CryptoSys PKI Pro Manual

OCSP_MakeRequest

Creates an Online Certification Status Protocol (OCSP) request as a base64 string.

VBA/VB6 Syntax

Public Declare Function OCSP_MakeRequest Lib "diCrPKI.dll" (ByVal strOutput As String, ByVal nOutChars As Long, ByVal strIssuerCert As String, ByVal strCertFileOrSerialNum As String, ByVal strExtensions As String, ByVal nOptions As Long) As Long

nRet = OCSP_MakeRequest(strOutput, nOutChars, strIssuerCert, strCertFileOrSerialNum, strExtensions, nOptions)

C/C++ Syntax

long __stdcall OCSP_MakeRequest(char *szOutput, long nOutChars, const char *szIssuerCert, const char *szCertFileOrSerialNum, const char *szExtensions, long nOptions);

Parameters

szOutput
[out] to receive output in base64 format.
nOutChars
[in] specifying the maximum number of characters to be received.
szIssuerCert
[in] with name of issuer's X.509 certificate file (or base64 representation).
szCertFileOrSerialNum
[in] with either the name of X.509 certificate file to be checked or its serial number in hexadecimal format preceded by "#x".
szExtensions
[in] Not used. Set as empty string "" or NULL.
nOptions
[in] Option flags. Select one of:
PKI_HASH_SHA1 (0) to use the SHA-1 algorithm (default)
PKI_HASH_SHA224 to use the SHA-224 algorithm
PKI_HASH_SHA256 to use the SHA-256 algorithm
PKI_HASH_SHA384 to use the SHA-384 algorithm
PKI_HASH_SHA512 to use the SHA-512 algorithm
PKI_HASH_MD5 to use the MD5 algorithm

Returns (VBA/C)

If successful, the return value is the number of characters in or required for the output string; otherwise it returns a negative error code.

VBA Wrapper Syntax

Public Function ocspMakeRequest (szIssuerCert As String, szCertFileOrSerialNum As String, nOptions As Long, Optional szExtensions As String = "") As String

.NET Equivalent

Ocsp.MakeRequest Method

C++ (STL) Equivalent

static std::string dipki::Ocsp::MakeRequest (const std::string &issuerCert, const std::string &certFileOrSerialNumber, HashAlg hashAlg=HashAlg::Sha1)

Python Equivalent

static Ocsp.make_request(issuercert, certfile_or_serialnumber, hashalg=0)

Remarks

For the "raw" VBA/C function, the user must allocate an output string buffer szOutput of the required length. Specify a zero nOutChars or an empty string for szOutput to find the required length. ANSI C users must add one to this value when allocating memory.

The output is a base64 string suitable for an OCSP request to an Online Certificate Status Manager. The issuer's X.509 certficate must be specified. The certificate to be checked can either be specified directly as a filename or as a serialNumber in hexadecimal format preceded by "#x", e.g. "#x01deadbeef". If the latter format is used, it must be in hexadecimal format, so the serial number 10 would be passed as "#x0a". It is an error (NO_MATCH_ERROR) if the issuer's name of the certificate to be checked does not match the subject name of the issuer's certificate. The default hash algorithm is SHA-1. Most Online Certificate Status Managers should accept MD5 and SHA-1. Other hash algorithms may not be accepted.

One way to obtain a response is to paste the URL in the address bar of a web browser to return the status information. The base64 value produced by this function should first be URL-encoded (i.e. "/" replaced by "%2F", "+" replaced by "%2B", and "=" by "%3D"). For example, typing in the Firefox browser URL box 

http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2%2BiPob4twryIF%2BFfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa%2FLgCEQD7xyMijIyAItiFkiPe5wZg

should offer to save a file with a name like MFIwUDBOME.... This contains the response, which is a binary file that can be examined using the OCSP_ReadResponse() function.

Example (VBA core function)

This example creates an OCSP request to check our own (old but never revoked) code signing certificate file dims.cer. This was issued by the holder of certificate in the file UTNUSERFirst-Object.cer. 

Dim nChars As Long
Dim strCertFile As String
Dim strIssuerFile As String
Dim strBuf As String

strIssuerFile = "UTNUSERFirst-Object.cer"
strCertFile = "dims.cer"

Debug.Print "IssuerFile=" & strIssuerFile
Debug.Print "CertFile=" & strCertFile
' Find required length (or error)
nChars = OCSP_MakeRequest("", 0, strIssuerFile, strCertFile, "", 0)
Debug.Print "OCSP_MakeRequest returns " & nChars & "(expected +ve)"
If (nChars <= 0) Then Exit Sub   ' ERROR
strBuf = String(nChars, " ")
nChars = OCSP_MakeRequest(strBuf, nChars, strIssuerFile, strCertFile, "", 0)
Debug.Print "OCSPRequest=" & strBuf

' Pass a hex serial number instead of filename
strCertFile = "#x 00 FB C7 23 22 8C 8C 80 22 D8 85 92 23 DE E7 06 60"
Debug.Print "Cert SerialNumber=" & strCertFile
nChars = OCSP_MakeRequest("", 0, strIssuerFile, strCertFile, "", 0)
Debug.Print "OCSP_MakeRequest returns " & nChars & "(expected +ve)"
If (nChars <= 0) Then Exit Sub   ' ERROR
strBuf = String(nChars, " ")
nChars = OCSP_MakeRequest(strBuf, nChars, strIssuerFile, strCertFile, "", 0)
Debug.Print "OCSPRequest=" & strBuf

The above example should produce the following output:

IssuerFile=UTNUSERFirst-Object.cer
CertFile=dims.cer
OCSP_MakeRequest returns 112(expected +ve)
OCSPRequest=MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEQD7xyMijIyAItiFkiPe5wZg
Cert SerialNumber=#x 00 FB C7 23 22 8C 8C 80 22 D8 85 92 23 DE E7 06 60
OCSP_MakeRequest returns 112(expected +ve)
OCSPRequest=MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEQD7xyMijIyAItiFkiPe5wZg

Example (VBA wrapper function)

Dim strOcsp As String
strOcsp = ocspMakeRequest("UTNUSERFirst-Object.cer", "dims.cer", PKI_HASH_SHA1)
Debug.Print strOcsp
' Pass serial number instead of filename
strOcsp = ocspMakeRequest("UTNUSERFirst-Object.cer", "#x 00 FB C7 23 22 8C 8C 80 22 D8 85 92 23 DE E7 06 60", PKI_HASH_SHA1)
Debug.Print strOcsp

See Also

OCSP_ReadResponse

[Contents] [Index]

[PREV: KDF_ForCms...]   [Contents]   [Index]   
   [NEXT: OCSP_ReadResponse...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.