Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var PublicSuffixList = map[string]bool{}/* 6471 elements not displayed */
wget https://publicsuffix.org/list/effective_tld_names.dat cat effective_tld_names.dat | grep "^[a-zA-Z0-9.*]\+$" | sed -e 's/^\*\.//; s/^\(.*\)$/ "\1": true,/' | sort | pbcopy
Functions ¶
This section is empty.
Types ¶
type BlacklistedError ¶
type BlacklistedError struct{}
BlacklistedError indicates we have blacklisted one or more of these identifiers.
func (BlacklistedError) Error ¶
func (e BlacklistedError) Error() string
type InvalidIdentifierError ¶
type InvalidIdentifierError struct{}
InvalidIdentifierError indicates that we didn't understand the IdentifierType provided.
func (InvalidIdentifierError) Error ¶
func (e InvalidIdentifierError) Error() string
type NonPublicError ¶
type NonPublicError struct{}
NonPublicError indicates that one or more identifiers were not on the public Internet.
func (NonPublicError) Error ¶
func (e NonPublicError) Error() string
type PolicyAuthorityImpl ¶
type PolicyAuthorityImpl struct {
PublicSuffixList map[string]bool // A copy of the DNS root zone
Blacklist map[string]bool // A blacklist of denied names
// contains filtered or unexported fields
}
PolicyAuthorityImpl enforces CA policy decisions.
func NewPolicyAuthorityImpl ¶
func NewPolicyAuthorityImpl() *PolicyAuthorityImpl
NewPolicyAuthorityImpl constructs a Policy Authority.
func (PolicyAuthorityImpl) ChallengesFor ¶
func (pa PolicyAuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier) (challenges []core.Challenge, combinations [][]int)
ChallengesFor makes a decision of what challenges, and combinations, are acceptable for the given identifier.
Note: Current implementation is static, but future versions may not be.
func (PolicyAuthorityImpl) WillingToIssue ¶
func (pa PolicyAuthorityImpl) WillingToIssue(id core.AcmeIdentifier) error
WillingToIssue determines whether the CA is willing to issue for the provided identifier.
We place several criteria on identifiers we are willing to issue for:
- MUST self-identify as DNS identifiers
- MUST contain only bytes in the DNS hostname character set
- MUST NOT have more than maxLabels labels
- MUST follow the DNS hostname syntax rules in RFC 1035 and RFC 2181 In particular:
- MUST NOT contain underscores
- MUST NOT contain IDN labels (xn--)
- MUST NOT match the syntax of an IP address
- MUST end in a public suffix
- MUST have at least one label in addition to the public suffix
- MUST NOT be a label-wise suffix match for a name on the black list, where comparison is case-independent (normalized to lower case)
XXX: Is there any need for this method to be constant-time? We're
going to refuse to issue anyway, but timing could leak whether names are on the blacklist.
XXX: We should probably fold everything to lower-case somehow.
type SyntaxError ¶
type SyntaxError struct{}
SyntaxError indicates that the user input was not well formatted.
func (SyntaxError) Error ¶
func (e SyntaxError) Error() string
Source Files