An OpenSSL::OCSP::Request contains the certificate information for determining if a certificate has been revoked or not. A Request can be created for a certificate or from a DER-encoded request created elsewhere.

Class Methods

Creates a new OpenSSL::OCSP::Request. The request may be created empty or from a request_der string.

Instance Methods

Adds certificate_id to the request.

Adds a nonce to the OCSP request. If no nonce is given a random one will be generated.

The nonce is used to prevent replay attacks but some servers do not support it.

Returns all certificate IDs in this request.

Checks the nonce validity for this request and response.

The return value is one of the following:

-1

nonce in request only.

0

nonces both present and not equal.

1

nonces present and equal.

2

nonces both absent.

3

nonce present in response only.

For most responses, clients can check result > 0. If a responder doesn’t handle nonces result.nonzero? may be necessary. A result of 0 is always an error.

Signs this OCSP request using signer_cert and signer_key. certificates is an optional Array of certificates that may be included in the request.

Returns this request as a DER-encoded string

Verifies this request using the given certificates and X509 store.