Documentation
¶
Overview ¶
Package ocsp implements functions to assist with the usage of OCSP (Online Certificate Status Protocol).
For details on the protocol, visit https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
Index ¶
- Variables
- func IsOCSPFresh(res *ocsp.Response) bool
- func ParseAndVerifyResponse(data []byte, issuer *x509.Certificate) (*ocsp.Response, error)
- func ParseAndVerifyResponseForCert(data []byte, cert, issuer *x509.Certificate) (*ocsp.Response, error)
- func RefreshTime(res *ocsp.Response) time.Time
- func VerifyPeerCertificate(_ [][]byte, verifiedChains [][]*x509.Certificate) error
- type QueryOpts
- type QueryResponse
- type VerifyError
Constants ¶
This section is empty.
Variables ¶
var ErrNoOCSPServer = errors.New("ocsp: no server in certificate")
ErrNoOCSPServer is returned when there are no OCSP servers found on a Certificate.
Functions ¶
func IsOCSPFresh ¶ added in v1.1.0
IsOCSPFresh returns true if the OCSP response is still fresh.
This is used to determine if we need to fetch and updated response from the OCSP server.
func ParseAndVerifyResponse ¶
ParseAndVerifyResponse is like ocsp.ParseResponse but also verifies the chain of the OCSP certificate.
ref; https://github.com/golang/go/issues/43522#issuecomment-755389499
func ParseAndVerifyResponseForCert ¶
func ParseAndVerifyResponseForCert(data []byte, cert, issuer *x509.Certificate) (*ocsp.Response, error)
ParseAndVerifyResponseForCert is like ocsp.ParseResponseForCert but also verifies the chain of the OCSP certificate.
ref; https://github.com/golang/go/issues/43522#issuecomment-755389499
func RefreshTime ¶ added in v1.1.0
RefreshTime returns the refresh time for the OCSP.
func VerifyPeerCertificate ¶
func VerifyPeerCertificate(_ [][]byte, verifiedChains [][]*x509.Certificate) error
VerifyPeerCertificate verifies if a peer certificate is OCSP valid.
Types ¶
type QueryOpts ¶
type QueryOpts struct {
// Certificate to query information about.
Certificate *x509.Certificate
// Issuer to verify the OCSP response against.
Issuer *x509.Certificate
// CommonName to use instead of the one specified on the certificate.
//
// If empty defaults to Certificate.Subject.CommonName.
CommonName string
// ServerURL is the url to the OCSP server for the certificate.
ServerURL string
// Hash contains the hash function that should be used when
// constructing the OCSP request. If zero, SHA-256 will be used.
Hash crypto.Hash
}
QueryOpts represent the options for a query request.
type QueryResponse ¶
type QueryResponse struct {
// Response is the actual OCSP response.
*ocsp.Response
// Bytes of the response.
Bytes []byte
}
QueryResponse is the response from an OCSP query.
func Query ¶
func Query(ctx context.Context, q QueryOpts) (*QueryResponse, error)
Query attempts to query the OCSP
func Staple ¶ added in v1.1.0
func Staple(ctx context.Context, c *tls.Certificate) (*QueryResponse, error)
Staple attempts to staple a tls.Certificate.
type VerifyError ¶
type VerifyError struct {
// Reason why the verification failed.
Reason string
}
VerifyError represents a OCSP responder verification error.
func (*VerifyError) Error ¶
func (e *VerifyError) Error() string
Source Files