revoke

package
v1.6.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 5, 2024 License: BSD-2-Clause Imports: 16 Imported by: 261

Documentation

Overview

Package revoke provides functionality for checking the validity of a cert. Specifically, the temporal validity of the certificate is checked first, then any CRL and OCSP url in the cert is checked.

Index

Constants

This section is empty.

Variables

View Source
var CRLSet = map[string]*pkix.CertificateList{}

CRLSet associates a PKIX certificate list with the URL the CRL is fetched from.

View Source
var HTTPClient = http.DefaultClient

HTTPClient is an instance of http.Client that will be used for all HTTP requests.

View Source
var HardFail = false

HardFail determines whether the failure to check the revocation status of a certificate (i.e. due to network failure) causes verification to fail (a hard failure).

Functions

func SetCRLFetcher

func SetCRLFetcher(fn func(io.Reader) ([]byte, error))

SetCRLFetcher sets the function to use to read from the http response body

func SetOCSPFetcher

func SetOCSPFetcher(fn func(io.Reader) ([]byte, error))

SetOCSPFetcher sets the function to use to read from the http response body

func SetRemoteFetcher

func SetRemoteFetcher(fn func(io.Reader) ([]byte, error))

SetRemoteFetcher sets the function to use to read from the http response body

func VerifyCertificate

func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool)

VerifyCertificate ensures that the certificate passed in hasn't expired and checks the CRL for the server.

func VerifyCertificateError

func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error)

VerifyCertificateError ensures that the certificate passed in hasn't expired and checks the CRL for the server.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL