crl

package

v1.2.0 Latest Latest Go to latest Published: Jan 14, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/notaryproject/notation-core-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crl provides methods for checking the revocation status of a certificate using CRL

Index ¶

func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, ...) *result.CertRevocationResult
func Supported(cert *x509.Certificate) bool
type CertCheckStatusOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CertCheckStatus ¶

func CertCheckStatus(ctx context.Context, cert, issuer *x509.Certificate, opts CertCheckStatusOptions) *result.CertRevocationResult

CertCheckStatus checks the revocation status of a certificate using CRL

The function checks the revocation status of the certificate by downloading the CRL from the CRL distribution points specified in the certificate.

If the invalidity date extension is present in the CRL entry and SigningTime is not zero, the certificate is considered revoked if the SigningTime is after the invalidity date. (See RFC 5280, Section 5.3.2)

func Supported ¶

func Supported(cert *x509.Certificate) bool

Supported checks if the certificate supports CRL.

Types ¶

type CertCheckStatusOptions ¶

type CertCheckStatusOptions struct {
	// Fetcher is used to fetch the CRL from the CRL distribution points.
	Fetcher crl.Fetcher

	// SigningTime is used to compare with the invalidity date during revocation
	// check.
	SigningTime time.Time
}

CertCheckStatusOptions specifies values that are needed to check CRL.

Source Files ¶

View all Source files

crl.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL