Class: R509::Cert::Extensions::OCSPNoCheck

Inherits:
OpenSSL::X509::Extension
  • Object
show all
Defined in:
lib/r509/cert/extensions/ocsp_no_check.rb

Overview

RFC 2560 Description (see: www.ietf.org/rfc/rfc2560.txt)

A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL. CAs issuing such a certificate should realized that a compromise of the responder's key, is as serious as the compromise of a CA key used to sign CRLs, at least for the validity period of this certificate. CA's may choose to issue this type of certificate with a very short lifetime and renew it frequently.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for OCSP No Check

"noCheck"

Instance Method Summary (collapse)

Constructor Details

- (OCSPNoCheck) initialize(arg)

This method takes a hash or an existing Extension object to parse

Parameters:

  • arg (Hash)

    a customizable set of options

Options Hash (arg):

  • :ocsp_no_check (Any)

    Pass any value. It's irrelevant.

  • :critical (Boolean) — default: false 


30
31
32
33
34
35
 
# File 'lib/r509/cert/extensions/ocsp_no_check.rb', line 30

def initialize(arg)
  if not R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end
  super(arg)
end

Instance Method Details

- (Hash) to_h

Returns:

  • (Hash) 


38
39
40
 
# File 'lib/r509/cert/extensions/ocsp_no_check.rb', line 38

def to_h
  { :critical => self.critical?  }
end

- (YAML) to_yaml

Returns:

  • (YAML) 


43
44
45
 
# File 'lib/r509/cert/extensions/ocsp_no_check.rb', line 43

def to_yaml
  self.to_h.to_yaml
end