OCSP_SERVICELOC_NEW(3) Library Functions Manual OCSP_SERVICELOC_NEW(3)
NAME
OCSP_SERVICELOC_new, OCSP_SERVICELOC_free, OCSP_url_svcloc_new — OCSP service locator extension
SYNOPSIS
#include <openssl/ocsp.h>
OCSP_SERVICELOC *
OCSP_SERVICELOC_new(void);
void
OCSP_SERVICELOC_free(OCSP_SERVICELOC *sloc);
X509_EXTENSION *
OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls);
DESCRIPTION
Due to restrictions of network routing, a client may be unable to directly contact the authoritative OCSP server for a certificate that needs to be checked. In that case, the request can be sent via a proxy server. An ASN.1 ServiceLocator structure is included in the singleRequestExtensions field of the Request structure to indicate where to forward the request. The ServiceLocator is represented by a OCSP_SERVICELOC object, which will be stored inside the OCSP_ONEREQ object documented in OCSP_ONEREQ_new(3).
OCSP_SERVICELOC_new() allocates and initializes an empty OCSP_SERVICELOC object. OCSP_SERVICELOC_free() frees sloc.
OCSP_url_svcloc_new() requires an issuer name and optionally accepts an array of urls. If urls or its first element is NULL, the locator field is omitted from the ServiceLocator structure and only the issuer is included. The resulting ServiceLocator structure is encoded in ASN.1 using X509V3_EXT_i2d(3) with criticality 0.
RETURN VALUES
OCSP_SERVICELOC_new() returns a new OCSP_SERVICELOC object or NULL if an error occurred.
OCSP_url_svcloc_new() returns a new X509_EXTENSION object or NULL if an error occurred.
SEE ALSO
OCSP_REQUEST_new(3), X509_EXTENSION_new(3), X509_get1_ocsp(3), X509_get_issuer_name(3), X509_NAME_new(3)
STANDARDS
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, section 4.4.6: Service Locator
HISTORY
OCSP_SERVICELOC_new(), OCSP_SERVICELOC_free(), and OCSP_url_svcloc_new() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2. GNU August 23, 2019 OCSP_SERVICELOC_NEW(3)