ocsp

package

v0.11.1 Latest Latest Go to latest Published: Mar 13, 2024 License: MPL-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

type Client
- func New(logFactory func() hclog.Logger, cacheSize int) *Client
type FailOpenMode
type VerifyConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func New ¶

func New(logFactory func() hclog.Logger, cacheSize int) *Client

func (*Client) ClearCache ¶

func (c *Client) ClearCache()

func (*Client) GetAllRevocationStatus ¶

func (c *Client) GetAllRevocationStatus(ctx context.Context, verifiedChains []*x509.Certificate, conf *VerifyConfig) ([]*ocspStatus, error)

func (*Client) GetRevocationStatus ¶

func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) (*ocspStatus, error)

GetRevocationStatus checks the certificate revocation status for subject using issuer certificate.

func (*Client) Logger ¶

func (c *Client) Logger() hclog.Logger

func (*Client) NewTransport ¶

func (c *Client) NewTransport(conf *VerifyConfig) *http.Transport

NewTransport includes the certificate revocation check with OCSP in sequential.

func (*Client) VerifyLeafCertificate ¶

func (c *Client) VerifyLeafCertificate(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) error

VerifyLeafCertificate verifies just the subject against it's direct issuer

func (*Client) VerifyPeerCertificate ¶

func (c *Client) VerifyPeerCertificate(ctx context.Context, verifiedChains [][]*x509.Certificate, conf *VerifyConfig) error

VerifyPeerCertificate verifies all of certificate revocation status

type FailOpenMode ¶

type FailOpenMode uint32

FailOpenMode is OCSP fail open mode. FailOpenTrue by default and may set to ocspModeFailClosed for fail closed mode

const (

	// FailOpenTrue represents OCSP fail open mode.
	FailOpenTrue FailOpenMode
	// FailOpenFalse represents OCSP fail closed mode.
	FailOpenFalse
)

type VerifyConfig ¶

type VerifyConfig struct {
	OcspEnabled         bool
	ExtraCas            []*x509.Certificate
	OcspServersOverride []string
	OcspFailureMode     FailOpenMode
	QueryAllServers     bool
}

Source Files ¶

View all Source files

client.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL