|
|
|
@ -44,6 +44,7 @@ import (
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var idPKIXOCSPBasic = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 5, 5, 7, 48, 1, 1})
|
|
|
|
|
var idPKIXOCSPExtendedRevoke = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 5, 5, 7, 48, 1, 9})
|
|
|
|
|
|
|
|
|
|
// ResponseStatus contains the result of an OCSP request. See https://tools.ietf.org/html/rfc6960#section-2.3
|
|
|
|
|
type ResponseStatus int
|
|
|
|
@ -356,7 +357,7 @@ type Request struct {
|
|
|
|
|
func (req *Request) Marshal() ([]byte, error) {
|
|
|
|
|
hashAlg := getOIDFromHashAlgorithm(req.HashAlgorithm)
|
|
|
|
|
if hashAlg == nil {
|
|
|
|
|
return nil, errors.New("Unknown hash algorithm")
|
|
|
|
|
return nil, errors.New("unknown hash algorithm")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
request, err := asn1.Marshal(ocspRequest{
|
|
|
|
@ -426,6 +427,11 @@ type Response struct {
|
|
|
|
|
// ExtraExtensions field is not populated when parsing certificates, see
|
|
|
|
|
// Extensions.
|
|
|
|
|
ExtraExtensions []pkix.Extension
|
|
|
|
|
|
|
|
|
|
// SupportExtendedRevoke is used to notify the requester that extended revoke
|
|
|
|
|
// is supported as specified in
|
|
|
|
|
// https://www.rfc-editor.org/rfc/rfc6960.html#section-4.4.8
|
|
|
|
|
SupportExtendedRevoke bool
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// These are pre-serialized error responses for the various non-success codes
|
|
|
|
@ -752,7 +758,6 @@ func CreateResponse(
|
|
|
|
|
issuer, responderCert *x509.Certificate,
|
|
|
|
|
template Response,
|
|
|
|
|
priv crypto.Signer,
|
|
|
|
|
extensions []pkix.Extension,
|
|
|
|
|
) ([]byte, error) {
|
|
|
|
|
var publicKeyInfo struct {
|
|
|
|
|
Algorithm pkix.AlgorithmIdentifier
|
|
|
|
@ -819,6 +824,16 @@ func CreateResponse(
|
|
|
|
|
IsCompound: true,
|
|
|
|
|
Bytes: responderCert.RawSubject,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var extensions []pkix.Extension
|
|
|
|
|
|
|
|
|
|
if template.SupportExtendedRevoke {
|
|
|
|
|
extensions = append(
|
|
|
|
|
extensions,
|
|
|
|
|
pkix.Extension{Id: idPKIXOCSPExtendedRevoke, Value: asn1.NullBytes},
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tbsResponseData := responseData{
|
|
|
|
|
Version: 0,
|
|
|
|
|
RawResponderID: rawResponderID,
|
|
|
|
|