Documentation ¶
Index ¶
- func Check(tbs, issuer *x509.Certificate, subjectPubKey crypto.PublicKey, ...) error
- func LintCert(lintCert *zlintx509.Certificate, lints lint.Registry) error
- func MakeLintCert(tbs, issuer *x509.Certificate, subjectPubKey crypto.PublicKey, ...) (*zlintx509.Certificate, error)
- func MakeRegistry(skipLints []string) (lint.Registry, error)
- func MakeSigner(realSigner crypto.Signer) (crypto.Signer, error)
- type Linter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Check ¶
func Check(tbs, issuer *x509.Certificate, subjectPubKey crypto.PublicKey, realSigner crypto.Signer, skipLints []string) error
Check accomplishes the entire process of linting: it generates a throwaway signing key, uses that to create a throwaway cert, and runs a default set of lints (everything except for the ETSI and EV lints) against it. This is the primary public interface of this package, but it can be inefficient; creating a new signer and a new lint registry are expensive operations which performance-sensitive clients may want to cache.
func LintCert ¶
func LintCert(lintCert *zlintx509.Certificate, lints lint.Registry) error
LintCert runs the given set of lints across the given cert and returns an error containing the names of all failed lints, or nil.
func MakeLintCert ¶
func MakeLintCert(tbs, issuer *x509.Certificate, subjectPubKey crypto.PublicKey, lintSigner crypto.Signer) (*zlintx509.Certificate, error)
MakeLintCert creates a throwaway x509.Certificate which can be linted. Only use the result from MakeSigner as the final argument.
func MakeRegistry ¶
MakeRegistry creates a zlint Registry of lints to run, filtering out the EV- and ETSI-specific lints, as well as any others specified.