From 07fb9390a5440c5b404b62891098afb4718bd97d Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 22 May 2024 08:46:20 -0700 Subject: [PATCH] Merge pull request #7567 from embhorn/gh7564 Fix doc for wolfSSL_CTX_EnableOCSP --- doc/dox_comments/header_files/ssl.h | 34 ++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 7569daf4c1..faae19822e 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -10197,7 +10197,7 @@ int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm, \sa wolfSSL_CertManagerSetOCSPOverrideURL \sa wolfSSL_CertManagerCheckOCSP \sa wolfSSL_CertManagerEnableOCSPStapling - \sa wolfSSL_ENableOCSP + \sa wolfSSL_EnableOCSP \sa wolfSSL_DisableOCSP \sa wolfSSL_SetOCSP_Cb */ @@ -10356,7 +10356,13 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor); int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb); /*! - \brief This function enables OCSP certificate verification. + \brief This function enables OCSP certificate verification. The value of + options if formed by or’ing one or more of the following options: + WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in + certificates. The override URL is specified using the + wolfSSL_CTX_SetOCSP_OverrideURL() function. + WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on + WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests \return SSL_SUCCESS returned if the function and subroutines executes without errors. @@ -10611,10 +10617,13 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb); \brief This function sets options to configure behavior of OCSP functionality in wolfSSL. The value of options if formed by or’ing one or more of the following options: - WOLFSSL_OCSP_ENABLE - enable OCSP lookups WOLFSSL_OCSP_URL_OVERRIDE - - use the override URL instead of the URL in certificates. The override URL - is specified using the wolfSSL_CTX_SetOCSP_OverrideURL() function. This - function only sets the OCSP options when wolfSSL has been compiled with + WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in + certificates. The override URL is specified using the + wolfSSL_CTX_SetOCSP_OverrideURL() function. + WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on + WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests + + This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (--enable-ocsp, #define HAVE_OCSP). \return SSL_SUCCESS is returned upon success. @@ -10627,12 +10636,17 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb); _Example_ \code - WOLFSSL_CTX* ctx = 0; - ... - wolfSSL_CTX_OCSP_set_options(ctx, WOLFSSL_OCSP_ENABLE); + WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); + int options; // initialize to option constant + … + int ret = wolfSSL_CTX_EnableOCSP(ctx, options); + if(ret != SSL_SUCCESS){ + // OCSP is not enabled + } \endcode - \sa wolfSSL_CTX_OCSP_set_override_url + \sa wolfSSL_CertManagerEnableOCSP + \sa wolfSSL_EnableOCSP */ int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options);