afffbb899d
Adds a new -expect-reason flag to the checkocsp binary to allow for verifying the revocation reason of the certificate(s) in question. This flag has a default value of -1, meaning that no particular revocation reason will be expected or enforced. Also updates the -expect-status flag to have the same default (-1) and behavior, so that when the tool is run interactively it can simply print the revocation status of each certificate. Finally, refactors the way the ocsp/helper library declares flags and accesses their values. This unifies the interface and makes it easy to extend to allow tests to modify parameters other than expectStatus when desired. Fixes #4885 |
||
|---|---|---|
| .. | ||
| checkocsp | ||
| helper | ||
| ocsp_forever | ||
| README.md | ||
README.md
This directory contains two utilities for checking ocsp.
"checkocsp" is a command-line tool to check the OCSP response for a certificate or a list of certificates.
"ocsp_forever" is a similar tool that runs as a daemon and continually checks OCSP for a list of certificates, and exports Prometheus stats.
Both of these are useful for monitoring a Boulder instance. "checkocsp" is also useful for debugging.