OCSP_BASIC_RESPONSE_INFO structure (wincrypt.h)

The OCSP_BASIC_RESPONSE_INFO structure contains a basic online certificate status protocol (OCSP) response as specified by RFC 2560. The RFC specifies that a single response can contain a sequence of certificates for which statuses are provided. The rgResponseEntry member of this structure contains an OCSP_BASIC_RESPONSE_ENTRY structure for each certificate in a sequence.

Syntax

typedef struct _OCSP_BASIC_RESPONSE_INFO {
  DWORD                      dwVersion;
  DWORD                      dwResponderIdChoice;
  union {
    CERT_NAME_BLOB  ByNameResponderId;
    CRYPT_HASH_BLOB ByKeyResponderId;
  } DUMMYUNIONNAME;
  FILETIME                   ProducedAt;
  DWORD                      cResponseEntry;
  POCSP_BASIC_RESPONSE_ENTRY rgResponseEntry;
  DWORD                      cExtension;
  PCERT_EXTENSION            rgExtension;
} OCSP_BASIC_RESPONSE_INFO, *POCSP_BASIC_RESPONSE_INFO;

Members

dwVersion

A value that indicates the protocol version of the response.

OCSP_BASIC_RESPONSE_V1 (0)

dwResponderIdChoice

A value that indicates the type of ID the responder used in this response.

OCSP_BASIC_BY_NAME_RESPONDER_ID (1)

OCSP_BASIC_BY_KEY_RESPONDER_ID (2)

DUMMYUNIONNAME

DUMMYUNIONNAME.ByNameResponderId

A CERT_NAME_BLOB structure that contains the subject name of the responder signing certificate.

DUMMYUNIONNAME.ByKeyResponderId

A CRYPT_HASH_BLOB that contains a hash of the responder signing certificate public key.

ProducedAt

The date and time at which the response was signed.

cResponseEntry

The number of elements in the rgResponseEntry array.

rgResponseEntry

An array of pointers to OCSP_BASIC_RESPONSE_ENTRY structures, each of which contains a certificate status.

cExtension

The number of elements in the rgExtension array.

rgExtension

An array of pointers to CERT_EXTENSION structures, each of which contains additional information about the response.

Remarks

OCSP responder applications encode this structure and store it in an OCSP_BASIC_SIGNED_RESPONSE_INFO ToBeSigned member. Conversely, OCSP client applications decode the OCSP_BASIC_SIGNED_RESPONSE_INFO structure to obtain this structure.

OCSP applications can encode or decode this structure by using X509_ASN_ENCODING or PKCS_7_ASN_ENCODING.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Header wincrypt.h

See also

RFC 2560 Online Certificate Status Protocol