The Go Programming Language

Package ocsp

import "crypto/ocsp"

Package ocsp parses OCSP responses as specified in RFC 2560. OCSP responses are signed messages attesting to the validity of a certificate for a small period of time. This is used to manage revocation for X.509 certificates.

Package files

ocsp.go

Constants

const (
    // Good means that the certificate is valid.
    Good = iota
    // Revoked means that the certificate has been deliberately revoked.
    Revoked = iota
    // Unknown means that the OCSP responder doesn't know about the certificate.
    Unknown = iota
    // ServerFailed means that the OCSP responder failed to process the request.
    ServerFailed = iota
)

type ParseError

ParseError results from an invalid OCSP response.

type ParseError string

func (ParseError) String

func (p ParseError) String() string

type Response

Response represents an OCSP response. See RFC 2560.

type Response struct {
    // Status is one of {Good, Revoked, Unknown, ServerFailed}
    Status                                        int
    SerialNumber                                  []byte
    ProducedAt, ThisUpdate, NextUpdate, RevokedAt *time.Time
    RevocationReason                              int
    Certificate                                   *x509.Certificate
}

func ParseResponse

func ParseResponse(bytes []byte) (*Response, os.Error)

ParseResponse parses an OCSP response in DER form. It only supports responses for a single certificate and only those using RSA signatures. Non-RSA responses will result in an x509.UnsupportedAlgorithmError. Signature errors or parse failures will result in a ParseError.

release.r60.3. Except as noted, this content is licensed under a Creative Commons Attribution 3.0 License.