Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
TLS_OCSP_PROCESS_RESP... BSD Library Functions Manual TLS_OCSP_PROCESS_RESP...

NAME
     tls_ocsp_process_response,	tls_peer_ocsp_cert_status,
     tls_peer_ocsp_crl_reason, tls_peer_ocsp_next_update,
     tls_peer_ocsp_response_status, tls_peer_ocsp_result_msg,
     tls_peer_ocsp_revocation_time, tls_peer_ocsp_this_update,
     tls_peer_ocsp_url -- inspect an OCSP response

SYNOPSIS
     #include <tls.h>

     int
     tls_ocsp_process_response(struct tls *ctx,	const unsigned char *response,
	 size_t	size);

     int
     tls_peer_ocsp_cert_status(struct tls *ctx);

     int
     tls_peer_ocsp_crl_reason(struct tls *ctx);

     time_t
     tls_peer_ocsp_next_update(struct tls *ctx);

     int
     tls_peer_ocsp_response_status(struct tls *ctx);

     const char	*
     tls_peer_ocsp_result_msg(struct tls *ctx);

     time_t
     tls_peer_ocsp_revocation_time(struct tls *ctx);

     time_t
     tls_peer_ocsp_this_update(struct tls *ctx);

     const char	*
     tls_peer_ocsp_url(struct tls *ctx);

DESCRIPTION
     tls_ocsp_process_response() processes a raw OCSP response in response of
     size size to check	the revocation status of the peer certificate from
     ctx.  A successful	return code of 0 indicates that	the certificate	has
     not been revoked.

     tls_peer_ocsp_url() returns the URL for OCSP validation of	the peer cer-
     tificate from ctx.

     The following functions return information	about the peer certificate
     from ctx that was obtained	by validating a	stapled	OCSP response during
     the handshake, or via a previous call to tls_ocsp_process_response().

     tls_peer_ocsp_cert_status() returns the OCSP certificate status code as
     per RFC 6960 section 2.2.

     tls_peer_ocsp_crl_reason()	returns	the OCSP certificate revocation	reason
     status code as per	RFC 5280 section 5.3.1.

     tls_peer_ocsp_next_update() returns the OCSP next update time.

     tls_peer_ocsp_response_status() returns the OCSP response status as per
     RFC 6960 section 2.3.

     tls_peer_ocsp_revocation_time() returns the OCSP revocation time.

     tls_peer_ocsp_this_update() returns the OCSP this update time.

RETURN VALUES
     tls_ocsp_process_response() returns 0 on success or -1 on error.

     The tls_peer_ocsp_response_status() function returns one of
     TLS_OCSP_RESPONSE_SUCCESSFUL, TLS_OCSP_RESPONSE_MALFORMED,
     TLS_OCSP_RESPONSE_INTERNALERROR, TLS_OCSP_RESPONSE_TRYLATER,
     TLS_OCSP_RESPONSE_SIGREQUIRED, or TLS_OCSP_RESPONSE_UNAUTHORIZED on suc-
     cess or -1	on error.

     The tls_peer_ocsp_cert_status() function returns one of
     TLS_OCSP_CERT_GOOD, TLS_OCSP_CERT_REVOKED,	or TLS_OCSP_CERT_UNKNOWN on
     success, and -1 on	error.

     The tls_peer_ocsp_crl_reason() function returns one of
     TLS_CRL_REASON_UNSPECIFIED, TLS_CRL_REASON_KEY_COMPROMISE,
     TLS_CRL_REASON_CA_COMPROMISE, TLS_CRL_REASON_AFFILIATION_CHANGED,
     TLS_CRL_REASON_SUPERSEDED,	TLS_CRL_REASON_CESSATION_OF_OPERATION,
     TLS_CRL_REASON_CERTIFICATE_HOLD, TLS_CRL_REASON_REMOVE_FROM_CRL,
     TLS_CRL_REASON_PRIVILEGE_WITHDRAWN, or TLS_CRL_REASON_AA_COMPROMISE on
     success or	-1 on error.

     tls_peer_ocsp_next_update(), tls_peer_ocsp_revocation_time(), and
     tls_peer_ocsp_this_update() return	a time in epoch-seconds	on success or
     -1	on error.

     tls_peer_ocsp_result_msg()	and tls_peer_ocsp_url()	return NULL on error
     or	an out of memory condition.

SEE ALSO
     tls_client(3), tls_config_ocsp_require_stapling(3), tls_conn_version(3),
     tls_connect(3), tls_handshake(3), tls_init(3)

HISTORY
     These functions appeared in OpenBSD 6.1.

AUTHORS
     Bob Beck <beck@openbsd.org>
     Marko Kreen <markokr@gmail.com>

BSD			       January 29, 2017				   BSD

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=tls_ocsp_process_response&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help