blob: 6c52cbe50cdcaf1a8e12a2bf2421beea6fb7a721 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
OCSP
========================================
A client makes an OCSP request to what is termed an 'OCSP responder'.
This responder returns a signed response attesting that the
certificate in question has not been revoked. One common way of making
OCSP requests is via HTTP, see :rfc:`2560` Appendix A for details.
.. cpp:class:: OCSP::Request
.. cpp:function:: OCSP::Request(const X509_Certificate& issuer_cert, \
const X509_Certificate& subject_cert)
Create a new OCSP request
.. cpp:function:: std::vector<byte> BER_encode() const
Encode the current OCSP request as a binary string.
.. cpp:function:: std::string base64_encode() const
Encode the current OCSP request as a base64 string.
.. cpp:class:: OCSP::Response
.. cpp:function:: OCSP::Response(const Certificate_Store& trusted_roots, \
const std::vector<byte>& response)
Deserializes *response* sent by a responder, and checks that it
was signed by a certificate associated with one of the CAs
stored in *trusted_roots*.
.. cpp:function:: bool affirmative_response_for(const X509_Certificate& issuer, \
const X509_Certificate& subject) const
Returns true if and only if this OCSP response is not an error,
is signed correctly, and the response indicates that *subject*
is not currently revoked.
|
