certbot.ocsp package¶
Tools for checking certificate revocation.
- class certbot.ocsp.RevocationChecker(enforce_openssl_binary_usage: bool = False)[source]¶
Bases:
objectThis class figures out OCSP checking on this system, and performs it.
- ocsp_revoked(cert: RenewableCert) bool[source]¶
Get revoked status for a particular cert version.
- Parameters:
cert (interfaces.RenewableCert) – Certificate object
- Returns:
True if revoked; False if valid or the check failed or cert is expired.
- Return type:
bool
- ocsp_revoked_by_paths(cert_path: str, chain_path: str, timeout: int = 10) bool[source]¶
Performs the OCSP revocation check
- Parameters:
cert_path (str) – Certificate filepath
chain_path (str) – Certificate chain
timeout (int) – Timeout (in seconds) for the OCSP query
- Returns:
True if revoked; False if valid or the check failed or cert is expired.
- Return type:
bool