ocspd.1   [plain text]


.\"Modified from man(1) of FreeBSD, the NetBSD mdoc.template, and mdoc.samples.
.\"See Also:
.\"man mdoc.samples for a complete listing of options
.\"man mdoc for the short list of editing options
.Dd Thurs Mar 31 2005             \" DATE 
.Dt ocspd 1      \" Program name and manual section number 
.Os Darwin
.Sh NAME                 \" Section Header - required - don't modify 
.Nm ocspd
.\" The following lines are read in generating the apropos(man -k) database. Use only key
.\" words here as the database is built based on the words here and in the .ND line. 
.\" Use .Nm macro to designate other names for the documented program.
.Nd OCSP and CRL Daemon
.Sh SYNOPSIS             \" Section Header - required - don't modify
.Nm
.Sh DESCRIPTION          \" Section Header - required - don't modify
.Nm
performs caching and network fetching of Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responses. It is used by Security.framework during certificate verification. Security.framework communicates with
.Nm
via a private RPC interface. When Security.framework determines that a CRL is needed, or that it needs to perform an OCSP transaction, it performs an RPC to 
.Nm
which then examines its cache to see if the appropriate CRL or OCSP response exists and is still valid. If so, that entity is returned to Security.framework. If no entry is found in cache, 
.Nm
obtains it from the network, saving the result in cache before returning it to Security.framework. 
.Pp
This command is not intended to be invoked directly.
.Sh FILES
.ta \w'/private/var/db/crls/ocspcache.db\ \ 'u
.br
/private/var/db/crls/crlcache.db	CRL cache
.br
/private/var/db/crls/ocspcache.db	OCSP response cache
.Sh HISTORY
.Nm
was first introduced in Mac OS X version 10.4 (Tiger).
.Sh AUTHORS
.An "Doug Mitchell"