diff options
| -rw-r--r-- | src/lib/libtls/man/tls_ocsp_process_response.3 | 55 |
1 files changed, 28 insertions, 27 deletions
diff --git a/src/lib/libtls/man/tls_ocsp_process_response.3 b/src/lib/libtls/man/tls_ocsp_process_response.3 index b40e9a02d5..6e3aa4aecc 100644 --- a/src/lib/libtls/man/tls_ocsp_process_response.3 +++ b/src/lib/libtls/man/tls_ocsp_process_response.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: tls_ocsp_process_response.3,v 1.5 2018/07/23 18:30:29 tb Exp $ | 1 | .\" $OpenBSD: tls_ocsp_process_response.3,v 1.6 2018/07/24 02:01:34 tb Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2016 Bob Beck <beck@openbsd.org> | 3 | .\" Copyright (c) 2016 Bob Beck <beck@openbsd.org> |
| 4 | .\" | 4 | .\" |
| @@ -14,19 +14,19 @@ | |||
| 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | .\" | 16 | .\" |
| 17 | .Dd $Mdocdate: July 23 2018 $ | 17 | .Dd $Mdocdate: July 24 2018 $ |
| 18 | .Dt TLS_OCSP_PROCESS_RESPONSE 3 | 18 | .Dt TLS_OCSP_PROCESS_RESPONSE 3 |
| 19 | .Os | 19 | .Os |
| 20 | .Sh NAME | 20 | .Sh NAME |
| 21 | .Nm tls_ocsp_process_response , | 21 | .Nm tls_ocsp_process_response , |
| 22 | .Nm tls_peer_ocsp_url , | ||
| 23 | .Nm tls_peer_ocsp_response_status , | ||
| 22 | .Nm tls_peer_ocsp_cert_status , | 24 | .Nm tls_peer_ocsp_cert_status , |
| 23 | .Nm tls_peer_ocsp_crl_reason , | 25 | .Nm tls_peer_ocsp_crl_reason , |
| 24 | .Nm tls_peer_ocsp_next_update , | ||
| 25 | .Nm tls_peer_ocsp_response_status , | ||
| 26 | .Nm tls_peer_ocsp_result , | 26 | .Nm tls_peer_ocsp_result , |
| 27 | .Nm tls_peer_ocsp_revocation_time , | 27 | .Nm tls_peer_ocsp_revocation_time , |
| 28 | .Nm tls_peer_ocsp_this_update , | 28 | .Nm tls_peer_ocsp_this_update , |
| 29 | .Nm tls_peer_ocsp_url | 29 | .Nm tls_peer_ocsp_next_update |
| 30 | .Nd inspect an OCSP response | 30 | .Nd inspect an OCSP response |
| 31 | .Sh SYNOPSIS | 31 | .Sh SYNOPSIS |
| 32 | .In tls.h | 32 | .In tls.h |
| @@ -36,22 +36,22 @@ | |||
| 36 | .Fa "const unsigned char *response" | 36 | .Fa "const unsigned char *response" |
| 37 | .Fa "size_t size" | 37 | .Fa "size_t size" |
| 38 | .Fc | 38 | .Fc |
| 39 | .Ft const char * | ||
| 40 | .Fn tls_peer_ocsp_url "struct tls *ctx" | ||
| 41 | .Ft int | ||
| 42 | .Fn tls_peer_ocsp_response_status "struct tls *ctx" | ||
| 39 | .Ft int | 43 | .Ft int |
| 40 | .Fn tls_peer_ocsp_cert_status "struct tls *ctx" | 44 | .Fn tls_peer_ocsp_cert_status "struct tls *ctx" |
| 41 | .Ft int | 45 | .Ft int |
| 42 | .Fn tls_peer_ocsp_crl_reason "struct tls *ctx" | 46 | .Fn tls_peer_ocsp_crl_reason "struct tls *ctx" |
| 43 | .Ft time_t | ||
| 44 | .Fn tls_peer_ocsp_next_update "struct tls *ctx" | ||
| 45 | .Ft int | ||
| 46 | .Fn tls_peer_ocsp_response_status "struct tls *ctx" | ||
| 47 | .Ft const char * | 47 | .Ft const char * |
| 48 | .Fn tls_peer_ocsp_result "struct tls *ctx" | 48 | .Fn tls_peer_ocsp_result "struct tls *ctx" |
| 49 | .Ft time_t | 49 | .Ft time_t |
| 50 | .Fn tls_peer_ocsp_revocation_time "struct tls *ctx" | 50 | .Fn tls_peer_ocsp_revocation_time "struct tls *ctx" |
| 51 | .Ft time_t | 51 | .Ft time_t |
| 52 | .Fn tls_peer_ocsp_this_update "struct tls *ctx" | 52 | .Fn tls_peer_ocsp_this_update "struct tls *ctx" |
| 53 | .Ft const char * | 53 | .Ft time_t |
| 54 | .Fn tls_peer_ocsp_url "struct tls *ctx" | 54 | .Fn tls_peer_ocsp_next_update "struct tls *ctx" |
| 55 | .Sh DESCRIPTION | 55 | .Sh DESCRIPTION |
| 56 | .Fn tls_ocsp_process_response | 56 | .Fn tls_ocsp_process_response |
| 57 | processes a raw OCSP response in | 57 | processes a raw OCSP response in |
| @@ -73,6 +73,9 @@ that was obtained by validating a stapled OCSP response during the handshake, | |||
| 73 | or via a previous call to | 73 | or via a previous call to |
| 74 | .Fn tls_ocsp_process_response . | 74 | .Fn tls_ocsp_process_response . |
| 75 | .Pp | 75 | .Pp |
| 76 | .Fn tls_peer_ocsp_response_status | ||
| 77 | returns the OCSP response status as per RFC 6960 section 2.3. | ||
| 78 | .Pp | ||
| 76 | .Fn tls_peer_ocsp_cert_status | 79 | .Fn tls_peer_ocsp_cert_status |
| 77 | returns the OCSP certificate status code as per RFC 6960 section 2.2. | 80 | returns the OCSP certificate status code as per RFC 6960 section 2.2. |
| 78 | .Pp | 81 | .Pp |
| @@ -80,14 +83,9 @@ returns the OCSP certificate status code as per RFC 6960 section 2.2. | |||
| 80 | returns the OCSP certificate revocation reason status code as per RFC 5280 | 83 | returns the OCSP certificate revocation reason status code as per RFC 5280 |
| 81 | section 5.3.1. | 84 | section 5.3.1. |
| 82 | .Pp | 85 | .Pp |
| 83 | .Fn tls_peer_ocsp_next_update | ||
| 84 | returns the OCSP next update time. | ||
| 85 | .Pp | ||
| 86 | .Fn tls_peer_ocsp_response_status | ||
| 87 | returns the OCSP response status as per RFC 6960 section 2.3. | ||
| 88 | .Pp | ||
| 89 | .Fn tls_peer_ocsp_result | 86 | .Fn tls_peer_ocsp_result |
| 90 | returns a string indicating the OCSP status. | 87 | returns a textual representation of the OCSP status code |
| 88 | returned by one of the previous three functions. | ||
| 91 | If the OCSP response was valid and the certificate was not | 89 | If the OCSP response was valid and the certificate was not |
| 92 | revoked, the string indicates the OCSP certificate status. | 90 | revoked, the string indicates the OCSP certificate status. |
| 93 | Otherwise, the string indicates | 91 | Otherwise, the string indicates |
| @@ -98,10 +96,20 @@ returns the OCSP revocation time. | |||
| 98 | .Pp | 96 | .Pp |
| 99 | .Fn tls_peer_ocsp_this_update | 97 | .Fn tls_peer_ocsp_this_update |
| 100 | returns the OCSP this update time. | 98 | returns the OCSP this update time. |
| 99 | .Pp | ||
| 100 | .Fn tls_peer_ocsp_next_update | ||
| 101 | returns the OCSP next update time. | ||
| 101 | .Sh RETURN VALUES | 102 | .Sh RETURN VALUES |
| 102 | .Fn tls_ocsp_process_response | 103 | .Fn tls_ocsp_process_response |
| 103 | returns 0 on success or -1 on error. | 104 | returns 0 on success or -1 on error. |
| 104 | .Pp | 105 | .Pp |
| 106 | .Fn tls_peer_ocsp_url | ||
| 107 | and | ||
| 108 | .Fn tls_peer_ocsp_result | ||
| 109 | return | ||
| 110 | .Dv NULL | ||
| 111 | on error or an out of memory condition. | ||
| 112 | .Pp | ||
| 105 | The | 113 | The |
| 106 | .Fn tls_peer_ocsp_response_status | 114 | .Fn tls_peer_ocsp_response_status |
| 107 | function returns one of | 115 | function returns one of |
| @@ -139,18 +147,11 @@ or | |||
| 139 | .Dv TLS_CRL_REASON_AA_COMPROMISE | 147 | .Dv TLS_CRL_REASON_AA_COMPROMISE |
| 140 | on success or -1 on error. | 148 | on success or -1 on error. |
| 141 | .Pp | 149 | .Pp |
| 142 | .Fn tls_peer_ocsp_next_update , | ||
| 143 | .Fn tls_peer_ocsp_revocation_time , | 150 | .Fn tls_peer_ocsp_revocation_time , |
| 151 | .Fn tls_peer_ocsp_this_update , | ||
| 144 | and | 152 | and |
| 145 | .Fn tls_peer_ocsp_this_update | 153 | .Fn tls_peer_ocsp_next_update |
| 146 | return a time in epoch-seconds on success or -1 on error. | 154 | return a time in epoch-seconds on success or -1 on error. |
| 147 | .Pp | ||
| 148 | .Fn tls_peer_ocsp_result | ||
| 149 | and | ||
| 150 | .Fn tls_peer_ocsp_url | ||
| 151 | return | ||
| 152 | .Dv NULL | ||
| 153 | on error or an out of memory condition. | ||
| 154 | .Sh SEE ALSO | 155 | .Sh SEE ALSO |
| 155 | .Xr tls_client 3 , | 156 | .Xr tls_client 3 , |
| 156 | .Xr tls_config_ocsp_require_stapling 3 , | 157 | .Xr tls_config_ocsp_require_stapling 3 , |