GoThrough - package:golang.org/x/crypto/ocsp

ocsp.AACompromise

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const AACompromise = 10

ocsp.AffiliationChanged

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const AffiliationChanged = 3

ocsp.CACompromise

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const CACompromise = 2

ocsp.CertificateHold

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const CertificateHold = 6

ocsp.CessationOfOperation

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const CessationOfOperation = 5

ocsp.Good

// The status values that can be expressed in OCSP.  See RFC 6960.
// Good means that the certificate is valid.
const Good = iota

ocsp.InternalError

const InternalError = 2

ocsp.KeyCompromise

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const KeyCompromise = 1

ocsp.Malformed

const Malformed = 1

ocsp.PrivilegeWithdrawn

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const PrivilegeWithdrawn = 9

ocsp.RemoveFromCRL

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const RemoveFromCRL = 8

ocsp.Revoked

// The status values that can be expressed in OCSP.  See RFC 6960.
// Revoked means that the certificate has been deliberately revoked.
const Revoked = iota

ocsp.ServerFailed

// The status values that can be expressed in OCSP.  See RFC 6960.
// ServerFailed is unused and was never used (see
// https://go-review.googlesource.com/#/c/18944). ParseResponse will
// return a ResponseError when an error response is parsed.
const ServerFailed = iota

ocsp.SignatureRequired

// Status code four is unused in OCSP. See
// https://tools.ietf.org/html/rfc6960#section-4.2.1
const SignatureRequired = 5

ocsp.Success

const Success = 0

ocsp.Superseded

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const Superseded = 4

ocsp.TryLater

const TryLater = 3

ocsp.Unauthorized

const Unauthorized = 6

ocsp.Unknown

// The status values that can be expressed in OCSP.  See RFC 6960.
// Unknown means that the OCSP responder doesn't know about the certificate.
const Unknown = iota

ocsp.Unspecified

// The enumerated reasons for revoking a certificate.  See RFC 5280.
const Unspecified = 0

ocsp.InternalErrorErrorResponse

// These are pre-serialized error responses for the various non-success codes
// defined by OCSP. The Unauthorized code in particular can be used by an OCSP
// responder that supports only pre-signed responses as a response to requests
// for certificates with unknown status. See RFC 5019.
var InternalErrorErrorResponse = []byte{0x30, 0x03, 0x0A, 0x01, 0x02}

ocsp.MalformedRequestErrorResponse

// These are pre-serialized error responses for the various non-success codes
// defined by OCSP. The Unauthorized code in particular can be used by an OCSP
// responder that supports only pre-signed responses as a response to requests
// for certificates with unknown status. See RFC 5019.
var MalformedRequestErrorResponse = []byte{0x30, 0x03, 0x0A, 0x01, 0x01}

ocsp.SigRequredErrorResponse

// These are pre-serialized error responses for the various non-success codes
// defined by OCSP. The Unauthorized code in particular can be used by an OCSP
// responder that supports only pre-signed responses as a response to requests
// for certificates with unknown status. See RFC 5019.
var SigRequredErrorResponse = []byte{0x30, 0x03, 0x0A, 0x01, 0x05}

ocsp.TryLaterErrorResponse

// These are pre-serialized error responses for the various non-success codes
// defined by OCSP. The Unauthorized code in particular can be used by an OCSP
// responder that supports only pre-signed responses as a response to requests
// for certificates with unknown status. See RFC 5019.
var TryLaterErrorResponse = []byte{0x30, 0x03, 0x0A, 0x01, 0x03}

ocsp.UnauthorizedErrorResponse

// These are pre-serialized error responses for the various non-success codes
// defined by OCSP. The Unauthorized code in particular can be used by an OCSP
// responder that supports only pre-signed responses as a response to requests
// for certificates with unknown status. See RFC 5019.
var UnauthorizedErrorResponse = []byte{0x30, 0x03, 0x0A, 0x01, 0x06}

ocsp.CreateRequest

// CreateRequest returns a DER-encoded, OCSP request for the status of cert. If
// opts is nil then sensible defaults are used.
func CreateRequest(cert *x509.Certificate, issuer *x509.Certificate, opts *RequestOptions) ([]byte, error)

ocsp.CreateResponse

// CreateResponse returns a DER-encoded OCSP response with the specified contents.
// The fields in the response are populated as follows:
// 
// The responder cert is used to populate the responder's name field, and the
// certificate itself is provided alongside the OCSP response signature.
// 
// The issuer cert is used to populate the IssuerNameHash and IssuerKeyHash fields.
// 
// The template is used to populate the SerialNumber, Status, RevokedAt,
// RevocationReason, ThisUpdate, and NextUpdate fields.
// 
// If template.IssuerHash is not set, SHA1 will be used.
// 
// The ProducedAt date is automatically set to the current date, to the nearest minute.
func CreateResponse(issuer *x509.Certificate, responderCert *x509.Certificate, template Response, priv crypto.Signer) ([]byte, error)

ocsp.ParseRequest

// ParseRequest parses an OCSP request in DER form. It only supports
// requests for a single certificate. Signed requests are not supported.
// If a request includes a signature, it will result in a ParseError.
func ParseRequest(bytes []byte) (*Request, error)

ocsp.ParseResponse

// ParseResponse parses an OCSP response in DER form. The response must contain
// only one certificate status. To parse the status of a specific certificate
// from a response which may contain multiple statuses, use ParseResponseForCert
// instead.
// 
// If the response contains an embedded certificate, then that certificate will
// be used to verify the response signature. If the response contains an
// embedded certificate and issuer is not nil, then issuer will be used to verify
// the signature on the embedded certificate.
// 
// If the response does not contain an embedded certificate and issuer is not
// nil, then issuer will be used to verify the response signature.
// 
// Invalid responses and parse failures will result in a ParseError.
// Error responses will result in a ResponseError.
func ParseResponse(bytes []byte, issuer *x509.Certificate) (*Response, error)

ocsp.ParseResponseForCert

// ParseResponseForCert acts identically to ParseResponse, except it supports
// parsing responses that contain multiple statuses. If the response contains
// multiple statuses and cert is not nil, then ParseResponseForCert will return
// the first status which contains a matching serial, otherwise it will return an
// error. If cert is nil, then the first status in the response will be returned.
func ParseResponseForCert(bytes []byte, cert *x509.Certificate, issuer *x509.Certificate) (*Response, error)