lints

package

v0.0.0-...-d64132e Latest Latest Go to latest Published: Nov 28, 2024 License: MPL-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/letsencrypt/boulder

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetExtWithOID(exts []pkix.Extension, oid asn1.ObjectIdentifier) *pkix.Extension
func ReadOptionalASN1BooleanWithTag(incoming *cryptobyte.String, out *bool, tag cryptobyte_asn1.Tag, ...) bool
type IssuingDistributionPoint
- func NewIssuingDistributionPoint() *IssuingDistributionPoint

Constants ¶

View Source

const (
	// CABF Baseline Requirements 6.3.2 Certificate operational periods:
	// For the purpose of calculations, a day is measured as 86,400 seconds.
	// Any amount of time greater than this, including fractional seconds and/or
	// leap seconds, shall represent an additional day.
	BRDay time.Duration = 86400 * time.Second

	// Declare our own Sources for use in zlint registry filtering.
	LetsEncryptCPS lint.LintSource = "LECPS"
	ChromeCTPolicy lint.LintSource = "ChromeCT"
)

Variables ¶

View Source

var (
	CPSV33Date           = time.Date(2021, time.June, 8, 0, 0, 0, 0, time.UTC)
	MozillaPolicy281Date = time.Date(2023, time.February, 15, 0, 0, 0, 0, time.UTC)
)

Functions ¶

func GetExtWithOID ¶

func GetExtWithOID(exts []pkix.Extension, oid asn1.ObjectIdentifier) *pkix.Extension

GetExtWithOID is a helper for several of our custom lints. It returns the extension with the given OID if it exists, or nil otherwise.

func ReadOptionalASN1BooleanWithTag ¶

func ReadOptionalASN1BooleanWithTag(incoming *cryptobyte.String, out *bool, tag cryptobyte_asn1.Tag, defaultValue bool) bool

ReadOptionalASN1BooleanWithTag attempts to read and advance incoming to search for an optional DER-encoded ASN.1 element tagged with the given tag. Unless out is nil, it stores whether an element with the tag was found in out, otherwise out will take the default value. It reports whether all reads were successful.

Types ¶

type IssuingDistributionPoint ¶

type IssuingDistributionPoint struct {
	DistributionPointURIs []*url.URL
	OnlyContainsUserCerts bool
	OnlyContainsCACerts   bool
}

IssuingDistributionPoint stores the IA5STRING value(s) of the optional distributionPoint, and the (implied OPTIONAL) BOOLEAN values of onlyContainsUserCerts and onlyContainsCACerts.

RFC 5280
* Section 5.2.5
  IssuingDistributionPoint ::= SEQUENCE {
    distributionPoint          [0] DistributionPointName OPTIONAL,
    onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
    onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
    ...
  }

* Section 4.2.1.13
  DistributionPointName ::= CHOICE {
    fullName                [0]     GeneralNames,
    ... }

* Appendix A.1, Page 128
  GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
  GeneralName ::= CHOICE {
    ...
        uniformResourceIdentifier [6]  IA5String,
    ... }

Because this struct is used by cryptobyte (not by encoding/asn1), and because we only care about the uniformResourceIdentifier flavor of GeneralName, we are able to flatten the DistributionPointName down into a slice of URIs.

func NewIssuingDistributionPoint ¶

func NewIssuingDistributionPoint() *IssuingDistributionPoint

NewIssuingDistributionPoint is a constructor which returns an IssuingDistributionPoint with each field set to zero values.

Source Files ¶

View all Source files

common.go

Directories ¶

Path	Synopsis
cabf_br
chrome
cpcps
rfc
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL