gnutls_certificate_get_ocsp_expiration - Linux

Overview

gnutls_certificate_get_ocsp_expiration provides the expiry time of the Online Certificate Status Protocol (OCSP) associated with a certificate. OCSP is used to check the revocation status of certificates.

Syntax

gnutls_certificate_get_ocsp_expiration(certificate)

Options/Flags

None

Examples

Obtain the OCSP expiration time:

#include <gnutls/gnutls.h>

gnutls_session_t session;
gnutls_certificate_credentials_t cred;
gnutls_datum_t ocsp_expiration;

gnutls_certificate_allocate_credentials(&cred);
gnutls_certificate_set_x509_system_trust(cred);
gnutls_init(&session, GNUTLS_SERVER);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);
gnutls_certificate_get_ocsp_expiration(
    gnutls_session_get_peer_certificate(session),
    &ocsp_expiration
);
printf("OCSP Expiration: %s\n", ocsp_expiration.data);
gnutls_certificate_free_credentials(cred);
gnutls_deinit(session);

Common Issues

• If there is no OCSP extension in the certificate, the function returns NULL.
• The returned value should be freed using gnutls_free.

Integration

This command can be used with other commands that retrieve certificate information, such as gnutls_certificate_get_issuer.

Related Commands

• gnutls_certificate_get_ocsp_info
• gnutls-ocsp(1)