Legend:
Library
Module
Module type
Parameter
Class
Class type
Library
Module
Module type
Parameter
Class
Class type
Module for encoding and decoding OCSP responses.
type for OCSPResponseStatus
type for CertStatus
val pp_cert_status : cert_status Fmt.t
pp_cert_status ppf status
pretty prints cert status
type single_response = X509.OCSP.Response.single_response
type for SingleResponse
val create_single_response :
?next_update:Ptime.t ->
?single_extensions:X509.Extension.t ->
X509.OCSP.cert_id ->
cert_status ->
Ptime.t ->
single_response
create_single_response ~next_update ~single_extension cert_id
cert_status this_update
creates response info for one cert, this_update
should be current time.
val pp_single_response : single_response Fmt.t
pp_single_response ppf response
pretty prints single response
val single_response_cert_id : single_response -> X509.OCSP.cert_id
single_response_cert_id response
is cert_id in this single response
val single_response_status : single_response -> cert_status
single_response_cert_id response
is cert_status in this single response
type for ResponderID
val create_responder_id : X509.Public_key.t -> responder_id
create_responder_id pubkey
creates responderID identified by this key. Note: octets here contains SHA1 hash of public key, not itself.
val pp_responder_id : responder_id Fmt.t
pp_responder_id ppf responderID
pretty prints responderID
type t = X509.OCSP.Response.t
type for OCSPResponse
val create :
[ `MalformedRequest
| `InternalError
| `TryLater
| `SigRequired
| `Unauthorized ] ->
t
create status
creates error response. Successful status is not allowed here because it requires responseBytes.
val responder_id : t -> (responder_id, [> `Msg of string ]) result
responder_id request
is responder id from response
val encode_der : t -> string
encode_der request
encodes response into buffer
val validate :
t ->
?allowed_hashes:Digestif.hash' list ->
?now:Ptime.t ->
X509.Public_key.t ->
(unit, [> X509.Validation.signature_error | `No_signature | `Time_invalid ])
result
validate response key
validates the signature of response
with the pulic key
.
val create_success :
?digest:Digestif.hash' ->
?certs:Certificate.t list ->
?response_extensions:Extension.t ->
Private_key.t ->
responder_id ->
Ptime.t ->
single_response list ->
t Core.Or_error.t
val responses : t -> single_response list Core.Or_error.t
val decode_der : contents:string -> t Core.Or_error.t