@return [Array] array of all the requirements that led to the need for
this unwind
Returns the ALPN protocol string that was finally selected by the server during the handshake.
Returns a status string for the response.
Adds a certificate status for certificate_id. status is the status, and must be one of these:
OpenSSL::OCSP::V_CERTSTATUS_GOOD
OpenSSL::OCSP::V_CERTSTATUS_REVOKED
OpenSSL::OCSP::V_CERTSTATUS_UNKNOWN
reason and revocation_time can be given only when status is OpenSSL::OCSP::V_CERTSTATUS_REVOKED. reason describes the reason for the revocation, and must be one of OpenSSL::OCSP::REVOKED_STATUS_* constants. revocation_time is the time when the certificate is revoked.
this_update and next_update indicate the time at which the status is verified to be correct and the time at or before which newer information will be available, respectively. next_update is optional.
extensions is an Array
of OpenSSL::X509::Extension
to be included in the SingleResponse
. This is also optional.
Note that the times, revocation_time, this_update and next_update can be specified in either of Integer
or Time
object. If they are Integer
, it is treated as the relative seconds from the current time.
Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse
. This checks the current time is within the range thisUpdate to nextUpdate.
It is possible that the OCSP
request takes a few seconds or the time is not accurate. To avoid rejecting a valid response, this method allows the times to be within nsec seconds of the current time.
Some responders don’t set the nextUpdate field. This may cause a very old response to be considered valid. The maxsec parameter can be used to limit the age of responses.