GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OCSP_REQUEST_ADD1_NONCE(3) FreeBSD Library Functions Manual OCSP_REQUEST_ADD1_NONCE(3)

OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonceOCSP nonce functions

#include <openssl/ocsp.h>

int
OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);

int
OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);

int
OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp);

int
OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);

An OCSP nonce is typically added to an OCSP request to thwart replay attacks by checking the same nonce value appears in the response.

() adds a nonce of value val and length len to OCSP request req. If val is NULL, a random nonce is used. If len is zero or negative, a default length will be used (currently 16 bytes). For most purposes the nonce value in a request is set to a random value so the val parameter in OCSP_request_add1_nonce() is usually NULL.

() is identical to OCSP_request_add1_nonce() except it adds a nonce to OCSP basic response resp.

() compares the nonce value in req and resp.

() copies any nonce value present in req to resp.

Some responders may include a nonce in all responses even if one is not supplied.

Some responders cache OCSP responses and do not sign each response for performance reasons. As a result they do not support nonces.

OCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success or 0 for failure.

OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce was present in req, or 0 if an error occurred.

OCSP_check_nonce() returns positive values for success: 1 if nonces are present and equal, 2 if both nonces are absent, or 3 if a nonce is present in the response only. A zero return value indicates that both nonces are present but mismatch: this should be treated as an error condition. A return value of -1 indicates that a nonce is present in the request only: this will happen if the responder doesn't support nonces.

OCSP_cert_to_id(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3)

These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

March 22, 2018 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.