ocsp

package

v0.0.0-...-1fbbd62 Latest Latest Go to latest Published: Dec 9, 2014 License: BSD-3-Clause Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package ocsp parses OCSP responses as specified in RFC 2560. OCSP responses are signed messages attesting to the validity of a certificate for a small period of time. This is used to manage revocation for X.509 certificates.

Index ¶

Constants
func CreateRequest(cert, issuer *x509.Certificate, opts *RequestOptions) ([]byte, error)
type ParseError
- func (p ParseError) Error() string
type RequestOptions
type Response
- func ParseResponse(bytes []byte, issuer *x509.Certificate) (*Response, error)
- func (resp *Response) CheckSignatureFrom(issuer *x509.Certificate) error

Constants ¶

View Source

const (
	// Good means that the certificate is valid.
	Good = iota
	// Revoked means that the certificate has been deliberately revoked.
	Revoked = iota
	// Unknown means that the OCSP responder doesn't know about the certificate.
	Unknown = iota
	// ServerFailed means that the OCSP responder failed to process the request.
	ServerFailed = iota
)

Variables ¶

This section is empty.

Functions ¶

func CreateRequest ¶

func CreateRequest(cert, issuer *x509.Certificate, opts *RequestOptions) ([]byte, error)

CreateRequest returns a DER-encoded, OCSP request for the status of cert. If opts is nil then sensible defaults are used.

Types ¶

type ParseError ¶

type ParseError string

ParseError results from an invalid OCSP response.

func (ParseError) Error ¶

func (p ParseError) Error() string

type RequestOptions ¶

type RequestOptions struct {
	// Hash contains the hash function that should be used when
	// constructing the OCSP request. If zero, SHA-1 will be used.
	Hash crypto.Hash
}

RequestOptions contains options for constructing OCSP requests.

type Response ¶

type Response struct {
	// Status is one of {Good, Revoked, Unknown, ServerFailed}
	Status                                        int
	SerialNumber                                  *big.Int
	ProducedAt, ThisUpdate, NextUpdate, RevokedAt time.Time
	RevocationReason                              int
	Certificate                                   *x509.Certificate
	// TBSResponseData contains the raw bytes of the signed response. If
	// Certificate is nil then this can be used to verify Signature.
	TBSResponseData    []byte
	Signature          []byte
	SignatureAlgorithm x509.SignatureAlgorithm
}

Response represents an OCSP response. See RFC 2560.

func ParseResponse ¶

func ParseResponse(bytes []byte, issuer *x509.Certificate) (*Response, error)

ParseResponse parses an OCSP response in DER form. It only supports responses for a single certificate. If the response contains a certificate then the signature over the response is checked. If issuer is not nil then it will be used to validate the signature or embedded certificate. Invalid signatures or parse failures will result in a ParseError.

func (*Response) CheckSignatureFrom ¶

func (resp *Response) CheckSignatureFrom(issuer *x509.Certificate) error

CheckSignatureFrom checks that the signature in resp is a valid signature from issuer. This should only be used if resp.Certificate is nil. Otherwise, the OCSP response contained an intermediate certificate that created the signature. That signature is checked by ParseResponse and only resp.Certificate remains to be validated.

Source Files ¶

View all Source files

ocsp.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL