Skip to content

OCSP

Jump to bottom Edit New page
etcimon edited this page Dec 4, 2014 · 4 revisions

A client makes an OCSP request to what is termed an 'OCSP responder'. This responder returns a signed response attesting that the certificate in question has not been revoked. One common way of making OCSP requests is via HTTP, see RFC 2560 Appendix A for details.

class OCSPRequest:

this(in X509Certificate issuer_cert, in X509Certificate subject_cert);

Create a new OCSP request

Vector!ubyte BER_encode() const

Encode the current OCSP request as a binary string.

string base64Encode() const;

Encode the current OCSP request as a base64 string.

class OCSPResponse:

this(in CertificateStore trusted_roots, in Vector!ubyte response);

Deserializes response sent by a responder, and checks that it was signed by a certificate associated with one of the CAs stored in trusted_roots.

bool affirmative_response_for(in X509Certificate issuer, 
                              in X509Certificate subject) const

Returns true if and only if this OCSP response is not an error, is signed correctly, and the response indicates that subject is not currently revoked.

Add a custom footer
Add a custom sidebar
Clone this wiki locally