diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-12-03 20:35:22 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-12-03 20:35:22 +0100 |
commit | f97082d162912524d417239b2b143fb52430cf7d (patch) | |
tree | 2f5a471582b36230daf210e1c3b4a545b39acb53 /manual/html_node/OCSP-status-request.html | |
download | gnutls-f97082d162912524d417239b2b143fb52430cf7d.tar.gz |
added web
Diffstat (limited to 'manual/html_node/OCSP-status-request.html')
-rw-r--r-- | manual/html_node/OCSP-status-request.html | 200 |
1 files changed, 200 insertions, 0 deletions
diff --git a/manual/html_node/OCSP-status-request.html b/manual/html_node/OCSP-status-request.html new file mode 100644 index 0000000000..822640c285 --- /dev/null +++ b/manual/html_node/OCSP-status-request.html @@ -0,0 +1,200 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<!-- This manual is last updated 17 November 2012 for version +3.1.5 of GnuTLS. + +Copyright (C) 2001-2012 Free Software Foundation, Inc. + +Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU Free Documentation License, Version 1.3 or +any later version published by the Free Software Foundation; with no +Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A +copy of the license is included in the section entitled "GNU Free +Documentation License". --> +<!-- Created by GNU Texinfo 4.13.90, http://www.gnu.org/software/texinfo/ --> +<head> +<title>GnuTLS 3.1.5: OCSP status request</title> + +<meta name="description" content="GnuTLS 3.1.5: OCSP status request"> +<meta name="keywords" content="GnuTLS 3.1.5: OCSP status request"> +<meta name="resource-type" content="document"> +<meta name="distribution" content="global"> +<meta name="Generator" content="makeinfo"> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link href="index.html#Top" rel="start" title="Top"> +<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index"> +<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> +<link href="TLS-Extensions.html#TLS-Extensions" rel="up" title="TLS Extensions"> +<link href="SRTP.html#SRTP" rel="next" title="SRTP"> +<link href="Safe-renegotiation.html#Safe-renegotiation" rel="previous" title="Safe renegotiation"> +<style type="text/css"> +<!-- +a.summary-letter {text-decoration: none} +blockquote.smallquotation {font-size: smaller} +div.display {margin-left: 3.2em} +div.example {margin-left: 3.2em} +div.indentedblock {margin-left: 3.2em} +div.lisp {margin-left: 3.2em} +div.smalldisplay {margin-left: 3.2em} +div.smallexample {margin-left: 3.2em} +div.smallindentedblock {margin-left: 3.2em; font-size: smaller} +div.smalllisp {margin-left: 3.2em} +kbd {font-style:oblique} +pre.display {font-family: inherit} +pre.format {font-family: inherit} +pre.menu-comment {font-family: serif} +pre.menu-preformatted {font-family: serif} +pre.smalldisplay {font-family: inherit; font-size: smaller} +pre.smallexample {font-size: smaller} +pre.smallformat {font-family: inherit; font-size: smaller} +pre.smalllisp {font-size: smaller} +span.nocodebreak {white-space:nowrap} +span.nolinebreak {white-space:nowrap} +span.roman {font-family:serif; font-weight:normal} +span.sansserif {font-family:sans-serif; font-weight:normal} +ul.no-bullet {list-style: none} +body { + margin: 2%; + padding: 0 5%; + background: #ffffff; +} +h1,h2,h3,h4,h5 { + font-weight: bold; + padding: 5px 5px 5px 5px; + background-color: #c2e0ff; + color: #336699; +} +h1 { + padding: 2em 2em 2em 5%; + color: white; + background: #336699; + text-align: center; + letter-spacing: 3px; +} +h2 { text-decoration: underline; } +pre { + margin: 0 5%; + padding: 0.5em; +} +pre.example,pre.verbatim { + padding-bottom: 1em; + + border: solid #c2e0ff; + background: #f0faff; + border-width: 1px 1px 1px 5px; + margin: 1em auto; + width: 90%; +} + +div.node { + margin: 0 -5% 0 -2%; + padding: 0.5em 0.5em; + margin-top: 0.5em; + margin-bottom: 0.5em; + font-weight: bold; +} +dd, li { + padding-top: 0.1em; + padding-bottom: 0.1em; +} +div.float { + + margin-bottom: 0.5em; + text-align: center; +} + +table { + text-align: left; + margin-left:auto; + margin-right:auto; + width: 50%; +} + +th { + padding: 0; + color: #336699; + background-color: #c2e0ff; + border: solid #000000; + border-width: 0px; + margin: 1em auto; + text-align: center; + margin-left:auto; + margin-right:auto; +} + +td { + padding: 0; + border: solid #000000; + background-color: #f0faff; + border-width: 0px; + margin: 1em auto; + text-align: left; + margin-left:auto; + margin-right:auto; + padding-left: 1em; +} + +dl { + text-align: left; + margin-left:auto; + margin-right:auto; + width: 50%; + + padding-left: 1em; + border: solid #c2e0ff; + background: #f0faff; + border-width: 5px 1px 1px 1px; + margin: 1em auto; +} + +--> +</style> + + +</head> + +<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000"> +<a name="OCSP-status-request"></a> +<div class="header"> +<p> +Next: <a href="SRTP.html#SRTP" accesskey="n" rel="next">SRTP</a>, Previous: <a href="Safe-renegotiation.html#Safe-renegotiation" accesskey="p" rel="previous">Safe renegotiation</a>, Up: <a href="TLS-Extensions.html#TLS-Extensions" accesskey="u" rel="up">TLS Extensions</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> +</div> +<hr> +<a name="OCSP-status-request-1"></a> +<h4 class="subsection">3.6.6 OCSP status request</h4> +<a name="index-OCSP-status-request"></a> +<a name="index-Certificate-status-request"></a> + +<p>The Online Certificate Status Protocol (OCSP) is a protocol that allows the +client to verify the server certificate for revocation without messing with +certificate revocation lists. Its drawback is that it requires the client +to connect to the server’s CA OCSP server and request the status of the +certificate. This extension however, enables a TLS server to include +its CA OCSP server response in the handshake. That is an HTTPS server +may periodically run <code>ocsptool</code> (see <a href="ocsptool-Invocation.html#ocsptool-Invocation">ocsptool Invocation</a>) to obtain +its certificate revocation status and serve it to the clients. That +way a client avoids an additional connection to the OCSP server. +</p> +<dl compact="compact"> +<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005fcertificate_005fset_005focsp_005fstatus_005frequest_005ffunction">gnutls_certificate_set_ocsp_status_request_function</a> (gnutls_certificate_credentials_t <var>sc</var>, gnutls_status_request_ocsp_func <var>ocsp_func</var>, void * <var>ptr</var>)</code></dt> +<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005fcertificate_005fset_005focsp_005fstatus_005frequest_005ffile">gnutls_certificate_set_ocsp_status_request_file</a> (gnutls_certificate_credentials_t <var>sc</var>, const char* <var>response_file</var>, unsigned int <var>flags</var>)</code></dt> +<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005focsp_005fstatus_005frequest_005fenable_005fclient">gnutls_ocsp_status_request_enable_client</a> (gnutls_session_t <var>session</var>, gnutls_datum_t * <var>responder_id</var>, size_t <var>responder_id_size</var>, gnutls_datum_t * <var>extensions</var>)</code></dt> +<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005focsp_005fstatus_005frequest_005fis_005fchecked">gnutls_ocsp_status_request_is_checked</a> (gnutls_session_t <var>session</var>, unsigned int <var>flags</var>)</code></dt> +</dl> + +<p>A server is required to provide the OCSP server’s response using the <a href="Core-TLS-API.html#gnutls_005fcertificate_005fset_005focsp_005fstatus_005frequest_005ffile">gnutls_certificate_set_ocsp_status_request_file</a>. +The response may be obtained periodically using the following command. +</p> +<div class="example"> +<pre class="example">ocsptool --ask --load-cert server_cert.pem --load-issuer the_issuer.pem + --load-signer the_issuer.pem --outfile ocsp.response +</pre></div> + +<p>Since version 3.1.3 GnuTLS clients transparently support the certificate status +request. +</p> + + + +</body> +</html> |