OCSP_REQUEST_NEW(3)        Library Functions Manual        OCSP_REQUEST_NEW(3)

NAME
     OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_SIGNATURE_new,
     OCSP_SIGNATURE_free, OCSP_REQINFO_new, OCSP_REQINFO_free,
     OCSP_ONEREQ_new, OCSP_ONEREQ_free, OCSP_request_add0_id,
     OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count,
     OCSP_request_onereq_get0 - OCSP request functions

SYNOPSIS
     #include <openssl/ocsp.h>

     OCSP_REQUEST *
     OCSP_REQUEST_new(void);

     void
     OCSP_REQUEST_free(OCSP_REQUEST *req);

     OCSP_SIGNATURE *
     OCSP_SIGNATURE_new(void);

     void
     OCSP_SIGNATURE_free(OCSP_SIGNATURE *signature);

     OCSP_REQINFO *
     OCSP_REQINFO_new(void);

     void
     OCSP_REQINFO_free(OCSP_REQINFO *reqinfo);

     OCSP_ONEREQ *
     OCSP_ONEREQ_new(void);

     void
     OCSP_ONEREQ_free(OCSP_ONEREQ *onereq);

     OCSP_ONEREQ *
     OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);

     int
     OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
         const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);

     int
     OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);

     int
     OCSP_request_onereq_count(OCSP_REQUEST *req);

     OCSP_ONEREQ *
     OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);

DESCRIPTION
     OCSP_REQUEST_new() allocates and initializes an empty OCSP_REQUEST
     object, representing an ASN.1 OCSPRequest structure defined in RFC 6960.
     OCSP_REQUEST_free() frees req.

     OCSP_SIGNATURE_new() allocates and initializes an empty OCSP_SIGNATURE
     object, representing an ASN.1 Signature structure defined in RFC 6960.
     Such an object is used inside OCSP_REQUEST.  OCSP_SIGNATURE_free() frees
     signature.

     OCSP_REQINFO_new() allocates and initializes an empty OCSP_REQINFO
     object, representing an ASN.1 TBSRequest structure defined in RFC 6960.
     Such an object is used inside OCSP_REQUEST.  It asks about the validity
     of one or more certificates.  OCSP_REQINFO_free() frees reqinfo.

     OCSP_ONEREQ_new() allocates and initializes an empty OCSP_ONEREQ object,
     representing an ASN.1 Request structure defined in RFC 6960.  Such
     objects are used inside OCSP_REQINFO.  Each one asks about the validity
     of one certificate.  OCSP_ONEREQ_free() frees onereq.

     OCSP_request_add0_id() adds certificate ID cid to req.  It returns the
     OCSP_ONEREQ object added so an application can add additional extensions
     to the request.  The cid parameter must not be freed up after the
     operation.

     OCSP_request_sign() signs OCSP request req using certificate signer,
     private key key, digest dgst, and additional certificates certs.  If the
     flags option OCSP_NOCERTS is set, then no certificates will be included
     in the request.

     OCSP_request_add1_cert() adds certificate cert to request req.  The
     application is responsible for freeing up cert after use.

     OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ
     objects in req.

     OCSP_request_onereq_get0() returns an internal pointer to the OCSP_ONEREQ
     contained in req of index i.  The index value i runs from 0 to
     OCSP_request_onereq_count(req) - 1.

     OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly
     used by OCSP responders.

RETURN VALUES
     OCSP_REQUEST_new(), OCSP_SIGNATURE_new(), OCSP_REQINFO_new(), and
     OCSP_ONEREQ_new() return an empty OCSP_REQUEST, OCSP_SIGNATURE,
     OCSP_REQINFO, or OCSP_ONEREQ object, respectively, or NULL if an error
     occurred.

     OCSP_request_add0_id() returns the OCSP_ONEREQ object containing cid or
     NULL if an error occurred.

     OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success or
     0 for failure.

     OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ
     objects in req.

     OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ object or
     NULL if the index value is out of range.

EXAMPLES
     Create an OCSP_REQUEST object for certificate cert with issuer issuer:

           OCSP_REQUEST *req;
           OCSP_ID *cid;

           req = OCSP_REQUEST_new();
           if (req == NULL)
                   /* error */
           cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
           if (cid == NULL)
                   /* error */

           if (OCSP_REQUEST_add0_id(req, cid) == NULL)
                   /* error */

            /* Do something with req, e.g. query responder */

           OCSP_REQUEST_free(req);

SEE ALSO
     ACCESS_DESCRIPTION_new(3), crypto(3), d2i_OCSP_REQUEST(3),
     d2i_OCSP_RESPONSE(3), EVP_DigestInit(3), OCSP_cert_to_id(3),
     OCSP_CRLID_new(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3),
     OCSP_response_status(3), OCSP_sendreq_new(3), OCSP_SERVICELOC_new(3),
     X509_ocspid_print(3)

STANDARDS
     RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
     Status Protocol, section 4.1: Request Syntax

HISTORY
     These functions first appeared in OpenSSL 0.9.7 and have been available
     since OpenBSD 3.2.

Linux 6.8.7-arch1-1            February 19, 2022           Linux 6.8.7-arch1-1