OCSP_REQUEST_ADD1_NONCE - Online Linux Manual PageSection : 3ossl
Updated : 2022-03-15
Source : 3.0.2
Note : OpenSSL

NAMEOCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce − OCSP nonce functions

SYNOPSIS​ #include <openssl/ocsp.h> ​ ​ int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); ​ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); ​ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); ​ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp);

DESCRIPTIONOCSP_request_add1_nonce() adds a nonce of value val and length len to ​OCSP request req. If val is NULL a random nonce is used. If len is zero or negative a default length will be used (currently 16 bytes). OCSP_basic_add1_nonce() is identical to OCSP_request_add1_nonce() except it adds a nonce to OCSP basic response resp. OCSP_check_nonce() compares the nonce value in req and resp. OCSP_copy_nonce() copies any nonce value present in req to resp.

RETURN VALUESOCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success and 0 for failure. OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce was present in req and 0 if an error occurred. OCSP_check_nonce() returns the result of the nonce comparison between req and resp. The return value indicates the result of the comparison. If nonces are present and equal 1 is returned. If the nonces are absent 2 is returned. If a nonce is present in the response only 3 is returned. If nonces are present and unequal 0 is returned. If the nonce is present in the request only then −1 is returned.

NOTESFor most purposes the nonce value in a request is set to a random value so the val parameter in OCSP_request_add1_nonce() is usually NULL. An OCSP nonce is typically added to an OCSP request to thwart replay attacks by checking the same nonce value appears in the response. Some responders may include a nonce in all responses even if one is not supplied. Some responders cache OCSP responses and do not sign each response for performance reasons. As a result they do not support nonces. The return values of OCSP_check_nonce() can be checked to cover each case. A positive return value effectively indicates success: nonces are both present and match, both absent or present in the response only. A nonzero return additionally covers the case where the nonce is present in the request only: this will happen if the responder doesn't support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error condition.

SEE ALSOcrypto(7), ​OCSP_cert_to_id(3), ​OCSP_REQUEST_new(3), ​OCSP_resp_find_status(3), ​OCSP_response_status(3), ​OCSP_sendreq_new(3)

COPYRIGHTCopyright 2015−2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the License). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
0
Johanes Gumabo
Data Size   :   10,855 byte
man-OCSP_request_add1_nonce.3osslBuild   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   3 / 171,561
Visitor ID   :     :  
Visitor IP   :   18.119.235.107   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.

ERROR : Need New Coding :         (parse_manual_page_|249|O___CSP_basic_add1_nonce.3ossl|36/37|el══─{─══.|.el══─{─══. ds -- \|\(em\| )         (htmlprn|149|O___CSP_basic_add1_nonce.3ossl|36/37|.el══─{─══. ds --  —  |.el══─{─══. ds -- \|\(em\| )         (parse_manual_page_|249|O___CSP_basic_add1_nonce.3ossl|43|br══─}─══|'br══─}─══ )         (htmlprn|149|O___CSP_basic_add1_nonce.3ossl|43|'br══─}─══ |'br══─}─══ )