Documentation
¶
Index ¶
- func IsOcspVerificationError(err error) bool
- type Client
- func (c *Client) ClearCache()
- func (c *Client) GetAllRevocationStatus(ctx context.Context, verifiedChains []*x509.Certificate, conf *VerifyConfig) ([]*ocspStatus, error)
- func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) (*ocspStatus, error)
- func (c *Client) Logger() hclog.Logger
- func (c *Client) NewTransport(conf *VerifyConfig) *http.Transport
- func (c *Client) VerifyLeafCertificate(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) error
- func (c *Client) VerifyPeerCertificate(ctx context.Context, verifiedChains [][]*x509.Certificate, conf *VerifyConfig) error
- type ErrOcspIssuerVerification
- type FailOpenMode
- type VerifyConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsOcspVerificationError ¶ added in v0.12.0
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func (*Client) ClearCache ¶
func (c *Client) ClearCache()
func (*Client) GetAllRevocationStatus ¶
func (c *Client) GetAllRevocationStatus(ctx context.Context, verifiedChains []*x509.Certificate, conf *VerifyConfig) ([]*ocspStatus, error)
func (*Client) GetRevocationStatus ¶
func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) (*ocspStatus, error)
GetRevocationStatus checks the certificate revocation status for subject using issuer certificate.
func (*Client) NewTransport ¶
func (c *Client) NewTransport(conf *VerifyConfig) *http.Transport
NewTransport includes the certificate revocation check with OCSP in sequential.
func (*Client) VerifyLeafCertificate ¶
func (c *Client) VerifyLeafCertificate(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) error
VerifyLeafCertificate verifies just the subject against it's direct issuer
func (*Client) VerifyPeerCertificate ¶
func (c *Client) VerifyPeerCertificate(ctx context.Context, verifiedChains [][]*x509.Certificate, conf *VerifyConfig) error
VerifyPeerCertificate verifies all of certificate revocation status
type ErrOcspIssuerVerification ¶ added in v0.12.0
type ErrOcspIssuerVerification struct {
Err error
}
ErrOcspIssuerVerification indicates an error verifying the identity of an OCSP response occurred
func (*ErrOcspIssuerVerification) Error ¶ added in v0.12.0
func (e *ErrOcspIssuerVerification) Error() string
type FailOpenMode ¶
type FailOpenMode uint32
FailOpenMode is OCSP fail open mode. FailOpenTrue by default and may set to ocspModeFailClosed for fail closed mode
const ( // FailOpenTrue represents OCSP fail open mode. FailOpenTrue FailOpenMode // FailOpenFalse represents OCSP fail closed mode. FailOpenFalse )
func FailOpenModeString ¶ added in v0.13.0
func FailOpenModeString(s string) (FailOpenMode, error)
FailOpenModeString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func FailOpenModeValues ¶ added in v0.13.0
func FailOpenModeValues() []FailOpenMode
FailOpenModeValues returns all values of the enum
func (FailOpenMode) IsAFailOpenMode ¶ added in v0.13.0
func (i FailOpenMode) IsAFailOpenMode() bool
IsAFailOpenMode returns "true" if the value is listed in the enum definition. "false" otherwise
func (FailOpenMode) String ¶ added in v0.13.0
func (i FailOpenMode) String() string
type VerifyConfig ¶
type VerifyConfig struct {
OcspEnabled bool
ExtraCas []*x509.Certificate
OcspServersOverride []string
OcspFailureMode FailOpenMode
QueryAllServers bool
OcspThisUpdateMaxAge time.Duration
OcspMaxRetries int
}
Source Files