certbot.ocsp

Tools for checking certificate revocation.

class certbot.ocsp.RevocationChecker[source]

Bases: object

This class figures out OCSP checking on this system, and performs it.

ocsp_revoked(cert_path, chain_path)[source]

Get revoked status for a particular cert version.

Todo

Make this a non-blocking call

Parameters:
  • cert_path (str) – Path to certificate
  • chain_path (str) – Path to intermediate cert
Rtype bool or None:
 
Returns:

True if revoked; False if valid or the check failed

determine_ocsp_server(cert_path)[source]

Extract the OCSP server host from a certificate.

Parameters:cert_path (str) – Path to the cert we’re checking OCSP for
Rtype tuple:
Returns:(OCSP server URL or None, OCSP server host or None)
certbot.ocsp._translate_ocsp_query(cert_path, ocsp_output, ocsp_errors)[source]

Parse openssl’s weird output to work out what it means.