ocsp

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 23, 2024 License: MPL-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsOcspVerificationError added in v0.12.0

func IsOcspVerificationError(err error) bool

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

func New

func New(logFactory func() hclog.Logger, cacheSize int) *Client

func (*Client) ClearCache

func (c *Client) ClearCache()

func (*Client) GetAllRevocationStatus

func (c *Client) GetAllRevocationStatus(ctx context.Context, verifiedChains []*x509.Certificate, conf *VerifyConfig) ([]*ocspStatus, error)

func (*Client) GetRevocationStatus

func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) (*ocspStatus, error)

GetRevocationStatus checks the certificate revocation status for subject using issuer certificate.

func (*Client) Logger

func (c *Client) Logger() hclog.Logger

func (*Client) NewTransport

func (c *Client) NewTransport(conf *VerifyConfig) *http.Transport

NewTransport includes the certificate revocation check with OCSP in sequential.

func (*Client) VerifyLeafCertificate

func (c *Client) VerifyLeafCertificate(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) error

VerifyLeafCertificate verifies just the subject against it's direct issuer

func (*Client) VerifyPeerCertificate

func (c *Client) VerifyPeerCertificate(ctx context.Context, verifiedChains [][]*x509.Certificate, conf *VerifyConfig) error

VerifyPeerCertificate verifies all of certificate revocation status

type ErrOcspIssuerVerification added in v0.12.0

type ErrOcspIssuerVerification struct {
	Err error
}

ErrOcspIssuerVerification indicates an error verifying the identity of an OCSP response occurred

func (*ErrOcspIssuerVerification) Error added in v0.12.0

func (e *ErrOcspIssuerVerification) Error() string

type FailOpenMode

type FailOpenMode uint32

FailOpenMode is OCSP fail open mode. FailOpenTrue by default and may set to ocspModeFailClosed for fail closed mode

const (

	// FailOpenTrue represents OCSP fail open mode.
	FailOpenTrue FailOpenMode
	// FailOpenFalse represents OCSP fail closed mode.
	FailOpenFalse
)

func FailOpenModeString added in v0.13.0

func FailOpenModeString(s string) (FailOpenMode, error)

FailOpenModeString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func FailOpenModeValues added in v0.13.0

func FailOpenModeValues() []FailOpenMode

FailOpenModeValues returns all values of the enum

func (FailOpenMode) IsAFailOpenMode added in v0.13.0

func (i FailOpenMode) IsAFailOpenMode() bool

IsAFailOpenMode returns "true" if the value is listed in the enum definition. "false" otherwise

func (FailOpenMode) String added in v0.13.0

func (i FailOpenMode) String() string

type VerifyConfig

type VerifyConfig struct {
	OcspEnabled          bool
	ExtraCas             []*x509.Certificate
	OcspServersOverride  []string
	OcspFailureMode      FailOpenMode
	QueryAllServers      bool
	OcspThisUpdateMaxAge time.Duration
	OcspMaxRetries       int
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL