OCSP client. More...
#include "ocsp/ocsp_client.h"
#include "ocsp/ocsp_client_misc.h"
#include "ocsp/ocsp_resp_parse.h"
#include "ocsp/ocsp_resp_validate.h"
#include "pkix/pem_import.h"
#include "pkix/x509_cert_parse.h"
#include "debug.h"
Go to the source code of this file.
Macros | |
#define | TRACE_LEVEL OCSP_TRACE_LEVEL |
Functions | |
error_t | ocspClientInit (OcspClientContext *context) |
OCSP client initialization. More... | |
error_t | ocspClientRegisterTlsInitCallback (OcspClientContext *context, OcspClientTlsInitCallback callback) |
Register TLS initialization callback function. More... | |
error_t | ocspClientSetPrng (OcspClientContext *context, const PrngAlgo *prngAlgo, void *prngContext) |
Set the pseudo-random number generator to be used. More... | |
error_t | ocspClientSetTimeout (OcspClientContext *context, systime_t timeout) |
Set communication timeout. More... | |
error_t | ocspClientSetHost (OcspClientContext *context, const char_t *host) |
Set the domain name of the OCSP server. More... | |
error_t | ocspClientSetUri (OcspClientContext *context, const char_t *uri) |
Set request URI. More... | |
error_t | ocspClientBindToInterface (OcspClientContext *context, NetInterface *interface) |
Bind the OCSP client to a particular network interface. More... | |
error_t | ocspClientConnect (OcspClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort) |
Specify the address of the OCSP server. More... | |
error_t | ocspClientCreateRequest (OcspClientContext *context, const char_t *cert, size_t certLen, const char_t *issuerCert, size_t issuerCertLen) |
Create OCSP request. More... | |
error_t | ocspClientSendRequest (OcspClientContext *context) |
Perform OCSP request/response transaction. More... | |
error_t | ocspClientValidateResponse (OcspClientContext *context, const char_t *cert, size_t certLen, const char_t *issuerCert, size_t issuerCertLen) |
Validate OCSP response. More... | |
const OcspResponse * | ocspClientGetResponse (OcspClientContext *context) |
Get OCSP response. More... | |
OcspResponseStatus | ocspClientGetResponseStatus (OcspClientContext *context) |
Get the processing status of the prior request. More... | |
OcspCertStatus | ocspClientGetCertificateStatus (OcspClientContext *context) |
Get the revocation status of the certificate. More... | |
error_t | ocspClientDisconnect (OcspClientContext *context) |
Gracefully disconnect from the OCSP server. More... | |
error_t | ocspClientClose (OcspClientContext *context) |
Close the connection with the OCSP server. More... | |
void | ocspClientDeinit (OcspClientContext *context) |
Release OCSP client context. More... | |
Detailed Description
OCSP client.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneCRYPTO Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Description
OCSP is a protocol used to determine the current status of a digital certificate without requiring CRLs. Refer to the following RFCs for complete details:
- RFC 6960: X.509 Internet Public Key Infrastructure OCSP
- RFC 8954: Online Certificate Status Protocol (OCSP) Nonce Extension
- Version
- 2.4.4
Definition in file ocsp_client.c.
Macro Definition Documentation
◆ TRACE_LEVEL
#define TRACE_LEVEL OCSP_TRACE_LEVEL |
Definition at line 40 of file ocsp_client.c.
Function Documentation
◆ ocspClientBindToInterface()
error_t ocspClientBindToInterface | ( | OcspClientContext * | context, |
NetInterface * | interface | ||
) |
Bind the OCSP client to a particular network interface.
- Parameters
-
[in] context Pointer to the OCSP client context [in] interface Network interface to be used
- Returns
- Error code
Definition at line 222 of file ocsp_client.c.
◆ ocspClientClose()
error_t ocspClientClose | ( | OcspClientContext * | context | ) |
Close the connection with the OCSP server.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Error code
Definition at line 909 of file ocsp_client.c.
◆ ocspClientConnect()
error_t ocspClientConnect | ( | OcspClientContext * | context, |
const IpAddr * | serverIpAddr, | ||
uint16_t | serverPort | ||
) |
Specify the address of the OCSP server.
- Parameters
-
[in] context Pointer to the OCSP client context [in] serverIpAddr IP address of the OCSP server to connect to [in] serverPort UDP port number
- Returns
- Error code
Definition at line 245 of file ocsp_client.c.
◆ ocspClientCreateRequest()
error_t ocspClientCreateRequest | ( | OcspClientContext * | context, |
const char_t * | cert, | ||
size_t | certLen, | ||
const char_t * | issuerCert, | ||
size_t | issuerCertLen | ||
) |
Create OCSP request.
- Parameters
-
[in] context Pointer to the OCSP client context [in] cert Certificate to be checked (PEM or DER format) [in] certLen Length of the certificate, in bytes [in] issuerCert Issuer's certificate (PEM or DER format) [in] issuerCertLen Length of the issuer certificate, in bytes
- Returns
- Error code
Definition at line 351 of file ocsp_client.c.
◆ ocspClientDeinit()
void ocspClientDeinit | ( | OcspClientContext * | context | ) |
Release OCSP client context.
- Parameters
-
[in] context Pointer to the OCSP client context
Definition at line 930 of file ocsp_client.c.
◆ ocspClientDisconnect()
error_t ocspClientDisconnect | ( | OcspClientContext * | context | ) |
Gracefully disconnect from the OCSP server.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Error code
Definition at line 843 of file ocsp_client.c.
◆ ocspClientGetCertificateStatus()
OcspCertStatus ocspClientGetCertificateStatus | ( | OcspClientContext * | context | ) |
Get the revocation status of the certificate.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Certificate status
Definition at line 807 of file ocsp_client.c.
◆ ocspClientGetResponse()
const OcspResponse* ocspClientGetResponse | ( | OcspClientContext * | context | ) |
Get OCSP response.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Pointer to the received OCSP response
Definition at line 747 of file ocsp_client.c.
◆ ocspClientGetResponseStatus()
OcspResponseStatus ocspClientGetResponseStatus | ( | OcspClientContext * | context | ) |
Get the processing status of the prior request.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Response status
Definition at line 777 of file ocsp_client.c.
◆ ocspClientInit()
error_t ocspClientInit | ( | OcspClientContext * | context | ) |
OCSP client initialization.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Error code
Definition at line 61 of file ocsp_client.c.
◆ ocspClientRegisterTlsInitCallback()
error_t ocspClientRegisterTlsInitCallback | ( | OcspClientContext * | context, |
OcspClientTlsInitCallback | callback | ||
) |
Register TLS initialization callback function.
- Parameters
-
[in] context Pointer to the OCSP client context [in] callback TLS initialization callback function
- Returns
- Error code
Definition at line 103 of file ocsp_client.c.
◆ ocspClientSendRequest()
error_t ocspClientSendRequest | ( | OcspClientContext * | context | ) |
Perform OCSP request/response transaction.
- Parameters
-
[in] context Pointer to the OCSP client context
- Returns
- Error code
Definition at line 398 of file ocsp_client.c.
◆ ocspClientSetHost()
error_t ocspClientSetHost | ( | OcspClientContext * | context, |
const char_t * | host | ||
) |
Set the domain name of the OCSP server.
- Parameters
-
[in] context Pointer to the OCSP client context [in] host NULL-terminated string containing the host name
- Returns
- Error code
Definition at line 173 of file ocsp_client.c.
◆ ocspClientSetPrng()
error_t ocspClientSetPrng | ( | OcspClientContext * | context, |
const PrngAlgo * | prngAlgo, | ||
void * | prngContext | ||
) |
Set the pseudo-random number generator to be used.
- Parameters
-
[in] context Pointer to the OCSP client context [in] prngAlgo PRNG algorithm [in] prngContext Pointer to the PRNG context
- Returns
- Error code
Definition at line 128 of file ocsp_client.c.
◆ ocspClientSetTimeout()
error_t ocspClientSetTimeout | ( | OcspClientContext * | context, |
systime_t | timeout | ||
) |
Set communication timeout.
- Parameters
-
[in] context Pointer to the OCSP client context [in] timeout Timeout value, in milliseconds
- Returns
- Error code
Definition at line 152 of file ocsp_client.c.
◆ ocspClientSetUri()
error_t ocspClientSetUri | ( | OcspClientContext * | context, |
const char_t * | uri | ||
) |
Set request URI.
- Parameters
-
[in] context Pointer to the OCSP client context [in] uri NULL-terminated string that contains the resource name
- Returns
- Error code
Definition at line 198 of file ocsp_client.c.
◆ ocspClientValidateResponse()
error_t ocspClientValidateResponse | ( | OcspClientContext * | context, |
const char_t * | cert, | ||
size_t | certLen, | ||
const char_t * | issuerCert, | ||
size_t | issuerCertLen | ||
) |
Validate OCSP response.
- Parameters
-
[in] context Pointer to the OCSP client context [in] cert Certificate to be checked (PEM or DER format) [in] certLen Length of the certificate, in bytes [in] issuerCert Issuer's certificate (PEM or DER format) [in] issuerCertLen Length of the issuer certificate, in bytes
- Returns
- Error code
Definition at line 575 of file ocsp_client.c.