OCSP client. More...
#include "ocsp/ocsp_client.h"#include "ocsp/ocsp_client_misc.h"#include "ocsp/ocsp_resp_parse.h"#include "ocsp/ocsp_resp_validate.h"#include "pkix/pem_import.h"#include "pkix/x509_cert_parse.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL OCSP_TRACE_LEVEL |
Functions | |
| error_t | ocspClientInit (OcspClientContext *context) |
| OCSP client initialization. More... | |
| error_t | ocspClientRegisterTlsInitCallback (OcspClientContext *context, OcspClientTlsInitCallback callback) |
| Register TLS initialization callback function. More... | |
| error_t | ocspClientSetPrng (OcspClientContext *context, const PrngAlgo *prngAlgo, void *prngContext) |
| Set the pseudo-random number generator to be used. More... | |
| error_t | ocspClientSetTimeout (OcspClientContext *context, systime_t timeout) |
| Set communication timeout. More... | |
| error_t | ocspClientSetHost (OcspClientContext *context, const char_t *host) |
| Set the domain name of the OCSP server. More... | |
| error_t | ocspClientSetUri (OcspClientContext *context, const char_t *uri) |
| Set request URI. More... | |
| error_t | ocspClientBindToInterface (OcspClientContext *context, NetInterface *interface) |
| Bind the OCSP client to a particular network interface. More... | |
| error_t | ocspClientConnect (OcspClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort) |
| Specify the address of the OCSP server. More... | |
| error_t | ocspClientCreateRequest (OcspClientContext *context, const char_t *cert, size_t certLen, const char_t *issuerCert, size_t issuerCertLen) |
| Create OCSP request. More... | |
| error_t | ocspClientSendRequest (OcspClientContext *context) |
| Perform OCSP request/response transaction. More... | |
| error_t | ocspClientValidateResponse (OcspClientContext *context, const char_t *cert, size_t certLen, const char_t *issuerCert, size_t issuerCertLen) |
| Validate OCSP response. More... | |
| const OcspResponse * | ocspClientGetResponse (OcspClientContext *context) |
| Get OCSP response. More... | |
| OcspResponseStatus | ocspClientGetResponseStatus (OcspClientContext *context) |
| Get the processing status of the prior request. More... | |
| OcspCertStatus | ocspClientGetCertificateStatus (OcspClientContext *context) |
| Get the revocation status of the certificate. More... | |
| error_t | ocspClientDisconnect (OcspClientContext *context) |
| Gracefully disconnect from the OCSP server. More... | |
| error_t | ocspClientClose (OcspClientContext *context) |
| Close the connection with the OCSP server. More... | |
| void | ocspClientDeinit (OcspClientContext *context) |
| Release OCSP client context. More... | |
Detailed Description
OCSP client.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneCRYPTO Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Description
OCSP is a protocol used to determine the current status of a digital certificate without requiring CRLs. Refer to the following RFCs for complete details:
- RFC 6960: X.509 Internet Public Key Infrastructure OCSP
- RFC 8954: Online Certificate Status Protocol (OCSP) Nonce Extension
- Version
- 2.4.4
Definition in file ocsp_client.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL OCSP_TRACE_LEVEL |
Definition at line 40 of file ocsp_client.c.
Function Documentation
◆ ocspClientBindToInterface()
| error_t ocspClientBindToInterface | ( | OcspClientContext * | context, |
| NetInterface * | interface | ||
| ) |
Bind the OCSP client to a particular network interface.
- Parameters
-
[in] context Pointer to the OCSP client context [in] interface Network interface to be used
- Returns
- Error code
Definition at line 222 of file ocsp_client.c.
◆ ocspClientClose()
| error_t ocspClientClose | ( | OcspClientContext * | context | ) |
Close the connection with the OCSP server.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Error code
Definition at line 909 of file ocsp_client.c.
◆ ocspClientConnect()
| error_t ocspClientConnect | ( | OcspClientContext * | context, |
| const IpAddr * | serverIpAddr, | ||
| uint16_t | serverPort | ||
| ) |
Specify the address of the OCSP server.
- Parameters
-
[in] context Pointer to the OCSP client context [in] serverIpAddr IP address of the OCSP server to connect to [in] serverPort UDP port number
- Returns
- Error code
Definition at line 245 of file ocsp_client.c.
◆ ocspClientCreateRequest()
| error_t ocspClientCreateRequest | ( | OcspClientContext * | context, |
| const char_t * | cert, | ||
| size_t | certLen, | ||
| const char_t * | issuerCert, | ||
| size_t | issuerCertLen | ||
| ) |
Create OCSP request.
- Parameters
-
[in] context Pointer to the OCSP client context [in] cert Certificate to be checked (PEM or DER format) [in] certLen Length of the certificate, in bytes [in] issuerCert Issuer's certificate (PEM or DER format) [in] issuerCertLen Length of the issuer certificate, in bytes
- Returns
- Error code
Definition at line 351 of file ocsp_client.c.
◆ ocspClientDeinit()
| void ocspClientDeinit | ( | OcspClientContext * | context | ) |
Release OCSP client context.
- Parameters
-
[in] context Pointer to the OCSP client context
Definition at line 930 of file ocsp_client.c.
◆ ocspClientDisconnect()
| error_t ocspClientDisconnect | ( | OcspClientContext * | context | ) |
Gracefully disconnect from the OCSP server.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Error code
Definition at line 843 of file ocsp_client.c.
◆ ocspClientGetCertificateStatus()
| OcspCertStatus ocspClientGetCertificateStatus | ( | OcspClientContext * | context | ) |
Get the revocation status of the certificate.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Certificate status
Definition at line 807 of file ocsp_client.c.
◆ ocspClientGetResponse()
| const OcspResponse* ocspClientGetResponse | ( | OcspClientContext * | context | ) |
Get OCSP response.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Pointer to the received OCSP response
Definition at line 747 of file ocsp_client.c.
◆ ocspClientGetResponseStatus()
| OcspResponseStatus ocspClientGetResponseStatus | ( | OcspClientContext * | context | ) |
Get the processing status of the prior request.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Response status
Definition at line 777 of file ocsp_client.c.
◆ ocspClientInit()
| error_t ocspClientInit | ( | OcspClientContext * | context | ) |
OCSP client initialization.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Error code
Definition at line 61 of file ocsp_client.c.
◆ ocspClientRegisterTlsInitCallback()
| error_t ocspClientRegisterTlsInitCallback | ( | OcspClientContext * | context, |
| OcspClientTlsInitCallback | callback | ||
| ) |
Register TLS initialization callback function.
- Parameters
-
[in] context Pointer to the OCSP client context [in] callback TLS initialization callback function
- Returns
- Error code
Definition at line 103 of file ocsp_client.c.
◆ ocspClientSendRequest()
| error_t ocspClientSendRequest | ( | OcspClientContext * | context | ) |
Perform OCSP request/response transaction.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Error code
Definition at line 398 of file ocsp_client.c.
◆ ocspClientSetHost()
| error_t ocspClientSetHost | ( | OcspClientContext * | context, |
| const char_t * | host | ||
| ) |
Set the domain name of the OCSP server.
- Parameters
-
[in] context Pointer to the OCSP client context [in] host NULL-terminated string containing the host name
- Returns
- Error code
Definition at line 173 of file ocsp_client.c.
◆ ocspClientSetPrng()
| error_t ocspClientSetPrng | ( | OcspClientContext * | context, |
| const PrngAlgo * | prngAlgo, | ||
| void * | prngContext | ||
| ) |
Set the pseudo-random number generator to be used.
- Parameters
-
[in] context Pointer to the OCSP client context [in] prngAlgo PRNG algorithm [in] prngContext Pointer to the PRNG context
- Returns
- Error code
Definition at line 128 of file ocsp_client.c.
◆ ocspClientSetTimeout()
| error_t ocspClientSetTimeout | ( | OcspClientContext * | context, |
| systime_t | timeout | ||
| ) |
Set communication timeout.
- Parameters
-
[in] context Pointer to the OCSP client context [in] timeout Timeout value, in milliseconds
- Returns
- Error code
Definition at line 152 of file ocsp_client.c.
◆ ocspClientSetUri()
| error_t ocspClientSetUri | ( | OcspClientContext * | context, |
| const char_t * | uri | ||
| ) |
Set request URI.
- Parameters
-
[in] context Pointer to the OCSP client context [in] uri NULL-terminated string that contains the resource name
- Returns
- Error code
Definition at line 198 of file ocsp_client.c.
◆ ocspClientValidateResponse()
| error_t ocspClientValidateResponse | ( | OcspClientContext * | context, |
| const char_t * | cert, | ||
| size_t | certLen, | ||
| const char_t * | issuerCert, | ||
| size_t | issuerCertLen | ||
| ) |
Validate OCSP response.
- Parameters
-
[in] context Pointer to the OCSP client context [in] cert Certificate to be checked (PEM or DER format) [in] certLen Length of the certificate, in bytes [in] issuerCert Issuer's certificate (PEM or DER format) [in] issuerCertLen Length of the issuer certificate, in bytes
- Returns
- Error code
Definition at line 575 of file ocsp_client.c.