diff options
Diffstat (limited to 'doc/ocsp.rst')
-rw-r--r-- | doc/ocsp.rst | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/doc/ocsp.rst b/doc/ocsp.rst new file mode 100644 index 000000000..51486dbc1 --- /dev/null +++ b/doc/ocsp.rst @@ -0,0 +1,34 @@ +OCSP +======================================== + +A client makes an OCSP request to what is termed an 'OCSP responder'. +This responder returns a signed response attesting that the +certificate in question has not been revoked. + +.. cpp:class:: OCSP::Request + + .. cpp:function:: OCSP::Request(const X509_Certificate& issuer_cert, \ + const X509_Certificate& subject_cert) + + Create a new OCSP request + + .. cpp:function:: std::string base64_encode() const + + Encode the current OCSP request as a base64 string. + +.. cpp:class:: OCSP::Response + + .. cpp:function:: OCSP::Response(const Certificate_Store& trusted_roots, \ + const std::vector<byte>& response) + + Deserializes *response* sent by a responder, and checks that it + was signed by a certificate associated with one of the CAs + stored in *trusted_roots*. + + .. cpp:function:: bool affirmative_response_for(const X509_Certificate& issuer, \ + const X509_Certificate& subject) const + + Returns true if and only if this OCSP response is not an error, + is signed correctly, and the response indicates that *issuer* is + not currently revoked. + |