Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
x/crypto: add Raw field to ocsp.Response type #38340
Hello! What do you need Marshal for, as opposed to CreateResponse? If you were to change anything in the Response the Signature would become invalid, and so would the output of Marshal.
Request.Marshal makes more sense because requests are not signed and because CreateRequest is more of a high-level helper, while CreateResponse takes a Response as a template.
@FiloSottile In my case, Marshal is still useful because there is currently no other easy way to convert an ocsp.Reponse to its DER form. For my use case I'm not generating the responses, nor modifying them, but fetching them from upstream responders. And after a point, I will need to renew the response. So I can either store it in DER form and parse it every time I want to inspect the NextUpdate etc, store two representations of it (Response and byte), or have a Marshal method. Your point about modifications invalidating the signature is of course correct, however the Marshal() method uses the TBSResponseData for most of it anyway. To that point, improving the comments above the method would probably be a good idea.