aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-03-07 10:18:48 -0500
committerJack Lloyd <[email protected]>2017-03-07 10:18:48 -0500
commitb532e453086c4d5072561dcd7d596aa1b0299cb7 (patch)
tree658cb4abf0149467e1a26f5612e6172930bf01ad /doc/manual
parent76fb731331fc380f41d76a0788b22b3d7216fd82 (diff)
parent9048a00464a1dcbcaa793fb3b76382589114d05f (diff)
Merge GH #901 Allow OCSP requests without the full subject certificate
Diffstat (limited to 'doc/manual')
-rw-r--r--doc/manual/x509.rst24
1 files changed, 18 insertions, 6 deletions
diff --git a/doc/manual/x509.rst b/doc/manual/x509.rst
index 9ec8112ea..58ad1d0ca 100644
--- a/doc/manual/x509.rst
+++ b/doc/manual/x509.rst
@@ -698,10 +698,15 @@ the subject's issuing certificate.
.. cpp:class:: OCSP::Request
.. cpp:function:: OCSP::Request(const X509_Certificate& issuer_cert, \
- const X509_Certificate& subject_cert)
+ const BigInt& subject_serial)
Create a new OCSP request
+ .. cpp:function:: OCSP::Request(const X509_Certificate& issuer_cert, \
+ const X509_Certificate& subject_cert)
+
+ Variant of the above, using serial number from ``subject_cert``.
+
.. cpp:function:: std::vector<byte> BER_encode() const
Encode the current OCSP request as a binary string.
@@ -783,11 +788,18 @@ Appendix A for details. A basic implementation of this is the function
was compiled in; check by testing for the macro ``BOTAN_HAS_HTTP_UTIL``.
.. cpp:function:: OCSP::Response online_check(const X509_Certificate& issuer, \
+ const BigInt& subject_serial, \
+ const std::string& ocsp_responder, \
+ const Certificate_Store* trusted_roots)
+
+ Assemble a OCSP request for serial number ``subject_serial`` and attempt to request
+ it to responder at URI ``ocsp_responder`` over a new HTTP socket, parses and returns
+ the response. If trusted_roots is not null, then the response is additionally
+ validated using OCSP response API ``check_signature``. Otherwise, this call must be
+ performed later by the application.
+
+.. cpp:function:: OCSP::Response online_check(const X509_Certificate& issuer, \
const X509_Certificate& subject, \
const Certificate_Store* trusted_roots)
- Attempts to contact the OCSP responder specified in the subject certificate
- over a new HTTP socket, parses and returns the response. If trusted_roots is
- not null, then the response is additionally validated using OCSP response API
- ``check_signature``. Otherwise, this call must be performed later by the
- application.
+ Variant of the above but uses serial number and OCSP responder URI from ``subject``.