RE: OCSP_basic_verify

Wed, 12 Dec 2001 09:34:33 -0800 


(sobbing) I have been looking for the documentation, but there is none.  All
I can see i the definition of
some flags:

#define OCSP_NOCERTS                    0x1
#define OCSP_NOINTERN                   0x2
#define OCSP_NOSIGS                     0x4
#define OCSP_NOCHAIN                    0x8
#define OCSP_NOVERIFY                   0x10
#define OCSP_NOEXPLICIT                 0x20
#define OCSP_NOCASIGN                   0x40
#define OCSP_NODELEGATED                0x80
#define OCSP_NOCHECKS                   0x100
#define OCSP_TRUSTOTHER                 0x200
#define OCSP_RESPID_KEY                 0x400
#define OCSP_NOTIME                     0x800

What are they?

Tat.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr S N Henson
> Sent: 11 December 2001 18:21
> To: [EMAIL PROTECTED]
> Subject: Re: OCSP_basic_verify
>
>
> Tat Sing Kong wrote:
> >
> > Hi,
> >
> > I have been trying to figure out what the flags are for this
> function and
> > have come up with the following, can someone verify?
> >
> > int OCSP_basic_verify(OCSP_BASICRESP *bs,       // the OCSP response
> >                 STACK_OF(X509) *certs,  // intermediate signing certs
> >                 X509_STORE *st,         // trusted responder certs
> >                 unsigned long flags             // flags as
> defined in ocsp.h
> >         );
> >
> > Can someone tell me what the difference between "certs" and "st" is?
> >
>
> certs is a stack of certificates which can aid the verify operation. For
> example if the response doesn't contain the signer's certificate it can
> look in there. st is a trusted certificate store which contains trusted
> certificates which are used to verify the signers certificate.
>
> Setting various values for the flags can change the meaning somewhat
> too. The ocsp application source in apps/ocsp.c and documentation should
> help clarify this.
>
> Steve.
> --
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Gemplus: http://www.gemplus.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to