123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::OCSP::SingleResponse

Relationships & Source Files
Inherits: Object
Defined in: ext/openssl/ossl_ocsp.c

Overview

An SingleResponse represents an ::OpenSSL::OCSP SingleResponse structure, which contains the basic information of the status of the certificate.

Class Method Summary

Instance Method Summary

Constructor Details

.new(der_string) ⇒ SingleResponse

Creates a new SingleResponse from der_string.

Instance Method Details

#cert_statusInteger

Returns the status of the certificate identified by the certid. The return value may be one of these constant:

When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by #revocation_time.

#certidCertificateId

Returns the CertificateId for which this SingleResponse is.

#check_validity(nsec = 0, maxsec = -1) ⇒ Boolean

Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse. This checks the current time is within the range thisUpdate to nextUpdate.

It is possible that the ::OpenSSL::OCSP request takes a few seconds or the time is not accurate. To avoid rejecting a valid response, this method allows the times to be within nsec of the current time.

Some responders don't set the nextUpdate field. This may cause a very old response to be considered valid. The maxsec parameter can be used to limit the age of responses.

#extensionsArray of X509::Extension

#next_updateTime | nil

#revocation_reasonInteger | nil

#revocation_timeTime | nil

#this_updateTime

#to_derString

Encodes this SingleResponse into a DER-encoded string.