Reads a response to an Online Certification Status Protocol (OCSP) request and outputs the main results in text form.
Public Declare Function OCSP_ReadResponse Lib "diCrPKI.dll" (ByVal strOutput As String, ByVal nOutChars As Long, ByVal strResponseFile As String, ByVal strIssuerCert As String, ByVal strExtensions As String, ByVal nOptions As Long) As Long
nRet = OCSP_ReadResponse(strOutput, nOutChars, strResponseFile, strIssuerCert, strExtensions, nOptions)
long __stdcall OCSP_ReadResponse(char *szOutput, long nOutChars, const char *szResponseFile, const char *szIssuerCert, const char *szExtensions, long nOptions);
"" or NULL.If successful, the return value is the number of characters in or required for the output string; otherwise it returns a negative error code.
Public Function ocspReadResponse (szResponseFile As String, Optional szIssuerCert As String = "", Optional nOptions As Long = 0, Optional szExtensions As String = "") As String
static std::string dipki::Ocsp::ReadResponse (const std::string &responseFile, const std::string &issuerCert="")
static Ocsp.read_response(responsefile, issuercert="")
For the "raw" VBA/C function, the user must allocate an output string buffer szOutput of the required length. Specify a zero nOutChars or an empty string for szOutput to find the required length. ANSI C users must add one to this value when allocating memory.
The output is a text string outlining the main results in the response data. Typical result strings are:
Successful response: Produced at 2010-03-18T00:09:28Z CertStatus=good SerialNumber=00FBC723228C8C8022D8859223DEE70660
Successful response: Produced at 2010-03-27T12:13:11Z CertStatus=revoked at 2009-05-29T19:23:16Z SerialNumber=7FFED5D77FD1AEEC63716CA220B098A9
malformedRequest.
unauthorized.
Note that a revoked certificate will still result in a "Successful response".
The issuer's X.509 certficate szIssuerCert is optional. If provided, it will be used to check the signature on the OCSP reponse and
and an error will result if the signature is not valid.
CAUTION: For some CAs (e.g. VeriSign) the key used to sign the OCSP response is not the same as the key in the issuer's certificate,
so specifying the issuer's certificate in this case will result in a signature error.
If you can separately obtain the certificate used to sign the OCSP response, then specify this as the szIssuerCert;
otherwise leave as the empty string "".
Dim nChars As Long Dim strResponseFile As String Dim strIssuerFile As String Dim strBuf As String strResponseFile = "ocsp_response_ok_dims.dat" strIssuerFile = "UTNUSERFirst-Object.cer" Debug.Print "ResponseFile=" & strResponseFile Debug.Print "IssuerFile=" & strIssuerFile nChars = OCSP_ReadResponse("", 0, strResponseFile, strIssuerFile, "", 0) Debug.Print "OCSP_ReadResponse returns " & nChars & " (expected +ve)" If (nChars <= 0) Then Exit Sub ' ERROR strBuf = String(nChars, " ") nChars = OCSP_ReadResponse(strBuf, nChars, strResponseFile, strIssuerFile, "", 0) Debug.Print "OCSPResponse=" & strBuf
The above example using a response received from ocsp.usertrust.com for our own (old but never revoked) code signing certificate produced the following output:
ResponseFile=ocsp_response_ok_dims.dat IssuerFile=UTNUSERFirst-Object.cer OCSP_ReadResponse returns 120 (expected +ve) OCSPResponse=Successful response: Produced at 2010-03-18T00:09:28Z CertStatus=good SerialNumber=00FBC723228C8C8022D8859223DEE70660
Dim strBuf As String
strBuf = ocspReadResponse("ocsp_response_ok_dims.dat", "UTNUSERFirst-Object.cer")
Debug.Print strBuf