Module ocsp

native_ossl

Module ocsp 

Source
Expand description

OCSP — Online Certificate Status Protocol (RFC 2560 / RFC 6960).

Provides the full client-side OCSP stack:

§Typical flow

// Build a request for a specific certificate.
let id = OcspCertId::from_cert(None, &end_entity_cert, &issuer_cert)?;
let mut req = OcspRequest::new()?;
req.add_cert_id(id)?;
let req_der = req.to_der()?;

// ... send req_der over HTTP, receive resp_der ...

let resp = OcspResponse::from_der(&resp_der)?;
assert_eq!(resp.status(), OcspResponseStatus::Successful);

let basic = resp.basic()?;
basic.verify(&trust_store, 0)?;

let id2 = OcspCertId::from_cert(None, &end_entity_cert, &issuer_cert)?;
match basic.find_status(&id2)? {
    Some(s) if s.cert_status == OcspCertStatus::Good => println!("certificate is good"),
    Some(s) => println!("certificate status: {:?}", s.cert_status),
    None => println!("certificate not found in response"),
}

HTTP transport is out of scope — the caller is responsible for fetching the OCSP response from the responder URL and passing the raw DER bytes.

Structs§

BorrowedOcspSingleResp
A borrowed OCSP_SINGLERESP* whose lifetime is tied to its parent OcspBasicResp.
OcspBasicResp
The signed inner OCSP response (OCSP_BASICRESP*).
OcspCertId
Certificate identifier for OCSP (OCSP_CERTID*).
OcspRequest
An OCSP request (OCSP_REQUEST*).
OcspResponse
An OCSP response (OCSP_RESPONSE*).
OcspSingleResp
An individual SingleResponse entry inside an OCSP_BASICRESP (OCSP_SINGLERESP*).
OcspSingleStatus
Status of a single certificate, returned by OcspBasicResp::find_status.
SingleRespStatus
Status of a single certificate entry, returned by BorrowedOcspSingleResp::status.

Enums§

OcspCertStatus
Per-certificate revocation status from an OCSP_SINGLERESP.
OcspResponseStatus
OCSP response status (RFC 6960 §4.2.1).
OcspRevokeReason
CRL revocation reason codes (RFC 5280 §5.3.1).