Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( Store = subCommand{"store", "for each filename on command line, read the file as an OCSP response and store it in Redis", func(ctx context.Context, cl client, _ Config, args []string) error { err := cl.storeResponsesFromFiles(ctx, flag.Args()[1:]) if err != nil { return err } return nil }, } Get = subCommand{ "get", "for each serial on command line, fetch that serial's response and pretty-print it", func(ctx context.Context, cl client, _ Config, args []string) error { for _, serial := range flag.Args()[1:] { resp, err := cl.redis.GetResponse(ctx, serial) if err != nil { return err } parsed, err := ocsp.ParseResponse(resp, nil) if err != nil { fmt.Fprintf(os.Stderr, "parsing error on %x: %s", resp, err) continue } else { fmt.Printf("%s\n", helper.PrettyResponse(parsed)) } } return nil }, } GetPEM = subCommand{"get-pem", "for each serial on command line, fetch that serial's response and print it PEM-encoded", func(ctx context.Context, cl client, _ Config, args []string) error { for _, serial := range flag.Args()[1:] { resp, err := cl.redis.GetResponse(ctx, serial) if err != nil { return err } block := pem.Block{ Bytes: resp, Type: "OCSP RESPONSE", } err = pem.Encode(os.Stdout, &block) if err != nil { return err } } return nil }, } LoadFromDB = subCommand{"load-from-db", "scan the database for all OCSP entries for unexpired certificates, and store in Redis", func(ctx context.Context, cl client, c Config, args []string) error { if c.ROCSPTool.LoadFromDB == nil { return fmt.Errorf("config field LoadFromDB was missing") } err := cl.loadFromDB(ctx, c.ROCSPTool.LoadFromDB.Speed, *startFromID) if err != nil { return fmt.Errorf("loading OCSP responses from DB: %w", err) } return nil }, } ScanResponses = subCommand{"scan-responses", "scan Redis for OCSP response entries. For each entry, print the serial and base64-encoded response", func(ctx context.Context, cl client, _ Config, args []string) error { results := cl.redis.ScanResponses(ctx, "*") for r := range results { if r.Err != nil { return r.Err } fmt.Printf("%s: %s\n", r.Serial, base64.StdEncoding.EncodeToString(r.Body)) } return nil }, } )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
ROCSPTool struct {
DebugAddr string `validate:"omitempty,hostname_port"`
Redis rocsp_config.RedisConfig
// If using load-from-db, this provides credentials to connect to the DB
// and the CA. Otherwise, it's optional.
LoadFromDB *LoadFromDBConfig
}
Syslog cmd.SyslogConfig
OpenTelemetry cmd.OpenTelemetryConfig
}
type LoadFromDBConfig ¶
type LoadFromDBConfig struct {
// Credentials to connect to the DB.
DB cmd.DBConfig
// Credentials to request OCSP signatures from the CA.
GRPCTLS cmd.TLSConfig
// Timeouts and hostnames for the CA.
OCSPGeneratorService cmd.GRPCClientConfig
// How fast to process rows.
Speed ProcessingSpeed
}
LoadFromDBConfig provides the credentials and configuration needed to load data from the certificateStatuses table in the DB and get it signed.
type ProcessingSpeed ¶
type ProcessingSpeed struct {
// If using load-from-db, this limits how many items per second we
// scan from the DB. We might go slower than this depending on how fast
// we read rows from the DB, but we won't go faster. Defaults to 2000.
RowsPerSecond int `validate:"min=0"`
// If using load-from-db, this controls how many parallel requests to
// boulder-ca for OCSP signing we can make. Defaults to 100.
ParallelSigns int `validate:"min=0"`
// If using load-from-db, the LIMIT on our scanning queries. We have to
// apply a limit because MariaDB will cut off our response at some
// threshold of total bytes transferred (1 GB by default). Defaults to 10000.
ScanBatchSize int `validate:"min=0"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.