Documentation ¶
Overview ¶
Package revoke provides functionality for checking the validity of a cert. Specifically, the temporal validity of the certificate is checked first, then any CRL and OCSP url in the cert is checked.
Index ¶
- Variables
- func SetCRLFetcher(fn func(io.Reader) ([]byte, error))
- func SetOCSPFetcher(fn func(io.Reader) ([]byte, error))
- func SetRemoteFetcher(fn func(io.Reader) ([]byte, error))
- func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool)
- func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error)
Constants ¶
This section is empty.
Variables ¶
var CRLSet = map[string]*pkix.CertificateList{}
CRLSet associates a PKIX certificate list with the URL the CRL is fetched from.
var HTTPClient = http.DefaultClient
HTTPClient is an instance of http.Client that will be used for all HTTP requests.
var HardFail = false
HardFail determines whether the failure to check the revocation status of a certificate (i.e. due to network failure) causes verification to fail (a hard failure).
Functions ¶
func SetCRLFetcher ¶
SetCRLFetcher sets the function to use to read from the http response body
func SetOCSPFetcher ¶
SetOCSPFetcher sets the function to use to read from the http response body
func SetRemoteFetcher ¶
SetRemoteFetcher sets the function to use to read from the http response body
func VerifyCertificate ¶
func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool)
VerifyCertificate ensures that the certificate passed in hasn't expired and checks the CRL for the server.
func VerifyCertificateError ¶
func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error)
VerifyCertificateError ensures that the certificate passed in hasn't expired and checks the CRL for the server.
Types ¶
This section is empty.