blob: 45858dfeb5129b57e4c9b32824385b078c287531 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
OCSP
========================================
A client makes an OCSP request to what is termed an 'OCSP responder'.
This responder returns a signed response attesting that the
certificate in question has not been revoked. One common way of making
OCSP requests is via HTTP, see :rfc:`2560` Appendix A for details.
.. cpp:class:: OCSP::Request
.. cpp:function:: OCSP::Request(const X509_Certificate& issuer_cert, \
const X509_Certificate& subject_cert)
Create a new OCSP request
.. cpp:function:: std::vector<byte> BER_encode() const
Encode the current OCSP request as a binary string.
.. cpp:function:: std::string base64_encode() const
Encode the current OCSP request as a base64 string.
.. cpp:class:: OCSP::Response
.. cpp:function:: OCSP::Response(const Certificate_Store& trusted_roots, \
const std::vector<byte>& response)
Deserializes *response* sent by a responder, and checks that it
was signed by a certificate associated with one of the CAs
stored in *trusted_roots*.
.. cpp:function:: bool affirmative_response_for(const X509_Certificate& issuer, \
const X509_Certificate& subject) const
Returns true if and only if this OCSP response is not an error,
is signed correctly, and the response indicates that *subject*
is not currently revoked.
.. cpp:function:: OCSP::Response online_check(const X509_Certificate& issuer, \
const X509_Certificate& subject, \
const Certificate_Store* trusted_roots)
Attempts to contact the OCSP responder specified in the subject certificate
and
|
