func Verify(ctx context.Context, connState tls.ConnectionState, opts *VerifyOptions) error
Verify performs OCSP verification for the provided ConnectionState instance.
Cache represents an OCSP cache.
type Cache interface {
Update(*ocsp.Request, *ResponseDetails) *ResponseDetails
Get(request *ocsp.Request) *ResponseDetails
}
ConcurrentCache is an implementation of ocsp.Cache that's safe for concurrent use.
type ConcurrentCache struct {
sync.Mutex
// contains filtered or unexported fields
}
func NewCache() *ConcurrentCache
NewCache creates an empty OCSP cache.
func (c *ConcurrentCache) Get(request *ocsp.Request) *ResponseDetails
Get returns the cached response for the request, or nil if there is no cached response. If the cached response has expired, it will be removed from the cache and nil will be returned.
func (c *ConcurrentCache) Update(request *ocsp.Request, response *ResponseDetails) *ResponseDetails
Update updates the cache entry for the provided request. The provided response will only be cached if it has a status that is not ocsp.Unknown and has a non-zero NextUpdate time. If there is an existing cache entry for request, it will be overwritten by response if response.NextUpdate is further ahead in the future than the existing entry's NextUpdate.
This function returns the most up-to-date response corresponding to the request.
Error represents an OCSP verification error
type Error struct {
// contains filtered or unexported fields
}
func (e *Error) Error() string
Error implements the error interface
func (e *Error) Unwrap() error
Unwrap returns the underlying error.
ResponseDetails contains a subset of the details needed from an OCSP response after the original response has been validated.
type ResponseDetails struct {
Status int
NextUpdate time.Time
}
VerifyOptions specifies options to configure OCSP verification.
type VerifyOptions struct {
Cache Cache
DisableEndpointChecking bool
HTTPClient *http.Client
}