CryptoSys PKI Toolkit Manual

OCSP_ReadResponse

Reads a response to an Online Certification Status Protocol (OCSP) request and outputs the main results in text form.

VB6/VBA Syntax

Public Declare Function OCSP_ReadResponse Lib "diCrPKI.dll" (ByVal strOutput As String, ByVal nOutChars As Long, ByVal strResponseFile As String, ByVal strIssuerCert As String, ByVal strExtensions As String, ByVal nOptions As Long) As Long

nRet = OCSP_ReadResponse(strOutput, nOutChars, strResponseFile, strIssuerCert, strExtensions, nOptions)

Parameters

strOutput
[out] String to receive output as ordinary text.
nOutChars
[in] Long specifying the maximum number of characters to be received.
strResponseFile
[in] String with the name of the file containing the response data in BER format.
strIssuerCert
[in] String (optional) with name of issuer's X.509 certificate file (or base64 representation).
strExtensions
[in] String Not used. Set as empty string "" or NULL.
nOptions
[in] Long Option flags. For future use. Specify zero.

C/C++ Syntax

long _stdcall OCSP_ReadResponse(char *szOutput, long nOutChars, const char *szResponseFile, const char *szIssuerCert, const char *szExtensions, long nOptions);

Returns (VB6/C)

Long: If successful, the return value is the number of characters in the output string; otherwise it returns a negative error code.

.NET Equivalent

Ocsp.ReadResponse Method

Remarks

The output is a text string outlining the main results in the response data. Typical result strings are: 

Successful response:
 Produced at 2010-03-18T00:09:28Z
 CertStatus=good
 SerialNumber=00FBC723228C8C8022D8859223DEE70660

Successful response:
 Produced at 2010-03-27T12:13:11Z
 CertStatus=revoked at 2009-05-29T19:23:16Z
 SerialNumber=7FFED5D77FD1AEEC63716CA220B098A9

malformedRequest.

unauthorized.

Note that a revoked certificate will still result in a "Successful response".

The issuer's X.509 certficate strIssuerCert is optional. If provided, it will be used to check the signature on the OCSP reponse and and an error will result if the signature is not valid. CAUTION: For some CAs (e.g. VeriSign) the key used to sign the OCSP response is not the same as the key in the issuer's certificate, so specifying the issuer's certificate in this case will result in a signature error. If you can separately obtain the certificate used to sign the OCSP response, then specify this as the strIssuerCert; otherwise leave as the empty string "".

Example

Dim nChars As Long
Dim strResponseFile As String
Dim strIssuerFile As String
Dim strBuf As String
strResponseFile = "ocsp_response_ok_dims.dat"
strIssuerFile = "UTNUSERFirst-Object.cer"
Debug.Print "ResponseFile=" & strResponseFile
Debug.Print "IssuerFile=" & strIssuerFile
nChars = OCSP_ReadResponse("", 0, strResponseFile, strIssuerFile, "", 0)
Debug.Print "OCSP_ReadResponse returns " & nChars & " (expected +ve)"
If (nChars <= 0) Then Exit Sub   ' ERROR
strBuf = String(nChars, " ")
nChars = OCSP_ReadResponse(strBuf, nChars, strResponseFile, strIssuerFile, "", 0)
Debug.Print "OCSPResponse=" & strBuf

The above example using a response received from ocsp.usertrust.com for our own code signing certificate produced the following output:

ResponseFile=ocsp_response_ok_dims.dat
IssuerFile=UTNUSERFirst-Object.cer
OCSP_ReadResponse returns 120 (expected +ve)
OCSPResponse=Successful response:
 Produced at 2010-03-18T00:09:28Z
 CertStatus=good
 SerialNumber=00FBC723228C8C8022D8859223DEE70660

See Also

OCSP_MakeRequest

[Contents] [Index]

[HOME]   [NEXT: PAD_BytesBlock...]
Copyright © 2004-12 D.I. Management Services Pty Ltd. All rights reserved.