catalog Info Catalog previous gnupg: Dirmngr CHECKCRL up gnupg: Dirmngr Protocol next gnupg: Dirmngr CACHECERT

gnupg: Dirmngr CHECKOCSP

 
 3.6.4 Validate a certificate using OCSP
 ---------------------------------------
 
        CHECKOCSP [--force-default-responder] [FINGERPRINT]
 
    Check whether the certificate with FINGERPRINT (the SHA-1 hash of the
 entire X.509 certificate blob) is valid by consulting the appropriate
 OCSP responder.  If the fingerprint has not been given or the
 certificate is not known by Dirmngr, the function inquires the
 certificate using:
 
        S: INQUIRE TARGETCERT
        C: D <DER encoded certificate>
        C: END
 
    Thus the caller is expected to return the certificate for the request
 (which should match FINGERPRINT) as a binary blob.  Processing then
 takes place without further interaction; in particular dirmngr tries to
 locate other required certificates by its own mechanism which includes a
 local certificate store as well as a list of trusted root certificates.
 
    If the option '--force-default-responder' is given, only the default
 OCSP responder is used.  This option is the per-command variant of the
 global option '--ignore-ocsp-service-url'.
 
 The return code is 0 for success; i.e.  the certificate has not been
 revoked or one of the usual error codes from libgpg-error.
catalog Info Catalog previous gnupg: Dirmngr CHECKCRL up gnupg: Dirmngr Protocol next gnupg: Dirmngr CACHECERT