Class: OpenSSL::OCSP::Request
Relationships & Source Files | |
Inherits: | Object |
Defined in: | ext/openssl/ossl_ocsp.c |
Overview
An Request
contains the certificate information for determining if a certificate has been revoked or not. A Request can be created for a certificate or from a DER-encoded request created elsewhere.
Class Method Summary
-
.new ⇒ Request
constructor
Creates a new
Request
.
Instance Method Summary
-
#add_certid(certificate_id) ⇒ Request
Adds
certificate_id
to the request. -
#add_nonce(nonce = nil) ⇒ Request
Adds a
nonce
to the ::OpenSSL::OCSP request. -
#certid ⇒ Array, ...
Returns all certificate IDs in this request.
-
#check_nonce(response) ⇒ result
Checks the nonce validity for this request and
response
. -
#sign(signer_cert, signer_key) ⇒ self
Signs this ::OpenSSL::OCSP request using
signer_cert
andsigner_key
. -
#to_der
Returns this request as a DER-encoded string.
-
#verify(certificates, store) ⇒ Boolean
Verifies this request using the given
certificates
and ::OpenSSL::X509store
.
Constructor Details
.new ⇒ Request
.new(request_der) ⇒ Request
Request
.new(request_der) ⇒ Request
Creates a new Request
. The request may be created empty or from a request_der
string.
Instance Method Details
#add_certid(certificate_id) ⇒ Request
Adds certificate_id
to the request.
#add_nonce(nonce = nil) ⇒ Request
Adds a nonce
to the ::OpenSSL::OCSP request. If no nonce is given a random one will be generated.
The nonce is used to prevent replay attacks but some servers do not support it.
#certid ⇒ Array
, ...
Returns all certificate IDs in this request.
#check_nonce(response) ⇒ result
Checks the nonce validity for this request and response
.
The return value is one of the following:
- -1
-
nonce in request only.
- 0
-
nonces both present and not equal.
- 1
-
nonces present and equal.
- 2
-
nonces both absent.
- 3
-
nonce present in response only.
For most responses, clients can check result
> 0. If a responder doesn't handle nonces result.nonzero?
may be necessary. A result of 0
is always an error.
#sign(signer_cert, signer_key) ⇒ self
#sign(signer_cert, signer_key, certificates) ⇒ self
#sign(signer_cert, signer_key, certificates, flags) ⇒ self
self
#sign(signer_cert, signer_key, certificates) ⇒ self
#sign(signer_cert, signer_key, certificates, flags) ⇒ self
Signs this ::OpenSSL::OCSP request using signer_cert
and signer_key
. certificates
is an optional Array of certificates that may be included in the request.
#to_der
Returns this request as a DER-encoded string
#verify(certificates, store) ⇒ Boolean
#verify(certificates, store, flags) ⇒ Boolean
Boolean
#verify(certificates, store, flags) ⇒ Boolean
Verifies this request using the given certificates
and ::OpenSSL::X509 store
.