tlsrestrictchromium

package module

v0.0.0-...-431f79e Latest Latest Go to latest Published: Jun 17, 2021 License: GPL-3.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/namecoin/tlsrestrictchromium

Links

Open Source Insights

README ¶

tlsrestrictchromium

tlsrestrictchromium was a tool for blacklisting all built-in TLS CA's for a specific eTLD. It was previously used by Namecoin. As tlsrestrictchromium requires HPKP, which has since been removed by Chromium, tlsrestrictchromium is obsolete.

Building

Prerequisites:

Ensure you have the Go tools installed.

Option A: Using Go build commands without Go modules (works on any platform with Bash; only Go 1.15-1.16.x; will not work on Go 1.17+):

Ensure you have the GOPATH environment variable set. (For those not familar with Go, setting it to the path to an empty directory will suffice. The directory will be filled with build files.)
Run export GO111MODULE=off to disable Go modules.
Run go get -t -u github.com/namecoin/tlsrestrictchromium/.... tlsrestrictchromium will be built. The binaries will be at $GOPATH/bin/tlsrestrictchromium.

Option B: Using Go build commands with Go modules (works on any platform with Bash; Go 1.15+:

Run the following in the tlsrestrictchromium directory to set up Go modules:
```
go mod init
go mod tidy
```
Run go install ./.... tlsrestrictchromium will be built. The binaries will be at $GOPATH/bin/tlsrestrictchromium.

Option C: Using Makefile (non-Windows platforms):

Run make. The source repository will be retrieved via go get automatically.

Licence

Licenced under the GPLv3 or later.
© 2014-2015 Hugo Landau <hlandau@devever.net>

Documentation ¶

Index ¶

func BlockAllCAs() (map[string]interface{}, error)
func DNSHash(fqdn string) (string, error)
func Sleeve256() (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BlockAllCAs ¶

func BlockAllCAs() (map[string]interface{}, error)

BlockAllCAs returns an HSTS/HPKP rule (serializable to Chromium JSON format) that blacklists all built-in CA's from signing certs for subdomains of the given domain name. It doesn't include the domain name. It has only been tested with TLD's; it is unclear whether the rule will have any undesired effects if applied to a 2nd-level (or higher level) domain name.

func DNSHash ¶

func DNSHash(fqdn string) (string, error)

DNSHash converts an FQDN to DNS wire format, takes the SHA256 of it, and then returns the result as a base64-encoded string. This happens to be how Chromium's HSTS/HPKP database internally stores domain names.

func Sleeve256 ¶

func Sleeve256() (string, error)

Sleeve256 calculates floor(2**256/pi), and encodes the result as base64. It is intended to be used as a SHA256 hash where I don't have a preimage up my sleeve.

Python2 version originally by Ryan Castellucci. Go port, pi sourcing, and base64 output by Jeremy Rand.

Types ¶

This section is empty.

Source Files ¶

View all Source files

chromium.go

Directories ¶

Path	Synopsis
tlsrestrict_chromium_tool

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL