aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual/ocsp.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/manual/ocsp.rst')
-rw-r--r--doc/manual/ocsp.rst39
1 files changed, 39 insertions, 0 deletions
diff --git a/doc/manual/ocsp.rst b/doc/manual/ocsp.rst
new file mode 100644
index 000000000..6c52cbe50
--- /dev/null
+++ b/doc/manual/ocsp.rst
@@ -0,0 +1,39 @@
+OCSP
+========================================
+
+A client makes an OCSP request to what is termed an 'OCSP responder'.
+This responder returns a signed response attesting that the
+certificate in question has not been revoked. One common way of making
+OCSP requests is via HTTP, see :rfc:`2560` Appendix A for details.
+
+.. cpp:class:: OCSP::Request
+
+ .. cpp:function:: OCSP::Request(const X509_Certificate& issuer_cert, \
+ const X509_Certificate& subject_cert)
+
+ Create a new OCSP request
+
+ .. cpp:function:: std::vector<byte> BER_encode() const
+
+ Encode the current OCSP request as a binary string.
+
+ .. cpp:function:: std::string base64_encode() const
+
+ Encode the current OCSP request as a base64 string.
+
+.. cpp:class:: OCSP::Response
+
+ .. cpp:function:: OCSP::Response(const Certificate_Store& trusted_roots, \
+ const std::vector<byte>& response)
+
+ Deserializes *response* sent by a responder, and checks that it
+ was signed by a certificate associated with one of the CAs
+ stored in *trusted_roots*.
+
+ .. cpp:function:: bool affirmative_response_for(const X509_Certificate& issuer, \
+ const X509_Certificate& subject) const
+
+ Returns true if and only if this OCSP response is not an error,
+ is signed correctly, and the response indicates that *subject*
+ is not currently revoked.
+