Vtk_CtxtOptionType
Toolkit Reference

prevnext

Vtk_CtxtOptionType

enum Vtk_CtxtOptionType{
CO_EnableRelocationProtocol,
CO_EnableServiceLocatorExt,
CO_ClientInfoExt,
CO_OCSPNonceExt,
CO_HTTPProxy,
CO_MaxTimeSkew,
CO_UseAIAData,
CO_LoadLDAPLib,
CO_CRLCacheDir,
CO_MaxCrlCacheTime,
CO_CrlNoNextUpdateCacheTime,
CO_LDAPSearchTimeout,
CO_DelegatedIssuerCB,
CO_OCSPSignInfo,
};
typdef struct Vtk_CtxtOption_st Vtk_CtxtOption;
struct Vtk_CtxtOption_st {
enum Vtk_CtxtOptionType option;
union {
char* aChar;
int anInt;
Vtk_ProxyInfo * aProxyInfo;
Vtk_Callback *aCB;
Vtk_OCSPSignInfo *SignInfo;
} d;
};

Description

An enumeration that defines configuration option types for a Vtk_Ctxt structure. These options can be configured using the Vtk_CtxtSetOption function and can be retrieved using the Vtk_CtxtGetOption function.

The Vtk_CtxtOption structure is used to pass Vtk_Ctxt option data in these functions. The option can be specified as any of the following data types using the corresponding variable shown in parentheses:

Parameters

CO_EnableRelocationProtocol Type: int
Enables or disables the ValiCert Relocation protocol used in validation responses to inform the Toolkit which validation responder to use. Typically, the protocol selects the geographically closest responder. To set the relocation information in the validation responses, the protocol uses the time zone information which is passed in the validation request as an extension. The possible values are 0 and 1. The default is 1, enable the relocation protocol. This option is not supported at this time.
CO_EnableServiceLocatorExt Type: int
Includes or excludes the service locator request extension. This extension allows an OCSP server to reroute a request to the OCSP server authorized to sign the certificate. It applies to OCSP requests only. The possible values are 0 and 1. The default is 1, include the service locator extension.
CO_ClientInfoExt Type: int
Includes or excludes the client information extension. This extension identifies the UserAgent, OCSP Client, or CRT Client used to make the validation request. It applies to OCSP/ CRT requests only. The possible values are 0 and 1. The default is 1, include the client information extension.
CO_OCSPNonceExt Type: int
Includes or excludes the nonce extension. This extension cryptographically binds a request and response to prevent replay attacks. This extension can be configured for OCSP requests and responses. The possible values are 0 and 1. The default is 1, include the OCSP Nonce extension.
CO_HTTPProxy Type: Vtk_ProxyInfo
Information about the HTTP Proxy to use for CRL and OCSP/CRT over HTTP. The information includes the port and host for the proxy. Note that this is not used for LDAP-CRL.
CO_MaxTimeSkew Type: int
Maximum time difference, in seconds, allowed between the client and the server. It can be any integer. The default is 300 seconds.
Tip: If the difference between the times is greater than this configured value, you may see many responses that indicate the response is expired or not yet valid.
CO_UseAIAData Type: int
Uses the Authority Information Access (AIA) certificate extension to determine which VA to use to validate a certificate. The AIA makes checks for a VA in the following:
  • certificate

  • CA

  • context

The default is 0, do not use AIA.
CO_LoadLDAPLib Type: int
Enables or disables the force loading of the Netscape LDAP SDK that ships with the Toolkit. If this option is enabled, it forces loading of the LDAP library when the LDAP function is called. This option applies only if checking CRLs over LDAP. The possible values are 0 and 1. The default is 0, do not load the library until needed.
CO_CrlCacheDir Type: char
Directory location for caching the CRL. This can be any valid directory. The default is the VtkCrlCacheDir in the current directory of the application.
CO_MaxCrlCacheTime Type: int
Maximum cache duration of CRLs, in seconds. The default cache duration is until the CRL expires.
CO_CrlNoNextUpdateCacheTime Type: int
Determines whether the no nextUpdate CRLs (that is CRLs without a nextUpdate field) are cached along with the other CRLs in the directory defined by the CO_CrlCacheDir option. The default is -1, do not cache the no next Update CRLs. A positive value results in CRLs cached for the specified number of seconds.
CO_LDAPSearchTimeOut Type: int
Maximum number of seconds that the client waits for a response from the LDAP server before returning an error. The default is 120 seconds.
CO_DelegatedIssuerCB Type: Vtk_Callback
Callback for the delegated OCSP/CRT response issuer. See Vtk_Callback
CO_OCSPSignInfo Type:Vtk_OCSPSignInfo
OCSP signing information. See Vtk_LogOptions.

Notes

None

See Also

Vtk_CtxtOptionType

Vtk_CtxtGetOption

Vtk_CtxtOptionDeleteContent

Vtk_CtxtSetOption

prevnext


ValiCert, Inc.
http://www.valicert.com
Voice: +1.650.567.5469
Fax: (+1.650.254.2148
support@valicert.com