Struct OcspStatus 

pub struct OcspStatus<'a> {
    pub status: OcspCertStatus,
    pub reason: OcspRevokedStatus,
    pub revocation_time: Option<&'a Asn1GeneralizedTimeRef>,
    pub this_update: &'a Asn1GeneralizedTimeRef,
    pub next_update: &'a Asn1GeneralizedTimeRef,
    /* private fields */
}

Fields

status: OcspCertStatus

The overall status of the response.

reason: OcspRevokedStatus

If status is CERT_STATUS_REVOKED, the reason for the revocation.

revocation_time: Option<&'a Asn1GeneralizedTimeRef>

If status is CERT_STATUS_REVOKED, the time at which the certificate was revoked.

this_update: &'a Asn1GeneralizedTimeRef

The time that this revocation check was performed.

next_update: &'a Asn1GeneralizedTimeRef

👎Deprecated since 0.10.75: Use the next_update() method instead

The time at which this revocation check expires.

Deprecated

Contains a sentinel maximum time (99991231235959Z) when the field is not present in the response. Use next_update() instead.

Implementations

impl OcspStatus<'_>

pub fn next_update(&self) -> Option<&Asn1GeneralizedTimeRef>

Returns the time at which this revocation check expires.

Returns None if the OCSP response does not include a next_update field.

pub fn check_validity( &self, nsec: u32, maxsec: Option<u32>, ) -> Result<(), ErrorStack>

Checks validity of the this_update and next_update fields.

The nsec parameter specifies an amount of slack time that will be used when comparing those times with the current time to account for delays and clock skew.

The maxsec parameter limits the maximum age of the this_update parameter to prohibit very old responses.

This corresponds to OCSP_check_validity.