Lines Matching refs:Certificate
114 // Certificate types (for certificateRequestMsg)
116 certTypeRSASign = 1 // A certificate containing an RSA key
117 certTypeDSSSign = 2 // A certificate containing a DSA key
118 certTypeRSAFixedDH = 3 // A certificate containing a static DH key
119 certTypeDSSFixedDH = 4 // A certificate containing a static DH key
122 certTypeECDSASign = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA.
123 certTypeRSAFixedECDH = 65 // A certificate containing an ECDH-capable public key, signed with RSA.
124 certTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA.
169 PeerCertificates []*x509.Certificate // certificate chain presented by remote peer
170 VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates
202 serverCertificates []*x509.Certificate // Certificate chain presented by the server
203 verifiedChains [][]*x509.Certificate // Certificate chains we built for verification
239 // guide certificate selection in the GetCertificate callback.
291 // CertificateRequest message, which is used to demand a certificate and proof
296 // that the server wishes the returned certificate to be signed by. An
313 // (i.e. the leaf certificate must be the same). Additionally, concurrent
347 // Certificates contains one or more certificate chains to present to
349 // at least one certificate or else set GetCertificate. Clients doing
352 Certificates []Certificate
354 // NameToCertificate maps from a certificate name to an element of
355 // Certificates. Note that a certificate name can be of the form
360 NameToCertificate map[string]*Certificate
362 // GetCertificate returns a Certificate based on the given
366 // If GetCertificate is nil or returns nil, then the certificate is
369 GetCertificate func(*ClientHelloInfo) (*Certificate, error)
372 // certificate from a client. If set, the contents of Certificates will
377 // GetClientCertificate must return a non-nil Certificate. If
378 // Certificate.Certificate is empty then no certificate will be sent to
384 GetClientCertificate func(*CertificateRequestInfo) (*Certificate, error)
407 // certificate verification by either a TLS client or server. It
416 VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
418 // RootCAs defines the set of root certificate authorities
436 // ClientCAs defines the set of root certificate authorities
437 // that servers use if required to verify a client certificate
442 // server's certificate chain and host name.
443 // If InsecureSkipVerify is true, TLS accepts any certificate
444 // presented by the server and any host name in that certificate.
717 // getCertificate returns the best certificate for the given ClientHelloInfo,
719 func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, error) {
757 // If nothing matches, return the first certificate.
765 c.NameToCertificate = make(map[string]*Certificate)
768 x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
801 // A Certificate is a chain of one or more certificates, leaf first.
802 type Certificate struct {
803 Certificate [][]byte
814 // Certificate Timestamps which will be served to clients that request it.
816 // Leaf is the parsed form of the leaf certificate, which may be
819 // leaf certificate will be parsed as needed.
820 Leaf *x509.Certificate
