Sets the server hostname used for SNI. This needs to be set before SSLSocket#connect.
See TCPServer#listen for details.
Returns a String representation of the Distinguished Name. format is one of:
If format is omitted, the largely broken and traditional OpenSSL format (X509_NAME_oneline() format) is chosen.
Use of this method is discouraged. None of the formats other than OpenSSL::X509::Name::RFC2253 is standardized and may show an inconsistent behavior through OpenSSL versions.
It is recommended to use to_utf8 instead, which is equivalent to calling name.to_s(OpenSSL::X509::Name::RFC2253).force_encoding("UTF-8").
Returns the error code of stctx. This is typically called after verify is done, or from the verification callback set to OpenSSL::X509::Store#verify_callback=.
See also the man page X509_STORE_CTX_get_error(3).
Sets the error code of stctx. This is used by the verification callback set to OpenSSL::X509::Store#verify_callback=.
See also the man page X509_STORE_CTX_set_error(3).
Sets the trust settings of the context. This overrides the default value set by Store#trust=.
See also the man page X509_VERIFY_PARAM_set_trust(3).
Returns the PEM encoding of this SPKI.
Creates an OpenSSL::OCSP::Response from status and basic_response.
Returns the status of the response.
Returns an Array of statuses for this response. Each status contains a CertificateId, the status (0 for good, 1 for revoked, 2 for unknown), the reason for the status, the revocation time, the time of this update, the time for the next update and a list of OpenSSL::X509::Extension.
This should be superseded by BasicResponse#responses and find_response that return SingleResponse.
Returns an Array of SingleResponse for this BasicResponse.
Used primarily to check if an OpenSSL::X509::Certificate#public_key compares to its private key.
x509 = OpenSSL::X509::Certificate.new(pem_encoded_certificate) rsa_key = OpenSSL::PKey::RSA.new(pem_encoded_private_key) rsa_key.compare?(x509.public_key) => true | false
Returns one of GRANTED, GRANTED_WITH_MODS, REJECTION, WAITING, REVOCATION_WARNING or REVOCATION_NOTIFICATION. A timestamp token has been created only in case status is equal to GRANTED or GRANTED_WITH_MODS.
If a timestamp token is present, this returns it in the form of a OpenSSL::PKCS7.
Returns the ‘short name’ of the object identifier representing the algorithm that was used to derive the message imprint digest. For valid timestamps, this is the same value that was already given in the Request. If status is GRANTED or GRANTED_WITH_MODS, this is never nil.
algo = token_info.algorithm puts algo -> "SHA1"
If the ordering field is missing, or if the ordering field is present and set to false, then the genTime field only indicates the time at which the time-stamp token has been created by the TSA. In such a case, the ordering of time-stamp tokens issued by the same TSA or different TSAs is only possible when the difference between the genTime of the first time-stamp token and the genTime of the second time-stamp token is greater than the sum of the accuracies of the genTime for each time-stamp token.
If the ordering field is present and set to true, every time-stamp token from the same TSA can always be ordered based on the genTime field, regardless of the genTime accuracy.