gnutls_ocsp_resp_get_single — API function
#include <gnutls/ocsp.h>
int
gnutls_ocsp_resp_get_single( |
gnutls_ocsp_resp_t resp, |
unsigned indx, | |
gnutls_digest_algorithm_t * digest, | |
gnutls_datum_t * issuer_name_hash, | |
gnutls_datum_t * issuer_key_hash, | |
gnutls_datum_t * serial_number, | |
int * cert_status, | |
time_t * this_update, | |
time_t * next_update, | |
time_t * revocation_time, | |
int * revocation_reason) ; |
should contain a gnutls_ocsp_resp_t structure
Specifies which extension OID to get. Use (0) to get the first one.
output variable with gnutls_digest_algorithm_t hash algorithm
output buffer with hash of issuer's DN
output buffer with hash of issuer's public key
output buffer with serial number of certificate to check
a certificate status, a gnutls_ocsp_cert_status_t enum.
time at which the status is known to be correct.
when newer information will be available, or (time_t)−1 if unspecified
when cert_status
is
GNUTLS_OCSP_CERT_REVOKED
,
holds time of revocation.
revocation reason, a gnutls_x509_crl_reason_t enum.
This function will return the certificate information of
the indx
'ed response
in the Basic OCSP Response resp
. The information returned
corresponds to the SingleResponse structure except the final
singleExtensions, reproduced here for illustration:
<informalexample><programlisting>
:= SEQUENCE { certID CertID, certStatus CertStatus, thisUpdate GeneralizedTime, nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, singleExtensions [1] EXPLICIT Extensions OPTIONAL }
:= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, −− Hash of Issuer's DN issuerKeyHash OCTET STRING, −− Hash of Issuers public key serialNumber CertificateSerialNumber }
:= CHOICE { good [0] IMPLICIT NULL, revoked [1] IMPLICIT RevokedInfo, unknown [2] IMPLICIT UnknownInfo }
:= SEQUENCE { revocationTime GeneralizedTime, revocationReason [0] EXPLICIT CRLReason OPTIONAL } </programlisting></informalexample>
Each of the pointers to output variables may be NULL to indicate that the caller is not interested in that value.
On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error code is returned. If you have reached the last CertID available GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
Report bugs to <bug-gnutls@gnu.org>. GnuTLS home page: http://www.gnu.org/software/gnutls/ General help using GNU software: http://www.gnu.org/gethelp/
The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command
info gnutls
should give you access to the complete manual.
COPYRIGHT |
---|
Copyright © 2012 Free Software Foundation. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. |