Module revocation 

Available on crate feature boring only.

Pluggable revocation for re-signed MITM leaves.

Stamps revocation pointers (CRL distribution point / AIA OCSP) onto the re-signed leaf, mirroring whichever source the upstream advertised, and serves the matching CA-signed artifact — so revocation-strict clients (notably libcurl + schannel, which resolves revocation from the cert’s own pointers and ignores stapled OCSP) accept the leaf. Opt-in: an issuer with no responder configured strips as before and stamps nothing.

Structs

CaId

A stable, URL-safe identifier for a MitmCa.

MitmCa

The MITM signing identity shared between the cert issuer and the revocation responder. Sharing one instance keeps the leaf’s issuer and the CRL/OCSP signer in agreement — the client derives its CertID and CRL issuer match from this CA. An immutable handle meant to be wrapped in Arc and shared, not cloned per use.

MitmRevocationCtx

Context passed to BoringMitmRevocation::leaf_extensions.

ProxyHostedRevocation

Default BoringMitmRevocation: serves a CA-signed CRL and/or OCSP for one CA over plain HTTP, stamping whichever pointer the upstream advertised.

RevocationArtifact

A revocation artifact (DER) to return over HTTP.

RevokedCert

A revoked certificate, as reported by a RevocationLedger.

Enums

RevocationContentType

MIME type of a RevocationArtifact.

RevocationFetch

A revocation fetch routed in from the HTTP edge.

Traits

BoringMitmRevocation

Revocation behaviour for a MITM issuer: which pointers to stamp on the re-signed leaf, and how to serve the artifacts they reference.

RevocationLedger

Source of revoked serials for a CA. The default responder uses no ledger (nothing revoked); implement this to actually revoke issued leaves.

Functions

aia_ocsp_extension

Build a non-critical Authority Information Access extension with a single id-ad-ocsp responder URI pointing at url.

crl_distribution_point_extension

Build a non-critical CRL Distribution Points extension with a single fullName URI pointing at url.