Home | History | Annotate | Download | only in x509

Lines Matching refs:Certificate

21 	// NotAuthorizedToSign results when a certificate is signed by another
22 	// which isn't marked as a CA certificate.
24 	// Expired results when a certificate has expired, based on the time
28 	// certificate has a name constraint which doesn't include the name
34 	// IncompatibleUsage results when the certificate's key usage indicates
37 	// NameMismatch results when the subject name of a parent certificate
45 	Cert   *Certificate
52 		return "x509: certificate is not authorized to sign other certificates"
54 		return "x509: certificate has expired or is not yet valid"
56 		return "x509: a root or intermediate certificate is not authorized to sign in this domain"
60 		return "x509: certificate specifies an incompatible key usage"
62 		return "x509: issuer name does not match subject from issuing certificate"
70 	Certificate *Certificate
75 	c := h.Certificate
81 			return "x509: cannot validate certificate for " + h.Host + " because it doesn't contain any IP SANs"
98 		return "x509: certificate is not valid for any names, but wanted to match " + h.Host
100 	return "x509: certificate is valid for " + valid + ", not " + h.Host
103 // UnknownAuthorityError results when the certificate issuer is unknown
105 	Cert *Certificate
109 	// hintCert contains a possible authority certificate that was rejected
111 	hintCert *Certificate
115 	s := "x509: certificate signed by unknown authority"
125 		s += fmt.Sprintf(" (possibly because of %q while trying to verify candidate authority certificate %q)", e.hintErr, certName)
143 // errNotParsed is returned when a certificate without ASN.1 contents is
147 // VerifyOptions contains parameters for Certificate.Verify. It's a structure
193 func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *VerifyOptions) error {
227 	// signatures. A different CA marked its own trusted root certificate
228 	// as being invalid for certificate signing. Another national CA
229 	// distributed a certificate to be used to encrypt data for the
235 	// certificate by adding a certificate policy statement stipulating
236 	// that the certificate had to be used strictly as specified in the
255 // certificate in opts.Roots, using certificates in opts.Intermediates if
263 func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) {
305 	var candidateChains [][]*Certificate
307 		candidateChains = append(candidateChains, []*Certificate{c})
309 		if candidateChains, err = c.buildChains(make(map[int][][]*Certificate), []*Certificate{c}, &opts); err != nil {
340 func appendToFreshChain(chain []*Certificate, cert *Certificate) []*Certificate {
341 	n := make([]*Certificate, len(chain)+1)
347 func (c *Certificate) buildChains(cache map[int][][]*Certificate, currentChain []*Certificate, opts *VerifyOptions) (chains [][]*Certificate, err error) {
379 		var childChains [][]*Certificate
464 // VerifyHostname returns nil if c is a valid certificate for the named host.
466 func (c *Certificate) VerifyHostname(h string) error {
499 func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
510 	// by each certificate. If we cross out all the usages, then the chain
517 			// The certificate doesn't have any extended key usage specified.
523 				// The certificate is explicitly good for any usage.
543 					// certificate chains, we have to