CryptoSys PKI Toolkit Manual

OCSP_MakeRequest

Creates an Online Certification Status Protocol (OCSP) request as a base64 string.

VB6/VBA Syntax

Public Declare Function OCSP_MakeRequest Lib "diCrPKI.dll" (ByVal strOutput As String, ByVal nOutChars As Long, ByVal strIssuerCert As String, ByVal strCertFileOrSerialNum As String, ByVal strExtensions As String, ByVal nOptions As Long) As Long

nRet = OCSP_MakeRequest(strOutput, nOutChars, strIssuerCert, strCertFileOrSerialNum, strExtensions, nOptions)

Parameters

strOutput
[out] String to receive output in base64 format.
nOutChars
[in] Long specifying the maximum number of characters to be received.
strIssuerCert
[in] String with name of issuer's X.509 certificate file (or base64 representation).
strCertFileOrSerialNum
[in] String with either the name of X.509 certificate file to be checked or its serial number in hexadecimal format preceded by #x.
strExtensions
[in] String Not used. Set as empty string "" or NULL.
nOptions
[in] Long Option flags. Select one of:
PKI_HASH_SHA1 (0) to use the SHA-1 algorithm (default)
PKI_HASH_MD5 to use the MD5 algorithm
PKI_HASH_SHA224 to use the SHA-224 algorithm
PKI_HASH_SHA256 to use the SHA-256 algorithm
PKI_HASH_SHA384 to use the SHA-384 algorithm
PKI_HASH_SHA512 to use the SHA-512 algorithm

C/C++ Syntax

long _stdcall OCSP_MakeRequest(char *szOutput, long nOutChars, const char *szIssuerCert, const char *szCertFileOrSerialNum, const char *szExtensions, long nOptions);

Returns (VB6/C)

Long: If successful, the return value is the number of characters in the output string; otherwise it returns a negative error code.

.NET Equivalent

Ocsp.MakeRequest Method

Remarks

The output is a base64 string suitable for an OCSP request to an Online Certificate Status Manager. The issuer's X.509 certficate must be specified. The certificate to be checked can either be specified directly as a filename or as a serialNumber in hexadecimal format, e.g. "#x01deadbeef". If the latter format is used, it must be in hexadecimal format, so the serial number 10 would be passed as "#x0a". It is an error (NO_MATCH_ERROR) if the issuer's name of the certificate to be checked does not match the subject name of the issuer's certificate. The default hash algorithm is SHA-1. Most Online Certificate Status Managers should accept MD5 and SHA-1. Other hash algorithms may not be accepted.

One way to obtain a response is to paste the URL in the address bar of a web browser to return the status information. The base64 value produced by this function should first be URL-encoded (i.e. "/" replaced by "%2F", "+" replaced by "%2B", and "=" by "%3D"). For example, typing in the Firefox browser URL box 

http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2%2BiPob4twryIF%2BFfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa%2FLgCEQD7xyMijIyAItiFkiPe5wZg

should offer to save a file with a name like MFIwUDBOME... (well it should until the certificate expires in November 2011). This contains the response, which is a binary file that can be examined using the OCSP_ReadResponse function.

Example

This example creates an OCSP request to check our own current code signing certificate file dims.cer. This was issued by the holder of certificate in the file UTNUSERFirst-Object.cer. 

Dim nChars As Long
Dim strCertFile As String
Dim strIssuerFile As String
Dim strBuf As String

strIssuerFile = "UTNUSERFirst-Object.cer"
strCertFile = "dims.cer"

Debug.Print "IssuerFile=" & strIssuerFile
Debug.Print "CertFile=" & strCertFile
' Find required length (or error)
nChars = OCSP_MakeRequest("", 0, strIssuerFile, strCertFile, "", 0)
Debug.Print "OCSP_MakeRequest returns " & nChars & "(expected +ve)"
If (nChars <= 0) Then Exit Sub   ' ERROR
strBuf = String(nChars, " ")
nChars = OCSP_MakeRequest(strBuf, nChars, strIssuerFile, strCertFile, "", 0)
Debug.Print "OCSPRequest=" & strBuf

' Pass a hex serial number instead of filename
strCertFile = "#x 00 FB C7 23 22 8C 8C 80 22 D8 85 92 23 DE E7 06 60"
Debug.Print "Cert SerialNumber=" & strCertFile
nChars = OCSP_MakeRequest("", 0, strIssuerFile, strCertFile, "", 0)
Debug.Print "OCSP_MakeRequest returns " & nChars & "(expected +ve)"
If (nChars <= 0) Then Exit Sub   ' ERROR
strBuf = String(nChars, " ")
nChars = OCSP_MakeRequest(strBuf, nChars, strIssuerFile, strCertFile, "", 0)
Debug.Print "OCSPRequest=" & strBuf

The above example should produce the following output:

IssuerFile=UTNUSERFirst-Object.cer
CertFile=dims.cer
OCSP_MakeRequest returns 112(expected +ve)
OCSPRequest=MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEQD7xyMijIyAItiFkiPe5wZg
Cert SerialNumber=#x 00 FB C7 23 22 8C 8C 80 22 D8 85 92 23 DE E7 06 60
OCSP_MakeRequest returns 112(expected +ve)
OCSPRequest=MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEQD7xyMijIyAItiFkiPe5wZg

See Also

OCSP_ReadResponse

[Contents] [Index]

[HOME]   [NEXT: OCSP_ReadResponse...]
Copyright © 2004-12 D.I. Management Services Pty Ltd. All rights reserved.