CertOCSPEligible checks if the certificate's issuer has populated AIA with OCSP responder endpoint(s) and is thus eligible for OCSP validation.

GenerateFingerprint returns a base64-encoded SHA256 hash of the raw certificate.

GetIssuerDNForm returns RDN sequence concatenation of the certificate's issuer to be used in logs, events, etc.

GetLeafIssuerCert returns the issuer certificate of the leaf (positional) certificate in the chain.

GetSubjectDNForm returns RDN sequence concatenation of the certificate's subject to be used in logs, events, etc.

OCSPResponseCurrent checks if the OCSP response is current (i.e.

ValidDelegationCheck checks if the CA OCSP Response was signed by a valid CA Issuer delegate as per (RFC 6960, section 4.2.2.2) If a valid delegate or direct-signed by CA Issuer, true returned.

Debug information.

Expected runtime errors (direct logged).

Returned errors.

Direct logged errors.

Policy override warnings (direct logged).

Info (direct logged).

OCSP cert invalid reasons (debug and event reasons).

Returned to peer as TLS reject reason.

Log is a neutral method of passing server loggers to plugins.

OCSPPeerConfig holds the parsed OCSP peer configuration section of TLS configuration.