Legend:
Library
Module
Module type
Parameter
Class
Class type
Library
Module
Module type
Parameter
Class
Class type
Module for encoding and decoding OCSP responses.
type for OCSPResponseStatus
val pp_status : status Fmt.t
pp_status ppf status
pretty prints status
type for CertStatus
val pp_cert_status : cert_status Fmt.t
pp_cert_status ppf status
pretty prints cert status
type single_response = X509.OCSP.Response.single_response
type for SingleResponse
val create_single_response :
?next_update:Ptime.t ->
?single_extensions:X509.Extension.t ->
X509.OCSP.cert_id ->
cert_status ->
Ptime.t ->
single_response
create_single_response ~next_update ~single_extension cert_id
cert_status this_update
creates response info for one cert, this_update
should be current time.
val pp_single_response : single_response Fmt.t
pp_single_response ppf response
pretty prints single response
val single_response_cert_id : single_response -> X509.OCSP.cert_id
single_response_cert_id response
is cert_id in this single response
val single_response_status : single_response -> cert_status
single_response_cert_id response
is cert_status in this single response
type for ResponderID
val create_responder_id : X509.Public_key.t -> responder_id
create_responder_id pubkey
creates responderID identified by this key. Note: Cstruct here contains SHA1 hash of public key, not itself.
val pp_responder_id : responder_id Fmt.t
pp_responder_id ppf responderID
pretty prints responderID
type t = X509.OCSP.Response.t
type for OCSPResponse
val create :
[ `MalformedRequest
| `InternalError
| `TryLater
| `SigRequired
| `Unauthorized ] ->
t
create status
creates error response. Successful status is not allowed here because it requires responseBytes.
val pp : t Fmt.t
pp ppf response
pretty prints response
val responder_id : t -> (responder_id, [> `Msg of string ]) Stdlib.result
responder_id request
is responder id from response
val encode_der : t -> Cstruct.t
encode_der request
encodes response into buffer
val validate :
t ->
?allowed_hashes:Mirage_crypto.Hash.hash list ->
?now:Ptime.t ->
X509.Public_key.t ->
(unit, [> X509.Validation.signature_error | `No_signature | `Time_invalid ])
Stdlib.result
validate response key
validates the signature of response
with the pulic key
.
val create_success :
?digest:Mirage_crypto.Hash.hash ->
?certs:Certificate.t list ->
?response_extensions:Extension.t ->
Private_key.t ->
responder_id ->
Ptime.t ->
single_response list ->
t Core.Or_error.t
val responses : t -> single_response list Core.Or_error.t
val decode_der : contents:string -> t Core.Or_error.t