ctl

package

v0.1.0 Latest Latest Go to latest Published: Feb 10, 2022 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/canstand/ctlcheck

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
type CTL
- func NewCTL() *CTL
- func (ctl *CTL) Verify(certs []*Cert, allowedCerts Items) *VerifyResult
type Cert
type CertStore
- func LoadSystemRoots() (*CertStore, error)
- func NewCertStore() *CertStore
- func (s *CertStore) AddCert(cert *x509.Certificate)
- func (s *CertStore) AppendCertsFromPEM(pemCerts []byte) (ok bool)
type Items
type MozillaCTL
- func NewMozillaCTL() *MozillaCTL
- func (ctl *MozillaCTL) FetchMozilla() error
type VerifyResult

Constants ¶

View Source

const (
	MICROSOFT   = "microsoft"
	MOZILLA_NSS = "mozilla_nss"
	OPENJDK     = "openjdk"
)

View Source

const (
	MozillaIncludedCACertificateReportCSV = "https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportCSVFormat"
	MozillaRemovedCACertificateReportCSV  = "https://ccadb-public.secure.force.com/mozilla/RemovedCACertificateReportCSVFormat"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CTL ¶

type CTL struct {
	UpdatedAt *time.Time `yaml:"updated_at,omitempty"`
	Trusted   Items      `yaml:"trusted"`
	Removed   Items      `yaml:"removed,omitempty"`
}

func NewCTL ¶

func NewCTL() *CTL

func (*CTL) Verify ¶

func (ctl *CTL) Verify(certs []*Cert, allowedCerts Items) *VerifyResult

Verify that the specified certificate is included in the CTL or has been removed

type Cert ¶

type Cert struct {
	*x509.Certificate
	Checksum string
}

Cert adds Checksum field to x509.Cerificate to store SHA256

type CertStore ¶

type CertStore struct {
	Certs []*Cert
	// contains filtered or unexported fields
}

CertStore is a set of certificates.

func LoadSystemRoots ¶

func LoadSystemRoots() (*CertStore, error)

func NewCertStore ¶

func NewCertStore() *CertStore

NewCertStore returns a new, empty CertStore.

func (*CertStore) AddCert ¶

func (s *CertStore) AddCert(cert *x509.Certificate)

AddCert adds a certificate to CertStore.

func (*CertStore) AppendCertsFromPEM ¶

func (s *CertStore) AppendCertsFromPEM(pemCerts []byte) (ok bool)

AppendCertsFromPEM attempts to parse a series of PEM encoded certificates. It appends any certificates found to s and reports whether any certificates were successfully parsed.

On many Linux systems, /etc/ssl/cert.pem will contain the system wide set of root CAs in a format suitable for this function.

type Items ¶

type Items map[string]string

Items maps from sum256(cert.Raw) to subject name.

type MozillaCTL ¶

type MozillaCTL struct {
	*CTL             `yaml:",inline"`
	URLIncluded      string `yaml:"url_included,omitempty"`
	ChecksumIncluded string `yaml:"checksum_included,omitempty"`
	URLRemoved       string `yaml:"url_removed,omitempty"`
	ChecksumRemoved  string `yaml:"checksum_removed,omitempty"`
}

func NewMozillaCTL ¶

func NewMozillaCTL() *MozillaCTL

func (*MozillaCTL) FetchMozilla ¶

func (ctl *MozillaCTL) FetchMozilla() error

Fetch Mozilla's CA certificate report from https://www.ccadb.org

type VerifyResult ¶

type VerifyResult struct {
	Total        int
	TrustedCerts []*Cert
	AllowedCerts []*Cert
	RemovedCerts []*Cert
	UnknownCerts []*Cert
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL