renew

package
v0.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 21, 2023 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// If we get told TryLater by an OCSP server, how long that is
	RetryOnTryLater = 30 * time.Minute

	// If an OCSP staple is missing any timers, how often we'll retry instead
	RetryMissingTimers = 24 * time.Hour

	// If a newly issued staple appear to have already expired, how long until
	// we try again
	RetryOnAlreadyExpired = 15 * time.Minute

	// If we're after T1 timer, how often to retry
	RetryAfterT1 = time.Hour

	// How long we wait between renew checks if we somehow failed to find any timers
	SweepIntervalTimerless = 24 * time.Hour
)

Retry times always have jitter adjustments to avoid phase lock synchronization of requests.

View Source 
const (
	MIMETypeOCSPRequest = "application/ocsp-request"
)
View Source 
const MaxCertFileSize = 1024 * 1024 // not processing a cert file larger than 1MB
View Source 
const NoOCSPExtension = ".noocsp"

Variables

View Source 
var (
	ErrEmptyFilename = errors.New("derived an empty filename")
	ErrEmptyStaple   = errors.New("staple is empty")
)
View Source 
var (
	ErrCertAlreadyExpired = errors.New("refuse to fetch OCSP staple for expired cert")
	ErrNoIssuer           = errors.New("unable to find an issuer to validate any OCSP response")
	ErrHTTPFailure        = errors.New("HTTP failure retrieving OCSP staple")
	ErrOCSPProblem        = errors.New("unexpected OCSP problem")
	ErrTryLater           = errors.New("OCSP said tryLater")
)
View Source 
var (
	ErrNoOCSPFlagfile   = errors.New("a .noocsp flag-file prevented action")
	ErrNoCertsFound     = errors.New("no certificate files found in a directory")
	ErrCertFileTooLarge = errors.New("certificate file too large")
	ErrNotCertificate   = errors.New("no certificate found in file")
	ErrNoOCSPInCert     = errors.New("certificate lacks OCSP information")
)
View Source 
var (
	ExcludeExtensions = []string{
		".issuer.crt",
	}
)

Functions

This section is empty.

Types

type CertRenewal 

type CertRenewal struct {
	*Renewer

	ActionID uint32
	// contains filtered or unexported fields
}

func (*CertRenewal) CertLogAtf 

func (cr *CertRenewal) CertLogAtf(level uint, spec string, args ...interface{})

func (*CertRenewal) CertLogf 

func (cr *CertRenewal) CertLogf(spec string, args ...interface{})

type Config 

type Config struct {
	HTTPStatus        string  // host:port listen spec
	Directories       bool    // whether InputPaths denotes directories or not
	OutputDir         string  // where to place generated OCSP staples
	Extension         string  // filename extension to put on staples
	TimerT1           float64 // how far through staple validity period to start trying to renew
	Immediate         bool    // renew on start-up, independent of timers
	AllowNonOCSPInDir bool    // just skip any certs which lack OCSP information
	CertExtensions    string  // when scanning dirs, files with one of these extensions is assumed to be a cert
	HTTPUserAgent     string  // HTTP User-Agent to send
	InputPaths        []string
	// contains filtered or unexported fields
}

type Renewer 

type Renewer struct {

	// Modify HTTPClient if your application requires that; it defaults to http.DefaultClient
	HTTPClient *http.Client
	// contains filtered or unexported fields
}

func New 

func New(c Config) (*Renewer, error)

func (*Renewer) BasicChecks 

func (r *Renewer) BasicChecks() error

BasicChecks does whatever checks the renewer library considers worthwhile sanity checks to try before starting any persistent run.

func (*Renewer) ForceCheckSoon added in v0.1.4 

func (r *Renewer) ForceCheckSoon(full bool)

Interrupt the current sleep, force a sweep soon.

func (*Renewer) LogAtf 

func (r *Renewer) LogAtf(level uint, spec string, args ...interface{})

func (*Renewer) Logf 

func (r *Renewer) Logf(spec string, args ...interface{})

func (*Renewer) NeedTimers 

func (r *Renewer) NeedTimers() bool

func (*Renewer) OneShot 

func (r *Renewer) OneShot() error

OneShot does a sweep of all candidates and renews if appropriate. Appropriateness is a combination of "immediate" and timers.

func (*Renewer) RegisterFutureCheck 

func (r *Renewer) RegisterFutureCheck(path string, checkTime time.Time)

func (*Renewer) SetImmediate 

func (r *Renewer) SetImmediate(i bool) error

func (*Renewer) SetLogLevel 

func (r *Renewer) SetLogLevel(lvl uint)

func (*Renewer) SetNotReally 

func (r *Renewer) SetNotReally(nr bool)

func (*Renewer) Start 

func (r *Renewer) Start() (status bool)

Start creates a persisting process which keeps renewing all OCSP staples forever. It exits with a bool which indicates whether exit was expected or not. The HTTP interface might in future provide a means to request a clean expected exit.

type RevokedError 

type RevokedError struct {
	Cert      *x509.Certificate
	RevokedAt time.Time
}

func (RevokedError) Error 

func (re RevokedError) Error() string

type UnknownAtCAError 

type UnknownAtCAError struct {
	Cert *x509.Certificate
	URL  string
}

func (UnknownAtCAError) Error 

func (uace UnknownAtCAError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.