Class: OpenSSL::OCSP::Request
| Relationships & Source Files | |
| Inherits: | Object |
| Defined in: | ext/openssl/ossl_ocsp.c |
Overview
An Request contains the certificate information for determining if a certificate has been revoked or not. A Request can be created for a certificate or from a DER-encoded request created elsewhere.
Class Method Summary
-
.new ⇒ Request
constructor
Creates a new
Request.
Instance Method Summary
-
#add_certid(certificate_id) ⇒ Request
Adds
certificate_idto the request. -
#add_nonce(nonce = nil) ⇒ Request
Adds a
nonceto the ::OpenSSL::OCSP request. -
#certid ⇒ Array, ...
Returns all certificate IDs in this request.
-
#check_nonce(response) ⇒ result
Checks the nonce validity for this request and
response. -
#sign(cert, key, certs = nil, flags = 0, digest = nil) ⇒ self
Signs this ::OpenSSL::OCSP request using
cert,keyand optionaldigest. -
#to_der
Returns this request as a DER-encoded string.
-
#verify(certificates, store, flags = 0) ⇒ Boolean
Verifies this request using the given
certificatesandstore.
Constructor Details
.new ⇒ Request
.new(request_der) ⇒ Request
Request
.new(request_der) ⇒ Request
Creates a new Request. The request may be created empty or from a request_der string.
Instance Method Details
#add_certid(certificate_id) ⇒ Request
Adds certificate_id to the request.
#add_nonce(nonce = nil) ⇒ Request
Adds a nonce to the ::OpenSSL::OCSP request. If no nonce is given a random one will be generated.
The nonce is used to prevent replay attacks but some servers do not support it.
#certid ⇒ Array, ...
Returns all certificate IDs in this request.
#check_nonce(response) ⇒ result
Checks the nonce validity for this request and response.
The return value is one of the following:
- -1
-
nonce in request only.
- 0
-
nonces both present and not equal.
- 1
-
nonces present and equal.
- 2
-
nonces both absent.
- 3
-
nonce present in response only.
For most responses, clients can check result > 0. If a responder doesn't handle nonces result.nonzero? may be necessary. A result of 0 is always an error.
#sign(cert, key, certs = nil, flags = 0, digest = nil) ⇒ self
Signs this ::OpenSSL::OCSP request using cert, key and optional digest. If digest is not specified, SHA-1 is used. certs is an optional Array of additional certificates which are included in the request in addition to the signer certificate. Note that if certs is nil or not given, flag NOCERTS is enabled. Pass an empty array to include only the signer certificate.
flags can be a bitwise OR of the following constants:
- OpenSSL::OCSP::NOCERTS
-
Don't include any certificates in the request.
certswill be ignored.
#to_der
Returns this request as a DER-encoded string
#verify(certificates, store, flags = 0) ⇒ Boolean
Verifies this request using the given certificates and store. certificates is an array of ::OpenSSL::X509::Certificate, store is an ::OpenSSL::X509::Store.