123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::OCSP::Request

Relationships & Source Files
Inherits: Object
Defined in: ext/openssl/ossl_ocsp.c

Overview

An Request contains the certificate information for determining if a certificate has been revoked or not. A Request can be created for a certificate or from a DER-encoded request created elsewhere.

Class Method Summary

Instance Method Summary

Constructor Details

.newRequest .new(request_der) ⇒ Request

Creates a new Request. The request may be created empty or from a request_der string.

Instance Method Details

#add_certid(certificate_id) ⇒ Request

Adds certificate_id to the request.

#add_nonce(nonce = nil) ⇒ Request

Adds a nonce to the ::OpenSSL::OCSP request. If no nonce is given a random one will be generated.

The nonce is used to prevent replay attacks but some servers do not support it.

#certidArray, ...

Returns all certificate IDs in this request.

#check_nonce(response) ⇒ result

Checks the nonce validity for this request and response.

The return value is one of the following:

-1

nonce in request only.

0

nonces both present and not equal.

1

nonces present and equal.

2

nonces both absent.

3

nonce present in response only.

For most responses, clients can check result > 0. If a responder doesn't handle nonces result.nonzero? may be necessary. A result of 0 is always an error.

#sign(signer_cert, signer_key) ⇒ self #sign(signer_cert, signer_key, certificates) ⇒ self #sign(signer_cert, signer_key, certificates, flags) ⇒ self

Signs this ::OpenSSL::OCSP request using signer_cert and signer_key. certificates is an optional Array of certificates that may be included in the request.

#to_der

Returns this request as a DER-encoded string

#verify(certificates, store) ⇒ Boolean #verify(certificates, store, flags) ⇒ Boolean

Verifies this request using the given certificates and ::OpenSSL::X509 store.