You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ocsp.CreateRequest function returns an OCSP request as a []byte. It would be helpful to instead have it return ocsp.Request, which can then be marshalled into []byte if needed.
My specific use case is implementing a cache for OCSP responses. Per https://community.digicert.com/en/blogs.entry.html/2015/02/26/what-is-ocsp.html, the cache key should be the CertID sequence for the OCSP request (issueNameHash + issueKeyHash + serialNumber). All of these fields are calculated in ocsp.CreateRequest but because that function returns a []byte, accessing them after it's been called would require an additional call to ocsp.ParseRequest, which seems wasteful.
I'm not sure what the stability guarantee is for the x/crypto/ocsp library, but if changing the return type for the existing function isn't feasible, perhaps a new function could be added or the existing function could be deprecated and split into two functions.
The text was updated successfully, but these errors were encountered:
This API is used enough that we cannot change it at this point. Also given that the vast majority of use cases involve simply sending the generated bytes without any further inspection I don't think it makes sense to alter the API, or introduce a new one, for this particular use case.
ocsp.Request already has a Marshal method, if you feel that adding another invocation of ocsp.ParseRequest is too expensive I'd suggest just forking ocsp.CreateRequest in such a way that you can access the values you need before the marshal step.
The
ocsp.CreateRequest
function returns an OCSP request as a[]byte
. It would be helpful to instead have it returnocsp.Request
, which can then be marshalled into[]byte
if needed.My specific use case is implementing a cache for OCSP responses. Per https://community.digicert.com/en/blogs.entry.html/2015/02/26/what-is-ocsp.html, the cache key should be the
CertID
sequence for the OCSP request (issueNameHash + issueKeyHash + serialNumber). All of these fields are calculated inocsp.CreateRequest
but because that function returns a[]byte
, accessing them after it's been called would require an additional call toocsp.ParseRequest
, which seems wasteful.I'm not sure what the stability guarantee is for the x/crypto/ocsp library, but if changing the return type for the existing function isn't feasible, perhaps a new function could be added or the existing function could be deprecated and split into two functions.
The text was updated successfully, but these errors were encountered: