Class: R509::Cert::Extensions::OCSPNoCheck

Inherits:

OpenSSL::X509::Extension

• Object
• OpenSSL::X509::Extension
• R509::Cert::Extensions::OCSPNoCheck

Defined in:

lib/r509/cert/extensions/ocsp_no_check.rb

Overview

RFC 2560 Description (see: www.ietf.org/rfc/rfc2560.txt)

A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL. CAs issuing such a certificate should realized that a compromise of the responder's key, is as serious as the compromise of a CA key used to sign CRLs, at least for the validity period of this certificate. CA's may choose to issue this type of certificate with a very short lifetime and renew it frequently.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for OCSP No Check

"noCheck"

Instance Method Summary

• #initialize(arg) ⇒ OCSPNoCheck constructor

  This method takes a hash or an existing Extension object to parse.

• #to_h ⇒ Hash
• #to_yaml ⇒ YAML

Constructor Details

#initialize(arg) ⇒ OCSPNoCheck

This method takes a hash or an existing Extension object to parse

Parameters:

• arg (Hash) —

  a customizable set of options

Options Hash (arg):

• :ocsp_no_check (Any) —

  Pass any value. It's irrelevant.

• :critical (Boolean) — default: false

# File 'lib/r509/cert/extensions/ocsp_no_check.rb', line 29

def initialize(arg)
  unless R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end
  super(arg)
end

Instance Method Details

#to_h ⇒ Hash

Returns:

• (Hash)

# File 'lib/r509/cert/extensions/ocsp_no_check.rb', line 37

def to_h
  { :critical => self.critical?  }
end

#to_yaml ⇒ YAML

Returns:

• (YAML)

# File 'lib/r509/cert/extensions/ocsp_no_check.rb', line 42

def to_yaml
  self.to_h.to_yaml
end