gnutls_certificate_set_ocsp_status_request_function - Linux


gnutls_certificate_set_ocsp_status_request_function is a GNU TLS function employed to configure a callback function that will be periodically invoked by the library to check the OCSP status of X.509 certificates. It enhances certificate validation by allowing for the verification of certificate revocation status through the Online Certificate Status Protocol (OCSP).


gnutls_certificate_set_ocsp_status_request_function(cert, func, user_data)


  • cert: The X.509 certificate handle to which an OCSP status request function will be attached.
  • func: The callback function pointer that will be triggered to perform the OCSP status request.
  • user_data: Optional user-defined data that will be passed to the callback function.


Simple usage:

#include <gnutls/gnutls.h>

void callback_function(gnutls_session_t session, const gnutls_datum_t *cert, void *user_data) {
    // Perform OCSP status check using the provided certificate

gnutls_certificate_set_ocsp_status_request_function(cert, callback_function, NULL);

Common Issues

  • Ensure your callback function adheres to the expected signature: void (*callback_function)(gnutls_session_t, const gnutls_datum_t *, void *).
  • Make sure the callback function performs the OCSP status request correctly and updates the status information in the TLS session.


This command integrates seamlessly with other GNU TLS functions. For example, it can be used in conjunction with gnutls_certificate_set_verify_function to perform custom certificate verification and enhance certificate management in TLS connections.

Related Commands

  • gnutls_certificate_set_verify_function: Set a custom certificate verification function.
  • gnutls_ocsp_status_request: Perform an OCSP status request manually.