x509 0.14.1 · OCaml Package

Module for encoding and decoding OCSP responses.

type status = [

| `InternalError
| `MalformedRequest
| `SigRequired
| `Successful
| `TryLater
| `Unauthorized

]

type for OCSPResponseStatus

val pp_status : status Fmt.t

pp_status ppf status pretty prints status

type cert_status = [

| `Good
| `Revoked of Ptime.t * Extension.reason option
| `Unknown

]

type for CertStatus

val pp_cert_status : cert_status Fmt.t

pp_cert_status ppf status pretty prints cert status

type single_response

type for SingleResponse

val create_single_response : 
  ?next_update:Ptime.t ->
  ?single_extensions:Extension.t ->
  cert_id ->
  cert_status ->
  Ptime.t ->
  single_response

create_single_response ~next_update ~single_extension cert_id cert_status this_update creates response info for one cert, this_update should be current time.

val pp_single_response : single_response Fmt.t

pp_single_response ppf response pretty prints single response

val single_response_cert_id : single_response -> cert_id

single_response_cert_id response is cert_id in this single response

val single_response_status : single_response -> cert_status

single_response_cert_id response is cert_status in this single response

type responder_id = [

| `ByKey of Cstruct.t
| `ByName of Distinguished_name.t

]

type for ResponderID

val create_responder_id : Public_key.t -> responder_id

create_responder_id pubkey creates responderID identified by this key. Note: Cstruct here contains SHA1 hash of public key, not itself.

val pp_responder_id : responder_id Fmt.t

pp_responder_id ppf responderID pretty prints responderID

type t

type for OCSPResponse

val create_success : 
  ?digest:Mirage_crypto.Hash.hash ->
  ?certs:Certificate.t list ->
  ?response_extensions:Extension.t ->
  Private_key.t ->
  responder_id ->
  Ptime.t ->
  single_response list ->
  (t, [> Rresult.R.msg ]) Rresult.result

create_success ~digest ~certs ~response_extensions priv_key responderID producedAt responses creates response and signs it with priv_key. producedAt should be current timestamp.

val create : 
  [ `MalformedRequest
  | `InternalError
  | `TryLater
  | `SigRequired
  | `Unauthorized ] ->
  t

create status creates error response. Successful status is not allowed here because it requires responseBytes.

val pp : t Fmt.t

pp ppf response pretty prints response

val status : t -> status

status response is response status

val responder_id : t -> (responder_id, [> Rresult.R.msg ]) Rresult.result

responder_id request is responder id from response

val responses : t -> (single_response list, [> Rresult.R.msg ]) Rresult.result

responses response is a list of responses (status per certificate).

val decode_der : Cstruct.t -> (t, Asn.error) Rresult.result

decode_der buffer decodes response in buffer

val encode_der : t -> Cstruct.t

encode_der request encodes response into buffer

val validate : 
  t ->
  ?allowed_hashes:Mirage_crypto.Hash.hash list ->
  ?now:Ptime.t ->
  Public_key.t ->
  (unit, [> Validation.signature_error | `No_signature | `Time_invalid ])
    Rresult.result

validate response key validates the signature of response with the pulic key.

package x509