vape

README

VAPE

Validation Authority's Pretty Easy

Mission Statement

Validation Authorities suck. It's a pretty simple job, but somehow the big players keep messing it up. I reckon I can do better, so I'm giving it a go.

A successful VA needs to:

• Access a CA's CRL on a regular basis, or allow operators to replace this CRL manually when required.
• Handle incoming OCSP requests.
• Allow clear configuration or documentation of the relationship between the first two steps.

This is NOT a Certificate Authority. You can use any CA you like if you're providing the CRL yourself, and if the CRL is available via HTTP(S) or LDAP(S) then any CA should also work.

Documentation

Index

• type Authority
• type Responder
  • func NewResponder(authorities []*Authority) (*Responder, error)
  • func (r *Responder) Respond(ctx context.Context, request *ocsp.Request) ([]byte, error)

Types

type Authority

type Authority struct {
	AuthorityCert *x509.Certificate
	SignerCert    *x509.Certificate

	Key crypto.Signer
	// contains filtered or unexported fields
}

Authority is a CA/VA cert or cert pair.

type Responder

type Responder struct {
	AuthoritiesByNameHash map[string]*Authority
	AuthoritiesByKeyHash  map[string]*Authority
}

Responder is an OCSP responder

func NewResponder

func NewResponder(authorities []*Authority) (*Responder, error)

NewResponder creates a new OCSP responder

func (*Responder) Respond

func (r *Responder) Respond(ctx context.Context, request *ocsp.Request) ([]byte, error)

Respond handles an OCSP request