package revoke
import "git.wntrmute.dev/kyle/goutils/certlib/revoke"
Package revoke provides functionality for checking the validity of a cert. Specifically, the temporal validity of the certificate is checked first, then any CRL and OCSP url in the cert is checked.
Index ¶
- Variables
- func SetCRLFetcher(fn func(io.Reader) ([]byte, error))
- func SetOCSPFetcher(fn func(io.Reader) ([]byte, error))
- func SetRemoteFetcher(fn func(io.Reader) ([]byte, error))
- func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool)
- func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error)
Variables ¶
var CRLSet = map[string]*x509.RevocationList{}
CRLSet associates a PKIX certificate list with the URL the CRL is fetched from.
var HTTPClient = http.DefaultClient
HTTPClient is an instance of http.Client that will be used for all HTTP requests.
var HardFail = false
HardFail determines whether the failure to check the revocation status of a certificate (i.e. due to network failure) causes verification to fail (a hard failure).
Functions ¶
func SetCRLFetcher ¶
SetCRLFetcher sets the function to use to read from the http response body
func SetOCSPFetcher ¶
SetOCSPFetcher sets the function to use to read from the http response body
func SetRemoteFetcher ¶
SetRemoteFetcher sets the function to use to read from the http response body
func VerifyCertificate ¶
func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool)
VerifyCertificate ensures that the certificate passed in hasn't expired and checks the CRL for the server.
func VerifyCertificateError ¶
func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error)
VerifyCertificateError ensures that the certificate passed in hasn't expired and checks the CRL for the server.
Source Files ¶
revoke.go
- Version
- v1.7.7 (latest)
- Published
- Jun 15, 2024
- Platform
- linux/amd64
- Imports
- 15 packages
- Last checked
- 4 days ago –
Tools for package owners.