Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrNoCerts = errors.New("no certificates provided") ErrThumbprintMismatch = errors.New("thumbprint mismatch") )
View Source
var ErrInvalidCertHost = errors.New("certificate was not issued for any of the provided hostnames")
Functions ¶
func MatchThumbprint ¶
func MatchThumbprint(certs []*x509.Certificate, thumbprint []byte) error
MatchThumbprint checks if the thumbprint of the first certificate in the chain matches the provided thumbprint.
The thumbprint must be either 20 bytes long (for sha1) or 32 bytes long (for sha256).
func Validate ¶
func Validate(certs []*x509.Certificate, opts *ValidateConfig) error
Validate checks the integrity of a certificate chain.
Types ¶
type ValidateConfig ¶
type ValidateConfig struct { // TrustedHostnames, if present, will ensure the certificates are issued from one of the provided hostnames. TrustedHostnames []string // Usage specifies which Extended CEK Usage values are acceptable. A chain is accepted if it allows any of the // listed values. An empty list means x509.ExtKeyUsageServerAuth. To accept any key usage, include // x509.ExtKeyUsageAny. Usage []x509.ExtKeyUsage // CurrentTime is used to check the validity of all certificates in the chain. If zero, the current time is used. CurrentTime time.Time // Roots is the set of trusted root certificates the leaf certificate needs to chain up to. If nil, the system // roots or the platform verifier are used. Roots *x509.CertPool }
Click to show internal directories.
Click to hide internal directories.