revocation

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package revocation checks certificate revocation status via OCSP and CRL.

Index

Constants

View Source 
const (
	StatusRevoked       = "revoked"
	StatusUnreachable   = "unreachable"
	StatusStapleInvalid = "staple_invalid"
	StatusCRLStale      = "crl_stale"
)

Revocation status constants.

Variables

This section is empty.

Functions

func Check 

func Check(cert, issuer *x509.Certificate, ocspStaple []byte, cache *CRLCache) []string

Check runs OCSP and CRL checking on a certificate. Returns human-readable issue strings (parallel to PostureIssues/ChainErrors).

Types

type CRLCache 

type CRLCache struct {
	// contains filtered or unexported fields
}

CRLCache is an in-memory cache for CRL data keyed by distribution point URL.

func NewCRLCache 

func NewCRLCache() *CRLCache

NewCRLCache creates an empty CRL cache.

func (*CRLCache) Get 

func (c *CRLCache) Get(url string) *x509.RevocationList

Get returns a cached CRL for the URL, or nil if missing/expired.

func (*CRLCache) Set 

func (c *CRLCache) Set(url string, crl *x509.RevocationList)

Set stores a CRL in the cache, using its NextUpdate as expiry.

type Result 

type Result struct {
	Status string
	Detail string
}

Result holds the outcome of a revocation check.

func CheckCRL 

func CheckCRL(cert *x509.Certificate, cache *CRLCache) *Result

CheckCRL checks if a certificate's serial appears in any CRL distribution point.

func CheckOCSP 

func CheckOCSP(cert, issuer *x509.Certificate, staple []byte) *Result

CheckOCSP checks revocation status via OCSP. Tries the stapled response first, then queries AIA OCSP responders.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.