OCSP¶
A client makes an OCSP request to what is termed an ‘OCSP responder’. This responder returns a signed response attesting that the certificate in question has not been revoked. One common way of making OCSP requests is via HTTP, see RFC 2560 Appendix A for details.
-
class
OCSP::
Request
¶ -
OCSP::
Request
(const X509_Certificate &issuer_cert, const X509_Certificate &subject_cert)¶ Create a new OCSP request
-
std::vector<byte>
BER_encode
() const¶ Encode the current OCSP request as a binary string.
-
std::string
base64_encode
() const¶ Encode the current OCSP request as a base64 string.
-
-
class
OCSP::
Response
¶ -
OCSP::
Response
(const Certificate_Store &trusted_roots, const std::vector<byte> &response)¶ Deserializes response sent by a responder, and checks that it was signed by a certificate associated with one of the CAs stored in trusted_roots.
-
bool
affirmative_response_for
(const X509_Certificate &issuer, const X509_Certificate &subject) const¶ Returns true if and only if this OCSP response is not an error, is signed correctly, and the response indicates that subject is not currently revoked.
-
-
OCSP::Response
online_check
(const X509_Certificate &issuer, const X509_Certificate &subject, const Certificate_Store *trusted_roots)¶ Attempts to contact the OCSP responder specified in the subject certificate and