r509-validity-cadb

Build Status Coverage Status

This project is related to r509 and r509-ocsp-responder projects. It provides certificate validity and revocation information to be read from an OpenSSL CA DB file (sometimes 'index' file).

Because the CA DB file contains valid and revoked cert information, this allows the responder to operate in "known good" -- responding either VALID, REVOKED, or UNKNOWN approrpriately for each serial number.

Installation

First, install r509-ocsp-responder gem from r509-ocsp-responder

Next, install via rubygems gem install r509-validity-cadb or if you have cloned this repo install via rake gem:build and rake gem:install.

Usage

Using the config.ru from r509-ocsp-responder as a baseline, remove the redis configuration and replace with this:

require 'r509/validity/cadb'
cadb_path = '/etc/ssl/index'

Dependo::Registry[:validity_checker] = R509::Validity::CADB::Checker.new(cadb_path)

The cadb_path variable is a path to an OpenSSL CA DB file as defined in OpenSSL CA DB format.

Limitations

Only one CA DB file is supported at the moment.

Contributing

  1. Fork
  2. Make branch
  3. Add tests. rake spec to run test suite.
  4. Send PR

Author

Joe Miller, @miller_joe, joemiller(github)