NAME

       OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length,
       OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query
       functions

SYNOPSIS

        #include <openssl/ocsp.h>

        OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
                                       int maxline);

        int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);

        void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);

        void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);

        int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
                                     const char *name, const char *value);

        int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);

        OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req,
                                        int maxline);

DESCRIPTION

       The function OCSP_sendreq_new() returns an OCSP_CTX structure using the responder io, the
       URL path path, the OCSP request req and with a response header maximum line length of
       maxline. If maxline is zero a default value of 4k is used. The OCSP request req may be set
       to NULL and provided later if required.

       OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context rctx. When the
       operation is complete it returns the response in *presp.

       OCSP_REQ_CTX_free() frees up the OCSP context rctx.

       OCSP_set_max_response_length() sets the maximum response length for rctx to len. If the
       response exceeds this length an error occurs. If not set a default value of 100k is used.

       OCSP_REQ_CTX_add1_header() adds header name with value value to the context rctx. It can
       be called more than once to add multiple headers.  It MUST be called before any calls to
       OCSP_sendreq_nbio(). The req parameter in the initial to OCSP_sendreq_new() call MUST be
       set to NULL if additional headers are set.

       OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This function should be
       called after any calls to OCSP_REQ_CTX_add1_header().

       OCSP_sendreq_bio() performs an OCSP request using the responder io, the URL path path, the
       OCSP request req and with a response header maximum line length of maxline. If maxline is
       zero a default value of 4k is used.

RETURN VALUES

       OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL if an error occurred.

       OCSP_sendreq_nbio() returns 1 if the operation was completed successfully, -1 if the
       operation should be retried and 0 if an error occurred.

       OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return 1 for success and 0 for
       failure.

       OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the responder or NULL if an
       error occurred.

       OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.

NOTES

       These functions only perform a minimal HTTP query to a responder. If an application wishes
       to support more advanced features it should use an alternative more complete HTTP library.

       Currently only HTTP POST queries to responders are supported.

       The arguments to OCSP_sendreq_new() correspond to the components of the URL.  For example
       if the responder URL is http://ocsp.com/ocspreq the BIO io should be connected to host
       ocsp.com on port 80 and path should be set to "/ocspreq"

       The headers added with OCSP_REQ_CTX_add1_header() are of the form "name: value" or just
       "name" if value is NULL. So to add a Host header for ocsp.com you would call:

        OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");

       If OCSP_sendreq_nbio() indicates an operation should be retried the corresponding BIO can
       be examined to determine which operation (read or write) should be retried and appropriate
       action taken (for example a select() call on the underlying socket).

       OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking I/O
       efficiently. It is retained for compatibility and its use in new applications is not
       recommended.

SEE ALSO

       crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3),
       OCSP_resp_find_status(3), OCSP_response_status(3)

COPYRIGHT

       Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the OpenSSL license (the "License").  You may not use this file except in
       compliance with the License.  You can obtain a copy in the file LICENSE in the source
       distribution or at <https://www.openssl.org/source/license.html>.