package tls-async

  1. Overview
  2. Docs

Module for encoding and decoding OCSP responses.

type status = [
  1. | `InternalError
  2. | `MalformedRequest
  3. | `SigRequired
  4. | `Successful
  5. | `TryLater
  6. | `Unauthorized
]

type for OCSPResponseStatus

val pp_status : status Fmt.t

pp_status ppf status pretty prints status

type cert_status = [
  1. | `Good
  2. | `Revoked of Ptime.t * X509.Extension.reason option
  3. | `Unknown
]

type for CertStatus

val pp_cert_status : cert_status Fmt.t

pp_cert_status ppf status pretty prints cert status

type single_response = X509.OCSP.Response.single_response

type for SingleResponse

val create_single_response : ?next_update:Ptime.t -> ?single_extensions:X509.Extension.t -> X509.OCSP.cert_id -> cert_status -> Ptime.t -> single_response

create_single_response ~next_update ~single_extension cert_id cert_status this_update creates response info for one cert, this_update should be current time.

val pp_single_response : single_response Fmt.t

pp_single_response ppf response pretty prints single response

val single_response_cert_id : single_response -> X509.OCSP.cert_id

single_response_cert_id response is cert_id in this single response

val single_response_status : single_response -> cert_status

single_response_cert_id response is cert_status in this single response

type responder_id = [
  1. | `ByKey of Cstruct.t
  2. | `ByName of X509.Distinguished_name.t
]

type for ResponderID

val create_responder_id : X509.Public_key.t -> responder_id

create_responder_id pubkey creates responderID identified by this key. Note: Cstruct here contains SHA1 hash of public key, not itself.

val pp_responder_id : responder_id Fmt.t

pp_responder_id ppf responderID pretty prints responderID

type for OCSPResponse

val create : [ `MalformedRequest | `InternalError | `TryLater | `SigRequired | `Unauthorized ] -> t

create status creates error response. Successful status is not allowed here because it requires responseBytes.

val pp : t Fmt.t

pp ppf response pretty prints response

val status : t -> status

status response is response status

val responder_id : t -> (responder_id, [> Rresult.R.msg ]) Rresult.result

responder_id request is responder id from response

val encode_der : t -> Cstruct.t

encode_der request encodes response into buffer

val validate : t -> ?allowed_hashes:Mirage_crypto.Hash.hash list -> ?now:Ptime.t -> X509.Public_key.t -> (unit, [> X509.Validation.signature_error | `No_signature | `Time_invalid ]) Rresult.result

validate response key validates the signature of response with the pulic key.

val create_success : ?digest:Mirage_crypto.Hash.hash -> ?certs:Certificate.t list -> ?response_extensions:Extension.t -> Private_key.t -> responder_id -> Ptime.t -> single_response list -> t Core.Or_error.t
val responses : t -> single_response list Core.Or_error.t
val decode_der : contents:string -> t Core.Or_error.t
OCaml

Innovation. Community. Security.