package ocsp
import "github.com/hashicorp/vault/sdk/helper/ocsp"
Index ¶
- func IsOcspVerificationError(err error) bool
- type Client
- func New(logFactory func() hclog.Logger, cacheSize int) *Client
- func (c *Client) ClearCache()
- func (c *Client) GetAllRevocationStatus(ctx context.Context, verifiedChains []*x509.Certificate, conf *VerifyConfig) ([]*ocspStatus, error)
- func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) (*ocspStatus, error)
- func (c *Client) Logger() hclog.Logger
- func (c *Client) NewTransport(conf *VerifyConfig) *http.Transport
- func (c *Client) VerifyLeafCertificate(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) error
- func (c *Client) VerifyPeerCertificate(ctx context.Context, verifiedChains [][]*x509.Certificate, conf *VerifyConfig) error
- type ErrOcspIssuerVerification
- type FailOpenMode
- func FailOpenModeString(s string) (FailOpenMode, error)
- func FailOpenModeValues() []FailOpenMode
- func (i FailOpenMode) IsAFailOpenMode() bool
- func (i FailOpenMode) String() string
- type VerifyConfig
Functions ¶
func IsOcspVerificationError ¶
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func New ¶
func (*Client) ClearCache ¶
func (c *Client) ClearCache()
func (*Client) GetAllRevocationStatus ¶
func (c *Client) GetAllRevocationStatus(ctx context.Context, verifiedChains []*x509.Certificate, conf *VerifyConfig) ([]*ocspStatus, error)
func (*Client) GetRevocationStatus ¶
func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) (*ocspStatus, error)
GetRevocationStatus checks the certificate revocation status for subject using issuer certificate.
func (*Client) Logger ¶
func (c *Client) Logger() hclog.Logger
func (*Client) NewTransport ¶
func (c *Client) NewTransport(conf *VerifyConfig) *http.Transport
NewTransport includes the certificate revocation check with OCSP in sequential.
func (*Client) VerifyLeafCertificate ¶
func (c *Client) VerifyLeafCertificate(ctx context.Context, subject, issuer *x509.Certificate, conf *VerifyConfig) error
VerifyLeafCertificate verifies just the subject against it's direct issuer
func (*Client) VerifyPeerCertificate ¶
func (c *Client) VerifyPeerCertificate(ctx context.Context, verifiedChains [][]*x509.Certificate, conf *VerifyConfig) error
VerifyPeerCertificate verifies all of certificate revocation status
type ErrOcspIssuerVerification ¶
type ErrOcspIssuerVerification struct {
Err error
}
ErrOcspIssuerVerification indicates an error verifying the identity of an OCSP response occurred
func (*ErrOcspIssuerVerification) Error ¶
func (e *ErrOcspIssuerVerification) Error() string
type FailOpenMode ¶
type FailOpenMode uint32
FailOpenMode is OCSP fail open mode. FailOpenTrue by default and may set to ocspModeFailClosed for fail closed mode
const ( // FailOpenTrue represents OCSP fail open mode. FailOpenTrue FailOpenMode // FailOpenFalse represents OCSP fail closed mode. FailOpenFalse )
func FailOpenModeString ¶
func FailOpenModeString(s string) (FailOpenMode, error)
FailOpenModeString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func FailOpenModeValues ¶
func FailOpenModeValues() []FailOpenMode
FailOpenModeValues returns all values of the enum
func (FailOpenMode) IsAFailOpenMode ¶
func (i FailOpenMode) IsAFailOpenMode() bool
IsAFailOpenMode returns "true" if the value is listed in the enum definition. "false" otherwise
func (FailOpenMode) String ¶
func (i FailOpenMode) String() string
type VerifyConfig ¶
type VerifyConfig struct {
OcspEnabled bool
ExtraCas []*x509.Certificate
OcspServersOverride []string
OcspFailureMode FailOpenMode
QueryAllServers bool
OcspThisUpdateMaxAge time.Duration
OcspMaxRetries int
}
Source Files ¶
client.go failopenmode_enumer.go
- Version
- v0.18.0 (latest)
- Published
- Jun 5, 2025
- Platform
- linux/amd64
- Imports
- 25 packages
- Last checked
- 1 month ago –
Tools for package owners.