=pod =head1 NAME OCSP_resp_get0_certs, OCSP_resp_get0_id, OCSP_resp_get0_produced_at, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions =head1 SYNOPSIS #include int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd); const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( const OCSP_BASICRESP* single); const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname); int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); =head1 DESCRIPTION OCSP_resp_find_status() searches B for an OCSP response for B. If it is successful the fields of the response are returned in B<*status>, B<*reason>, B<*revtime>, B<*thisupd> and B<*nextupd>. The B<*status> value will be one of B, B or B. The B<*reason> and B<*revtime> fields are only set if the status is B. If set the B<*reason> field will be set to the revocation reason which will be one of B, B, B, B, B, B, B, B or B. OCSP_resp_count() returns the number of B structures in B. OCSP_resp_get0() returns the B structure in B corresponding to index B. Where B runs from 0 to OCSP_resp_count(bs) - 1. OCSP_resp_find() searches B for B and returns the index of the first matching entry after B or starting from the beginning if B is -1. OCSP_single_get0_status() extracts the fields of B in B<*reason>, B<*revtime>, B<*thisupd> and B<*nextupd>. OCSP_resp_get0_produced_at() extracts the B field from the single response B. OCSP_resp_get0_certs() returns any certificates included in B. OCSP_resp_get0_id() gets the responder id of . If the responder ID is a name then <*pname> is set to the name and B<*pid> is set to NULL. If the responder ID is by key ID then B<*pid> is set to the key ID and B<*pname> is set to NULL. OCSP_check_validity() checks the validity of B and B values which will be typically obtained from OCSP_resp_find_status() or OCSP_single_get0_status(). If B is non-zero it indicates how many seconds leeway should be allowed in the check. If B is positive it indicates the maximum age of B in seconds. =head1 RETURN VALUES OCSP_resp_find_status() returns 1 if B is found in B and 0 otherwise. OCSP_resp_count() returns the total number of B fields in B. OCSP_resp_get0() returns a pointer to an B structure or B if B is out of range. OCSP_resp_find() returns the index of B in B (which may be 0) or -1 if B was not found. OCSP_single_get0_status() returns the status of B or -1 if an error occurred. =head1 NOTES Applications will typically call OCSP_resp_find_status() using the certificate ID of interest and then check its validity using OCSP_check_validity(). They can then take appropriate action based on the status of the certificate. An OCSP response for a certificate contains B and B fields. Normally the current time should be between these two values. To account for clock skew the B field can be set to non-zero in OCSP_check_validity(). Some responders do not set the B field, this would otherwise mean an ancient response would be considered valid: the B parameter to OCSP_check_validity() can be used to limit the permitted age of responses. The values written to B<*revtime>, B<*thisupd> and B<*nextupd> by OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers which B be freed up by the calling application. Any or all of these parameters can be set to NULL if their value is not required. =head1 SEE ALSO L, L, L, L, L, L =head1 COPYRIGHT Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L. =cut