ocsp

package

v0.12.0 Latest Latest Go to latest Published: Apr 11, 2024 License: MPL-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

func IsOcspVerificationError(err error) bool
type Client
- func New(logFactory func() hclog.Logger, cacheSize int) *Client
type ErrOcspIssuerVerification
- func (e *ErrOcspIssuerVerification) Error() string
type FailOpenMode
type VerifyConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsOcspVerificationError ¶ added in v0.12.0

func IsOcspVerificationError(err error) bool

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func New ¶

func New(logFactory func() hclog.Logger, cacheSize int) *Client

func (*Client) ClearCache ¶

func (c *Client) ClearCache()

func (*Client) GetAllRevocationStatus ¶

func (c *Client) GetAllRevocationStatus(ctx context.Context, verifiedChains []*x509.Certificate, conf *VerifyConfig) ([]*ocspStatus, error)

func (*Client) GetRevocationStatus ¶

func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) (*ocspStatus, error)

GetRevocationStatus checks the certificate revocation status for subject using issuer certificate.

func (*Client) Logger ¶

func (c *Client) Logger() hclog.Logger

func (*Client) NewTransport ¶

func (c *Client) NewTransport(conf *VerifyConfig) *http.Transport

NewTransport includes the certificate revocation check with OCSP in sequential.

func (*Client) VerifyLeafCertificate ¶

func (c *Client) VerifyLeafCertificate(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) error

VerifyLeafCertificate verifies just the subject against it's direct issuer

func (*Client) VerifyPeerCertificate ¶

func (c *Client) VerifyPeerCertificate(ctx context.Context, verifiedChains [][]*x509.Certificate, conf *VerifyConfig) error

VerifyPeerCertificate verifies all of certificate revocation status

type ErrOcspIssuerVerification ¶ added in v0.12.0

type ErrOcspIssuerVerification struct {
	Err error
}

ErrOcspIssuerVerification indicates an error verifying the identity of an OCSP response occurred

func (*ErrOcspIssuerVerification) Error ¶ added in v0.12.0

func (e *ErrOcspIssuerVerification) Error() string

type FailOpenMode ¶

type FailOpenMode uint32

FailOpenMode is OCSP fail open mode. FailOpenTrue by default and may set to ocspModeFailClosed for fail closed mode

const (

	// FailOpenTrue represents OCSP fail open mode.
	FailOpenTrue FailOpenMode
	// FailOpenFalse represents OCSP fail closed mode.
	FailOpenFalse
)

type VerifyConfig ¶

type VerifyConfig struct {
	OcspEnabled          bool
	ExtraCas             []*x509.Certificate
	OcspServersOverride  []string
	OcspFailureMode      FailOpenMode
	QueryAllServers      bool
	OcspThisUpdateMaxAge time.Duration
	OcspMaxRetries       int
}

Source Files ¶

View all Source files

client.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL