Response (u.39ed10cebac514648d8ae73f11bff9ff.x509.1.0.6.doc.x509.X509.OCSP.Response)

Sourcetype status = [

| `InternalError
| `MalformedRequest
| `SigRequired
| `Successful
| `TryLater
| `Unauthorized

]

type for OCSPResponseStatus

Sourceval pp_status : status Fmt.t

pp_status ppf status pretty prints status

Sourcetype cert_status = [

| `Good
| `Revoked of Ptime.t * Extension.reason option
| `Unknown

]

type for CertStatus

Sourceval pp_cert_status : cert_status Fmt.t

pp_cert_status ppf status pretty prints cert status

Sourcetype single_response

type for SingleResponse

Source

val create_single_response : 
  ?next_update:Ptime.t ->
  ?single_extensions:Extension.t ->
  cert_id ->
  cert_status ->
  Ptime.t ->
  single_response

create_single_response ~next_update ~single_extension cert_id cert_status this_update creates response info for one cert, this_update should be current time.

Sourceval pp_single_response : single_response Fmt.t

pp_single_response ppf response pretty prints single response

Sourceval single_response_cert_id : single_response -> cert_id

single_response_cert_id response is cert_id in this single response

Sourceval single_response_status : single_response -> cert_status

single_response_cert_id response is cert_status in this single response

Sourcetype responder_id = [

| `ByKey of string
| `ByName of Distinguished_name.t

]

type for ResponderID

Sourceval create_responder_id : Public_key.t -> responder_id

create_responder_id pubkey creates responderID identified by this key. Note: octets here contains SHA1 hash of public key, not itself.

Sourceval pp_responder_id : responder_id Fmt.t

pp_responder_id ppf responderID pretty prints responderID

Sourcetype t

type for OCSPResponse

Source

val create_success : 
  ?digest:Digestif.hash' ->
  ?certs:Certificate.t list ->
  ?response_extensions:Extension.t ->
  Private_key.t ->
  responder_id ->
  Ptime.t ->
  single_response list ->
  (t, [> `Msg of string ]) result

create_success ~digest ~certs ~response_extensions priv_key responderID producedAt responses creates response and signs it with priv_key. producedAt should be current timestamp.

Source

val create : 
  [ `MalformedRequest
  | `InternalError
  | `TryLater
  | `SigRequired
  | `Unauthorized ] ->
  t

create status creates error response. Successful status is not allowed here because it requires responseBytes.

Sourceval pp : t Fmt.t

pp ppf response pretty prints response

Sourceval status : t -> status

status response is response status

Sourceval responder_id : t -> (responder_id, [> `Msg of string ]) result

responder_id request is responder id from response

Sourceval responses : t -> (single_response list, [> `Msg of string ]) result

responses response is a list of responses (status per certificate).

Sourceval decode_der : string -> (t, Asn.error) result

decode_der buffer decodes response in buffer

Sourceval encode_der : t -> string

encode_der request encodes response into buffer

Source

val validate : 
  t ->
  ?allowed_hashes:Digestif.hash' list ->
  ?now:Ptime.t ->
  Public_key.t ->
  (unit, [> Validation.signature_error | `No_signature | `Time_invalid ])
    result

validate response key validates the signature of response with the pulic key.