gnutls_certificate_get_ocsp_expiration - Linux
Overview
gnutls_certificate_get_ocsp_expiration provides the expiry time of the Online Certificate Status Protocol (OCSP) associated with a certificate. OCSP is used to check the revocation status of certificates.
Syntax
gnutls_certificate_get_ocsp_expiration(certificate)
Options/Flags
None
Examples
Obtain the OCSP expiration time:
#include <gnutls/gnutls.h>
gnutls_session_t session;
gnutls_certificate_credentials_t cred;
gnutls_datum_t ocsp_expiration;
gnutls_certificate_allocate_credentials(&cred);
gnutls_certificate_set_x509_system_trust(cred);
gnutls_init(&session, GNUTLS_SERVER);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);
gnutls_certificate_get_ocsp_expiration(
gnutls_session_get_peer_certificate(session),
&ocsp_expiration
);
printf("OCSP Expiration: %s\n", ocsp_expiration.data);
gnutls_certificate_free_credentials(cred);
gnutls_deinit(session);
Common Issues
- If there is no OCSP extension in the certificate, the function returns NULL.
- The returned value should be freed using
gnutls_free
.
Integration
This command can be used with other commands that retrieve certificate information, such as gnutls_certificate_get_issuer
.
Related Commands
gnutls_certificate_get_ocsp_info
- gnutls-ocsp(1)