package x509

  1. Overview
  2. Docs

Module for encoding and decoding OCSP responses.

type status = [
  1. | `InternalError
  2. | `MalformedRequest
  3. | `SigRequired
  4. | `Successful
  5. | `TryLater
  6. | `Unauthorized
]

type for OCSPResponseStatus

val pp_status : status Fmt.t

pp_status ppf status pretty prints status

type cert_status = [
  1. | `Good
  2. | `Revoked of Ptime.t * Extension.reason option
  3. | `Unknown
]

type for CertStatus

val pp_cert_status : cert_status Fmt.t

pp_cert_status ppf status pretty prints cert status

type single_response

type for SingleResponse

val create_single_response : ?next_update:Ptime.t -> ?single_extensions:Extension.t -> cert_id -> cert_status -> Ptime.t -> single_response

create_single_response ~next_update ~single_extension cert_id cert_status this_update creates response info for one cert, this_update should be current time.

val pp_single_response : single_response Fmt.t

pp_single_response ppf response pretty prints single response

val single_response_cert_id : single_response -> cert_id

single_response_cert_id response is cert_id in this single response

val single_response_status : single_response -> cert_status

single_response_cert_id response is cert_status in this single response

type responder_id = [
  1. | `ByKey of Cstruct.t
  2. | `ByName of Distinguished_name.t
]

type for ResponderID

val create_responder_id : Public_key.t -> responder_id

create_responder_id pubkey creates responderID identified by this key. Note: Cstruct here contains SHA1 hash of public key, not itself.

val pp_responder_id : responder_id Fmt.t

pp_responder_id ppf responderID pretty prints responderID

type t

type for OCSPResponse

val create_success : ?digest:Mirage_crypto.Hash.hash -> ?certs:Certificate.t list -> ?response_extensions:Extension.t -> Private_key.t -> responder_id -> Ptime.t -> single_response list -> (t, [> `Msg of string ]) Stdlib.result

create_success ~digest ~certs ~response_extensions priv_key responderID producedAt responses creates response and signs it with priv_key. producedAt should be current timestamp.

val create : [ `MalformedRequest | `InternalError | `TryLater | `SigRequired | `Unauthorized ] -> t

create status creates error response. Successful status is not allowed here because it requires responseBytes.

val pp : t Fmt.t

pp ppf response pretty prints response

val status : t -> status

status response is response status

val responder_id : t -> (responder_id, [> `Msg of string ]) Stdlib.result

responder_id request is responder id from response

val responses : t -> (single_response list, [> `Msg of string ]) Stdlib.result

responses response is a list of responses (status per certificate).

val decode_der : Cstruct.t -> (t, Asn.error) Stdlib.result

decode_der buffer decodes response in buffer

val encode_der : t -> Cstruct.t

encode_der request encodes response into buffer

val validate : t -> ?allowed_hashes:Mirage_crypto.Hash.hash list -> ?now:Ptime.t -> Public_key.t -> (unit, [> Validation.signature_error | `No_signature | `Time_invalid ]) Stdlib.result

validate response key validates the signature of response with the pulic key.

OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct