OCSP

A client makes an OCSP request to what is termed an ‘OCSP responder’. This responder returns a signed response attesting that the certificate in question has not been revoked. One common way of making OCSP requests is via HTTP, see RFC 2560 Appendix A for details.

class OCSP::Request
OCSP::Request(const X509_Certificate &issuer_cert, const X509_Certificate &subject_cert)

Create a new OCSP request

std::vector<byte> BER_encode() const

Encode the current OCSP request as a binary string.

std::string base64_encode() const

Encode the current OCSP request as a base64 string.

class OCSP::Response
OCSP::Response(const Certificate_Store &trusted_roots, const std::vector<byte> &response)

Deserializes response sent by a responder, and checks that it was signed by a certificate associated with one of the CAs stored in trusted_roots.

bool affirmative_response_for(const X509_Certificate &issuer, const X509_Certificate &subject) const

Returns true if and only if this OCSP response is not an error, is signed correctly, and the response indicates that subject is not currently revoked.

OCSP::Response online_check(const X509_Certificate &issuer, const X509_Certificate &subject, const Certificate_Store *trusted_roots)

Attempts to contact the OCSP responder specified in the subject certificate and