSL license (the ``License''). You may not use this file except in compliance with the License. You can obtain a copy in the file