Response online_check(const X509_Certificate& issuer,
const BigInt& subject_serial,
const std::string& ocsp_responder,
Certificate_Store* trusted_roots,
std::chrono::milliseconds timeout)
{
if(ocsp_responder.empty())
throw Invalid_Argument("No OCSP responder specified");
OCSP::Request req(issuer, subject_serial);
auto http = HTTP::POST_sync(ocsp_responder,
"application/ocsp-request",
req.BER_encode(),
1,
timeout);
http.throw_unless_ok();
// Check the MIME type?
OCSP::Response response(http.body());
std::vector<Certificate_Store*> trusted_roots_vec;
trusted_roots_vec.push_back(trusted_roots);
if(trusted_roots)
response.check_signature(trusted_roots_vec);
return response;
}
Response online_check(const X509_Certificate& issuer,
const X509_Certificate& subject,
const Certificate_Store* trusted_roots)
{
const std::string responder_url = subject.ocsp_responder();
if(responder_url == "")
throw std::runtime_error("No OCSP responder specified");
OCSP::Request req(issuer, subject);
auto http = HTTP::POST_sync(responder_url,
"application/ocsp-request",
req.BER_encode());
http.throw_unless_ok();
// Check the MIME type?
OCSP::Response response(*trusted_roots, http.body());
return response;
}
