nss

package

v0.0.0-...-9df3cd3 Latest Latest Go to latest Published: Aug 17, 2023 License: BSD-3-Clause Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package nss provides functionality for parsing NSS certdata.txt formatted certificate lists and extracting serverAuth roots. Most users should not use this package themselves, and should instead rely on the github.com/dagood/x/crypto/x509roots/fallback package which calls x509.SetFallbackRoots on a pre-parsed set of roots.

Index ¶

type Certificate
- func Parse(r io.Reader) ([]*Certificate, error)
type Constraint
type DistrustAfter
- func (DistrustAfter) Kind() Kind
type Kind

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Certificate ¶

type Certificate struct {
	// Certificate is the parsed certificate
	X509 *x509.Certificate
	// Constraints contains a list of additional constraints that should be
	// applied to any certificates that chain to Certificate. If there are
	// any unknown constraints in the slice, Certificate should not be
	// trusted.
	Constraints []Constraint
}

A Certificate represents a single trusted serverAuth certificate in the NSS certdata.txt list and any constraints that should be applied to chains rooted by it.

func Parse ¶

func Parse(r io.Reader) ([]*Certificate, error)

Parse parses a NSS certdata.txt formatted file, returning only trusted serverAuth roots, as well as any additional constraints. This parser is very opinionated, only returning roots that are currently trusted for serverAuth. As such roots returned by this package should only be used for making trust decisions about serverAuth certificates, as the trust status for other uses is not considered. Using the roots returned by this package for trust decisions should be done carefully.

Some roots returned by the parser may include additional constraints (currently only DistrustAfter) which need to be considered when verifying certificates which chain to them.

Parse is not intended to be a general purpose parser for certdata.txt.

type Constraint ¶

type Constraint interface {
	Kind() Kind
}

Constraint is a constraint to be applied to a certificate or certificate chain.

type DistrustAfter ¶

type DistrustAfter time.Time

DistrustAfter is a Constraint that indicates a certificate has a CKA_NSS_SERVER_DISTRUST_AFTER constraint. This constraint defines a date after which any certificate issued which is rooted by the constrained certificate should be distrusted.

func (DistrustAfter) Kind ¶

func (DistrustAfter) Kind() Kind

type Kind ¶

type Kind int

Kind is the constraint kind, using the NSS enumeration.

const (
	CKA_NSS_SERVER_DISTRUST_AFTER Kind = iota
)

Source Files ¶

View all Source files

parser.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL