certbot.ocsp package

Tools for checking certificate revocation.

class certbot.ocsp.RevocationChecker(enforce_openssl_binary_usage: bool = False)

Bases: object

This class figures out OCSP checking on this system, and performs it.

ocsp_revoked(cert: RenewableCert) → bool

Get revoked status for a particular cert version.

Parameters:

cert (interfaces.RenewableCert) – Certificate object

Returns:

True if revoked; False if valid or the check failed or cert is expired.

Return type:

bool

ocsp_revoked_by_paths(cert_path: str, chain_path: str, timeout: int = 10) → bool

Performs the OCSP revocation check

Parameters:

• cert_path (str) – Certificate filepath

• chain_path (str) – Certificate chain

• timeout (int) – Timeout (in seconds) for the OCSP query

Returns:

True if revoked; False if valid or the check failed or cert is expired.

Return type:

bool