proposal: x/crypto/ocsp: Export certID
and the code that populates it
#59284
Labels
Milestone
certID
and the code that populates it
#59284
I am implementing ACME Renewal Information (ARI) for TLS servers to be able to automatically renew their certificates within a CA-designated timeframe.
It turns out that ARI is actually an OCSP request, but with slightly different ceremony: the GET request URI is literally suffixed with an encoded RFC 6960 OCSP request
CertID
structure.Unfortunately,
ocsp.CreateRequest()
returns an opaque byte slice. The data we need is that exact same data but without the following (essentially empty) wrapping:I'd like to propose that we export the bulk of this function:
https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.7.0:ocsp/ocsp.go;l=628-666
and update this comment:
since now, in 2023, there is one other place that the raw hash identifier is used: ARI. 😅
The exported function should return an exported
CertID
struct. From there, marshaling as ASN.1 is easy (withasn1.Marshal()
).Of course,
CreateRequest()
would reuse the same code, now exported for the benefit of ARI clients. 😊Hope this makes sense. Thanks for considering!
The text was updated successfully, but these errors were encountered: