gnutls_certificate_set_ocsp_status_request_file(3) — Linux manual page

NAME | SYNOPSIS | ARGUMENTS | DESCRIPTION | NOTE | RETURNS | SINCE | REPORTING BUGS | COPYRIGHT | SEE ALSO | COLOPHON

gnutls_certi..._request_file(3)  gnutls  gnutls_certi..._request_file(3)

NAME         top

       gnutls_certificate_set_ocsp_status_request_file - API function

SYNOPSIS         top

       #include <gnutls/gnutls.h>

       int
       gnutls_certificate_set_ocsp_status_request_file(gnutls_certificate_credentials_t
       sc, const char * response_file, unsigned idx);

ARGUMENTS         top

       gnutls_certificate_credentials_t sc
                   is a credentials structure.

       const char * response_file
                   a filename of the OCSP response

       unsigned idx
                   is a certificate index as returned by
                   gnutls_certificate_set_key() and friends

DESCRIPTION         top

       This function loads the provided OCSP response. It will be sent
       to the client if requests an OCSP certificate status for the
       certificate chain specified by  idx .

NOTE         top

       the ability to set multiple OCSP responses per credential
       structure via the index  idx was added in version 3.5.6. To keep
       backwards compatibility, it requires using
       gnutls_certificate_set_flags() with the GNUTLS_CERTIFICATE_API_V2
       flag to make the set certificate functions return an index usable
       by this function.

       This function can be called multiple times since GnuTLS 3.6.3
       when multiple responses which apply to the chain are available.
       If the response provided does not match any certificates present
       in the chain, the code GNUTLS_E_OCSP_MISMATCH_WITH_CERTS is
       returned.  To revert to the previous behavior set the flag
       GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK in the certificate
       credentials structure. In that case, only the end-certificate's
       OCSP response can be set.  If the response is already expired at
       the time of loading the code GNUTLS_E_EXPIRED is returned.

       To revert to the previous behavior of this function which does
       not return any errors, set the flag
       GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK

RETURNS         top

       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a
       negative error code is returned.

SINCE         top

       3.1.3

REPORTING BUGS         top

       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT         top

       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty
       provided the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit

       https://www.gnutls.org/manual/

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨http://www.gnutls.org/⟩.  If you have a bug report for this
       manual page, send it to bugs@gnutls.org.  This page was obtained
       from the tarball gnutls-3.8.2.tar.xz fetched from
       ⟨http://www.gnutls.org/download.html⟩ on 2023-12-22.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to man-pages@man7.org

gnutls                            3.8.2  gnutls_certi..._request_file(3)