cfssl: github.com/cloudflare/cfssl/revoke Index | Files

package revoke

import "github.com/cloudflare/cfssl/revoke"

Package revoke provides functionality for checking the validity of a cert. Specifically, the temporal validity of the certificate is checked first, then any CRL and OCSP url in the cert is checked.

Index

Package Files

revoke.go

Variables

var CRLSet = map[string]*pkix.CertificateList{}

CRLSet associates a PKIX certificate list with the URL the CRL is fetched from.

var HardFail = false

HardFail determines whether the failure to check the revocation status of a certificate (i.e. due to network failure) causes verification to fail (a hard failure).

func SetCRLFetcher Uses

func SetCRLFetcher(fn func(io.Reader) ([]byte, error))

SetCRLFetcher sets the function to use to read from the http response body

func SetOCSPFetcher Uses

func SetOCSPFetcher(fn func(io.Reader) ([]byte, error))

SetOCSPFetcher sets the function to use to read from the http response body

func SetRemoteFetcher Uses

func SetRemoteFetcher(fn func(io.Reader) ([]byte, error))

SetRemoteFetcher sets the function to use to read from the http response body

func VerifyCertificate Uses

func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool)

VerifyCertificate ensures that the certificate passed in hasn't expired and checks the CRL for the server.

func VerifyCertificateError Uses

func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error)

VerifyCertificateError ensures that the certificate passed in hasn't expired and checks the CRL for the server.

Package revoke imports 17 packages (graph) and is imported by 122 packages. Updated 2020-10-02. Refresh now. Tools for package owners.