Import OCSP documentation from OpenSSL, leaving out some stuff

that we don't have, fixing some bugs and tweaking some parts for readability. P.S. Why did some people write a HTTP client implementation and then decide that the best place to publish it might be a crypto(3) library? Oh never mind, to go easy on my sanity, i should probably stop asking such questions and just document what i find.
author: schwarze <> 2016-11-27 20:40:07 +0000
committer: schwarze <> 2016-11-27 20:40:07 +0000
commit: 2613b464a5e73671df478b07cbb7bb84c6ceea0d (patch)
tree: 37809d727204ff4a84215c775599f31426aed275 /src/lib/libcrypto/man/OCSP_REQUEST_new.3
parent: 9dfb65eab2197f3d5d42b3a11527c846bb6c584c (diff)
download: openbsd-2613b464a5e73671df478b07cbb7bb84c6ceea0d.tar.gz
openbsd-2613b464a5e73671df478b07cbb7bb84c6ceea0d.tar.bz2
openbsd-2613b464a5e73671df478b07cbb7bb84c6ceea0d.zip
1 files changed, 241 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/OCSP_REQUEST_new.3 b/src/lib/libcrypto/man/OCSP_REQUEST_new.3
new file mode 100644
index 0000000000..dd08b7c2ca
--- /dev/null
+++ b/src/lib/libcrypto/man/OCSP_REQUEST_new.3
@@ -0,0 +1,241 @@
+.\"     $OpenBSD: OCSP_REQUEST_new.3,v 1.1 2016/11/27 20:40:07 schwarze Exp $
+.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 27 2016 $
+.Dt OCSP_REQUEST_NEW 3
+.Os
+.Sh NAME
+.Nm OCSP_REQUEST_new ,
+.Nm OCSP_REQUEST_free ,
+.Nm OCSP_request_add0_id ,
+.Nm OCSP_request_sign ,
+.Nm OCSP_request_add1_cert ,
+.Nm OCSP_request_onereq_count ,
+.Nm OCSP_request_onereq_get0 ,
+.Nd OCSP request functions
+.Sh SYNOPSIS
+.In openssl/ocsp.h
+.Ft OCSP_REQUEST *
+.Fn OCSP_REQUEST_new void
+.Ft void
+.Fo OCSP_REQUEST_free
+.Fa "OCSP_REQUEST *req"
+.Fc
+.Ft OCSP_ONEREQ *
+.Fo OCSP_request_add0_id
+.Fa "OCSP_REQUEST *req"
+.Fa "OCSP_CERTID *cid"
+.Fc
+.Ft int
+.Fo OCSP_request_sign
+.Fa "OCSP_REQUEST *req"
+.Fa "X509 *signer"
+.Fa "EVP_PKEY *key"
+.Fa "const EVP_MD *dgst"
+.Fa "STACK_OF(X509) *certs"
+.Fa "unsigned long flags"
+.Fc
+.Ft int
+.Fo OCSP_request_add1_cert
+.Fa "OCSP_REQUEST *req"
+.Fa "X509 *cert"
+.Fc
+.Ft int
+.Fo OCSP_request_onereq_count
+.Fa "OCSP_REQUEST *req"
+.Fc
+.Ft OCSP_ONEREQ *
+.Fo OCSP_request_onereq_get0
+.Fa "OCSP_REQUEST *req"
+.Fa "int i"
+.Fc
+.Sh DESCRIPTION
+.Fn OCSP_REQUEST_new
+allocates and returns an empty
+.Vt OCSP_REQUEST
+structure.
+.Pp
+.Fn OCSP_REQUEST_free
+frees up the request structure
+.Fa req .
+.Pp
+.Fn OCSP_request_add0_id
+adds certificate ID
+.Fa cid
+to
+.Fa req .
+It returns the
+.Vt OCSP_ONEREQ
+structure added so an application can add additional extensions to the
+request.
+The
+.Fa cid
+parameter must not be freed up after the operation.
+.Pp
+.Fn OCSP_request_sign
+signs OCSP request
+.Fa req
+using certificate
+.Fa signer ,
+private key
+.Fa key ,
+digest
+.Fa dgst ,
+and additional certificates
+.Fa certs .
+If the
+.Fa flags
+option
+.Dv OCSP_NOCERTS
+is set, then no certificates will be included in the request.
+.Pp
+.Fn OCSP_request_add1_cert
+adds certificate
+.Fa cert
+to request
+.Fa req .
+The application is responsible for freeing up
+.Fa cert
+after use.
+.Pp
+.Fn OCSP_request_onereq_count
+returns the total number of
+.Vt OCSP_ONEREQ
+structures in
+.Fa req .
+.Pp
+.Fn OCSP_request_onereq_get0
+returns an internal pointer to the
+.Vt OCSP_ONEREQ
+contained in
+.Fa req
+of index
+.Fa i .
+The index value
+.Fa i
+runs from 0 to
+.Fn OCSP_request_onereq_count req No - 1 .
+.Pp
+An
+.Vt OCSP_REQUEST
+structure contains one or more
+.Vt OCSP_ONEREQ
+structures corresponding to each certificate.
+.Pp
+.Fn OCSP_request_onereq_count
+and
+.Fn OCSP_request_onereq_get0
+are mainly used by OCSP responders.
+.Sh RETURN VALUES
+.Fn OCSP_REQUEST_new
+returns an empty
+.Vt OCSP_REQUEST
+structure or
+.Dv NULL
+if an error occurred.
+.Pp
+.Fn OCSP_request_add0_id
+returns the
+.Vt OCSP_ONEREQ
+structure containing
+.Fa cid
+or
+.Dv NULL
+if an error occurred.
+.Pp
+.Fn OCSP_request_sign
+and
+.Fn OCSP_request_add1_cert
+return 1 for success or 0 for failure.
+.Pp
+.Fn OCSP_request_onereq_count
+returns the total number of
+.Vt OCSP_ONEREQ
+structures in
+.Fa req .
+.Pp
+.Fn OCSP_request_onereq_get0
+returns a pointer to an
+.Vt OCSP_ONEREQ
+structure or
+.Dv NULL
+if the index value is out or range.
+.Sh EXAMPLE
+Create an
+.Vt OCSP_REQUEST
+structure for certificate
+.Fa cert
+with issuer
+.Fa issuer :
+.Bd -literal -offset indent
+OCSP_REQUEST *req;
+OCSP_ID *cid;
+req = OCSP_REQUEST_new();
+if (req == NULL)
+        /* error */
+cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
+if (cid == NULL)
+        /* error */
+if (OCSP_REQUEST_add0_id(req, cid) == NULL)
+        /* error */
+ /* Do something with req, e.g. query responder */
+OCSP_REQUEST_free(req);
+.Ed
+.Sh SEE ALSO
+.Xr crypto 3 ,
+.Xr OCSP_cert_to_id 3 ,
+.Xr OCSP_request_add1_nonce 3 ,
+.Xr OCSP_resp_find_status 3 ,
+.Xr OCSP_response_status 3 ,
+.Xr OCSP_sendreq_new 3
author	schwarze <>	2016-11-27 20:40:07 +0000
committer	schwarze <>	2016-11-27 20:40:07 +0000
commit	2613b464a5e73671df478b07cbb7bb84c6ceea0d (patch)
tree	37809d727204ff4a84215c775599f31426aed275 /src/lib/libcrypto/man/OCSP_REQUEST_new.3
parent	9dfb65eab2197f3d5d42b3a11527c846bb6c584c (diff)
download	openbsd-2613b464a5e73671df478b07cbb7bb84c6ceea0d.tar.gz openbsd-2613b464a5e73671df478b07cbb7bb84c6ceea0d.tar.bz2 openbsd-2613b464a5e73671df478b07cbb7bb84c6ceea0d.zip

diff --git a/src/lib/libcrypto/man/OCSP_REQUEST_new.3 b/src/lib/libcrypto/man/OCSP_REQUEST_new.3 new file mode 100644 index 0000000000..dd08b7c2ca --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_REQUEST_new.3
@@ -0,0 +1,241 @@
	1	.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.1 2016/11/27 20:40:07 schwarze Exp $
	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
	3	.\"
	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
	5	.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved.
	6	.\"
	7	.\" Redistribution and use in source and binary forms, with or without
	8	.\" modification, are permitted provided that the following conditions
	9	.\" are met:
	10	.\"
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\"
	14	.\" 2. Redistributions in binary form must reproduce the above copyright
	15	.\" notice, this list of conditions and the following disclaimer in
	16	.\" the documentation and/or other materials provided with the
	17	.\" distribution.
	18	.\"
	19	.\" 3. All advertising materials mentioning features or use of this
	20	.\" software must display the following acknowledgment:
	21	.\" "This product includes software developed by the OpenSSL Project
	22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	23	.\"
	24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	25	.\" endorse or promote products derived from this software without
	26	.\" prior written permission. For written permission, please contact
	27	.\" openssl-core@openssl.org.
	28	.\"
	29	.\" 5. Products derived from this software may not be called "OpenSSL"
	30	.\" nor may "OpenSSL" appear in their names without prior written
	31	.\" permission of the OpenSSL Project.
	32	.\"
	33	.\" 6. Redistributions of any form whatsoever must retain the following
	34	.\" acknowledgment:
	35	.\" "This product includes software developed by the OpenSSL Project
	36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	37	.\"
	38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
	50	.\"
	51	.Dd $Mdocdate: November 27 2016 $
	52	.Dt OCSP_REQUEST_NEW 3
	53	.Os
	54	.Sh NAME
	55	.Nm OCSP_REQUEST_new ,
	56	.Nm OCSP_REQUEST_free ,
	57	.Nm OCSP_request_add0_id ,
	58	.Nm OCSP_request_sign ,
	59	.Nm OCSP_request_add1_cert ,
	60	.Nm OCSP_request_onereq_count ,
	61	.Nm OCSP_request_onereq_get0 ,
	62	.Nd OCSP request functions
	63	.Sh SYNOPSIS
	64	.In openssl/ocsp.h
	65	.Ft OCSP_REQUEST *
	66	.Fn OCSP_REQUEST_new void
	67	.Ft void
	68	.Fo OCSP_REQUEST_free
	69	.Fa "OCSP_REQUEST *req"
	70	.Fc
	71	.Ft OCSP_ONEREQ *
	72	.Fo OCSP_request_add0_id
	73	.Fa "OCSP_REQUEST *req"
	74	.Fa "OCSP_CERTID *cid"
	75	.Fc
	76	.Ft int
	77	.Fo OCSP_request_sign
	78	.Fa "OCSP_REQUEST *req"
	79	.Fa "X509 *signer"
	80	.Fa "EVP_PKEY *key"
	81	.Fa "const EVP_MD *dgst"
	82	.Fa "STACK_OF(X509) *certs"
	83	.Fa "unsigned long flags"
	84	.Fc
	85	.Ft int
	86	.Fo OCSP_request_add1_cert
	87	.Fa "OCSP_REQUEST *req"
	88	.Fa "X509 *cert"
	89	.Fc
	90	.Ft int
	91	.Fo OCSP_request_onereq_count
	92	.Fa "OCSP_REQUEST *req"
	93	.Fc
	94	.Ft OCSP_ONEREQ *
	95	.Fo OCSP_request_onereq_get0
	96	.Fa "OCSP_REQUEST *req"
	97	.Fa "int i"
	98	.Fc
	99	.Sh DESCRIPTION
	100	.Fn OCSP_REQUEST_new
	101	allocates and returns an empty
	102	.Vt OCSP_REQUEST
	103	structure.
	104	.Pp
	105	.Fn OCSP_REQUEST_free
	106	frees up the request structure
	107	.Fa req .
	108	.Pp
	109	.Fn OCSP_request_add0_id
	110	adds certificate ID
	111	.Fa cid
	112	to
	113	.Fa req .
	114	It returns the
	115	.Vt OCSP_ONEREQ
	116	structure added so an application can add additional extensions to the
	117	request.
	118	The
	119	.Fa cid
	120	parameter must not be freed up after the operation.
	121	.Pp
	122	.Fn OCSP_request_sign
	123	signs OCSP request
	124	.Fa req
	125	using certificate
	126	.Fa signer ,
	127	private key
	128	.Fa key ,
	129	digest
	130	.Fa dgst ,
	131	and additional certificates
	132	.Fa certs .
	133	If the
	134	.Fa flags
	135	option
	136	.Dv OCSP_NOCERTS
	137	is set, then no certificates will be included in the request.
	138	.Pp
	139	.Fn OCSP_request_add1_cert
	140	adds certificate
	141	.Fa cert
	142	to request
	143	.Fa req .
	144	The application is responsible for freeing up
	145	.Fa cert
	146	after use.
	147	.Pp
	148	.Fn OCSP_request_onereq_count
	149	returns the total number of
	150	.Vt OCSP_ONEREQ
	151	structures in
	152	.Fa req .
	153	.Pp
	154	.Fn OCSP_request_onereq_get0
	155	returns an internal pointer to the
	156	.Vt OCSP_ONEREQ
	157	contained in
	158	.Fa req
	159	of index
	160	.Fa i .
	161	The index value
	162	.Fa i
	163	runs from 0 to
	164	.Fn OCSP_request_onereq_count req No - 1 .
	165	.Pp
	166	An
	167	.Vt OCSP_REQUEST
	168	structure contains one or more
	169	.Vt OCSP_ONEREQ
	170	structures corresponding to each certificate.
	171	.Pp
	172	.Fn OCSP_request_onereq_count
	173	and
	174	.Fn OCSP_request_onereq_get0
	175	are mainly used by OCSP responders.
	176	.Sh RETURN VALUES
	177	.Fn OCSP_REQUEST_new
	178	returns an empty
	179	.Vt OCSP_REQUEST
	180	structure or
	181	.Dv NULL
	182	if an error occurred.
	183	.Pp
	184	.Fn OCSP_request_add0_id
	185	returns the
	186	.Vt OCSP_ONEREQ
	187	structure containing
	188	.Fa cid
	189	or
	190	.Dv NULL
	191	if an error occurred.
	192	.Pp
	193	.Fn OCSP_request_sign
	194	and
	195	.Fn OCSP_request_add1_cert
	196	return 1 for success or 0 for failure.
	197	.Pp
	198	.Fn OCSP_request_onereq_count
	199	returns the total number of
	200	.Vt OCSP_ONEREQ
	201	structures in
	202	.Fa req .
	203	.Pp
	204	.Fn OCSP_request_onereq_get0
	205	returns a pointer to an
	206	.Vt OCSP_ONEREQ
	207	structure or
	208	.Dv NULL
	209	if the index value is out or range.
	210	.Sh EXAMPLE
	211	Create an
	212	.Vt OCSP_REQUEST
	213	structure for certificate
	214	.Fa cert
	215	with issuer
	216	.Fa issuer :
	217	.Bd -literal -offset indent
	218	OCSP_REQUEST *req;
	219	OCSP_ID *cid;
	220
	221	req = OCSP_REQUEST_new();
	222	if (req == NULL)
	223	/* error */
	224	cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
	225	if (cid == NULL)
	226	/* error */
	227
	228	if (OCSP_REQUEST_add0_id(req, cid) == NULL)
	229	/* error */
	230
	231	/* Do something with req, e.g. query responder */
	232
	233	OCSP_REQUEST_free(req);
	234	.Ed
	235	.Sh SEE ALSO
	236	.Xr crypto 3 ,
	237	.Xr OCSP_cert_to_id 3 ,
	238	.Xr OCSP_request_add1_nonce 3 ,
	239	.Xr OCSP_resp_find_status 3 ,
	240	.Xr OCSP_response_status 3 ,
	241	.Xr OCSP_sendreq_new 3