Expand Minimize
EN
Deze inhoud is niet beschikbaar in uw taal, maar wel in het Engels.

CertOpenServerOcspResponse function

The CertOpenServerOcspResponse function opens a handle to an online certificate status protocol (OCSP) response associated with a server certificate chain.

Syntax


HCERT_SERVER_OCSP_RESPONSE WINAPI CertOpenServerOcspResponse(
  _In_        PCCERT_CHAIN_CONTEXT pChainContext,
  _In_        DWORD dwFlags,
  _Reserved_  LPVOID pvReserved
);

Parameters

pChainContext [in]

The address of a CERT_CHAIN_CONTEXT structure that contains the certificate chain.

dwFlags [in]

This parameter is not used and must be zero.

pvReserved

This parameter is not used and must be NULL.

Return value

Returns a handle to the OCSP response associated with a server certificate chain if successful; otherwise, NULL. This handle must be passed to the CertCloseServerOcspResponse function when it is no longer needed.

For extended error information, call GetLastError. Possible error codes returned by the GetLastError function include, but are not limited to, the following.

Return codeDescription
ERROR_INVALID_PARAMETER

One or more parameters are not valid.

CRYPT_E_NOT_IN_REVOCATION_DATABASE

The end certificate does not contain an OCSP authority information access (AIA) URL.

 

Remarks

The CertOpenServerOcspResponse function tries to retrieve an initial OCSP response before it returns. It blocks its process thread during the retrieval. The CertOpenServerOcspResponse function creates a background thread that prefetches time-valid OCSP responses.

The CertOpenServerOcspResponse function increments the reference count for the chain context represented by the pChainContext parameter. When you have finished using the chain context, close the returned handle by calling the CertCloseServerOcspResponse function.

The CertOpenServerOcspResponse function initializes configuration settings used by the following functions:

First, the CertOpenServerOcspResponse function initializes the settings based on default values in Wincrypt.h. If the function subsequently finds the registry key defined in CERT_CHAIN_CONFIG_REGPATH, it updates the previously initialized values with the registry values.

The following configuration setting names and default values are initialized by this function:

  • CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_VALUE_NAME

    L"SrvOcspRespMinValiditySeconds"

    The minimum time validity of the server OCSP response to be returned by CertGetServerOcspResponseContext. The OCSP response validity must be sufficiently long that the client treats it as time valid.

  • CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_DEFAULT

    (10 × 60)

    10 minutes.

  • CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME

    L"SrvOcspRespUrlRetrievalTimeoutMilliseconds"

    This is the maximum time before an OCSP response prefetch wire URL retrieval times out.

  • CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT

    (15 × 1000)

    15 seconds.

  • CERT_SRV_OCSP_RESP_MAX_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME

    L"SrvOcspRespMaxBeforeNextUpdateSeconds"

    This is the maximum number of seconds to perform a server OCSP response prefetch retrieval before the NextUpdate date of an OCSP response. The server OCSP response thread waits until the current time is greater than or equal to the NextUpdate date minus this number of seconds to perform a prefetch retrieval.

  • CERT_SRV_OCSP_RESP_MAX_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT

    (4 ×60 × 60)

    4 hours.

  • CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME

    L"SrvOcspRespMinBeforeNextUpdateSeconds"

    This is the minimum number of seconds to perform a server OCSP response prefetch retrieval before the NextUpdate date of an OCSP response. If the current time is greater than or equal to the NextUpdate date minus this number of seconds, the server OCSP response thread waits until after the NextUpdate date plus the CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_VALUE_NAME number of seconds before it performs a prefetch retrieval.

  • CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT

    (2 × 60)

    2 minutes.

  • CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_VALUE_NAME

    L"SrvOcspRespMinAfterNextUpdateSeconds"

    This is the minimum number of seconds to perform a server OCSP response prefetch retrieval after the NextUpdate date of an OCSP response. When the current time is greater than the NextUpdate date minus the CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME number of seconds but less than the NextUpdate date, the server OCSP response thread waits this number of seconds after the NextUpdate date to perform a prefetch retrieval.

  • CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_DEFAULT

    (1 × 60)

    1 minute.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Wincrypt.h

Library

Crypt32.lib

DLL

Crypt32.dll

See also

CertCloseServerOcspResponse

 

 

Community-inhoud

Toevoegen
Weergeven:
© 2014 Microsoft