func assertMayBeRevoked()

in capi/lib/service/interpretation.go [288:318]

• 31 lines of code
• 8 McCabe index (conditional complexity)

func assertMayBeRevoked(cert model.CertificateResult, t CertType) (opinion model.Opinion) {
	for _, response := range cert.OCSP {
		if response.Status == ocsp.Revoked {
			continue
		}
		if response.Error != "" {
			interpretation := ""
			switch response.Status {
			case ocsp.CryptoVerifcationError:
				interpretation = fmt.Sprintf("OCSP responder %s could not verify the provided chain at the %s. This is usually accompanied by a verification error thrown by certutil.", response.Responder, t)
			case ocsp.BadResponse:
				interpretation = fmt.Sprintf("OCSP responder %s gave a bad response for the %s.", response.Responder, t)
			}
			opinion.Errors = append(opinion.Errors, model.Concern{
				Raw:            response.Error,
				Interpretation: interpretation,
				Advise:         cert.CrtSh,
			})
		}
	}
	for _, crlStatus := range cert.CRL {
		if crlStatus.Error != "" {
			opinion.Errors = append(opinion.Errors, model.Concern{
				Raw:            crlStatus.Error,
				Interpretation: "An error occurred while retrieving the CRL. This is usually a networking error",
				Advise:         fmt.Sprintf("If this is a networking error, attempt to verify that CRL endpoint at %s is active and available", crlStatus.Endpoint),
			})
		}
	}
	return
}