package x509

  1. Overview
  2. Docs

Module OCSP.ResponseSource

Module for encoding and decoding OCSP responses.

Sourcetype status = [
  1. | `InternalError
  2. | `MalformedRequest
  3. | `SigRequired
  4. | `Successful
  5. | `TryLater
  6. | `Unauthorized
]

type for OCSPResponseStatus

Sourceval pp_status : status Fmt.t

pp_status ppf status pretty prints status

Sourcetype cert_status = [
  1. | `Good
  2. | `Revoked of Ptime.t * Extension.reason option
  3. | `Unknown
]

type for CertStatus

Sourceval pp_cert_status : cert_status Fmt.t

pp_cert_status ppf status pretty prints cert status

Sourcetype single_response

type for SingleResponse

Sourceval create_single_response : ?next_update:Ptime.t -> ?single_extensions:Extension.t -> cert_id -> cert_status -> Ptime.t -> single_response

create_single_response ~next_update ~single_extension cert_id cert_status this_update creates response info for one cert, this_update should be current time.

Sourceval pp_single_response : single_response Fmt.t

pp_single_response ppf response pretty prints single response

Sourceval single_response_cert_id : single_response -> cert_id

single_response_cert_id response is cert_id in this single response

Sourceval single_response_status : single_response -> cert_status

single_response_cert_id response is cert_status in this single response

Sourcetype responder_id = [
  1. | `ByKey of string
  2. | `ByName of Distinguished_name.t
]

type for ResponderID

Sourceval create_responder_id : Public_key.t -> responder_id

create_responder_id pubkey creates responderID identified by this key. Note: octets here contains SHA1 hash of public key, not itself.

Sourceval pp_responder_id : responder_id Fmt.t

pp_responder_id ppf responderID pretty prints responderID

Sourcetype t

type for OCSPResponse

Sourceval create_success : ?digest:Digestif.hash' -> ?certs:Certificate.t list -> ?response_extensions:Extension.t -> Private_key.t -> responder_id -> Ptime.t -> single_response list -> (t, [> `Msg of string ]) result

create_success ~digest ~certs ~response_extensions priv_key responderID producedAt responses creates response and signs it with priv_key. producedAt should be current timestamp.

Sourceval create : [ `MalformedRequest | `InternalError | `TryLater | `SigRequired | `Unauthorized ] -> t

create status creates error response. Successful status is not allowed here because it requires responseBytes.

Sourceval pp : t Fmt.t

pp ppf response pretty prints response

Sourceval status : t -> status

status response is response status

Sourceval responder_id : t -> (responder_id, [> `Msg of string ]) result

responder_id request is responder id from response

Sourceval responses : t -> (single_response list, [> `Msg of string ]) result

responses response is a list of responses (status per certificate).

Sourceval decode_der : string -> (t, Asn.error) result

decode_der buffer decodes response in buffer

Sourceval encode_der : t -> string

encode_der request encodes response into buffer

Sourceval validate : t -> ?allowed_hashes:Digestif.hash' list -> ?now:Ptime.t -> Public_key.t -> (unit, [> Validation.signature_error | `No_signature | `Time_invalid ]) result

validate response key validates the signature of response with the pulic key.