MCPcopy Index your code
hub / github.com/smallstep/cli / VerifyOCSPEndpoint

Function VerifyOCSPEndpoint

command/certificate/verify.go:380–414  ·  view source on GitHub ↗
(endpoint string, cert, issuer *x509.Certificate, httpClient *http.Client)

Source from the content-addressed store, hash-verified

378}
379
380func VerifyOCSPEndpoint(endpoint string, cert, issuer *x509.Certificate, httpClient *http.Client) (bool, error) {
381 req, err := ocsp.CreateRequest(cert, issuer, nil)
382 if err != nil {
383 return false, errors.Errorf("error creating OCSP request")
384 }
385
386 httpReq, err := http.NewRequest(http.MethodPost, endpoint, bytes.NewReader(req))
387 if err != nil {
388 return false, errors.Errorf("error contacting OCSP server: %s", endpoint)
389 }
390 httpReq.Header.Add("Content-Type", "application/ocsp-request")
391 httpResp, err := httpClient.Do(httpReq) // #nosec G704 -- request relies on values from certificate or intentionally provided by user
392 if err != nil {
393 return false, errors.Errorf("error contacting OCSP server: %s", endpoint)
394 }
395 defer httpResp.Body.Close()
396 respBytes, err := io.ReadAll(httpResp.Body)
397 if err != nil {
398 return false, errors.Errorf("error reading response from OCSP server: %s", endpoint)
399 }
400
401 resp, err := ocsp.ParseResponse(respBytes, issuer)
402 if err != nil {
403 return false, errors.Errorf("error parsing response from OCSP server: %s", endpoint)
404 }
405
406 switch resp.Status {
407 case ocsp.Revoked:
408 return true, errors.Errorf("certificate has been revoked according to OCSP %s", endpoint)
409 case ocsp.Good:
410 return true, nil
411 default:
412 return true, errors.Errorf("certificate status is unknown according to OCSP %s", endpoint)
413 }
414}
415
416func VerifyCRLEndpoint(endpoint string, cert, issuer *x509.Certificate, httpClient *http.Client, insecure bool) (bool, error) {
417 resp, err := httpClient.Get(endpoint)

Callers 1

verifyActionFunction · 0.85

Calls 1

CloseMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…