Lines Matching refs:Certificate
23 // NotAuthorizedToSign results when a certificate is signed by another
24 // which isn't marked as a CA certificate.
26 // Expired results when a certificate has expired, based on the time
30 // certificate has a name constraint which doesn't permit a DNS or
31 // other name (including IP address) in the leaf certificate.
36 // IncompatibleUsage results when the certificate's key usage indicates
39 // NameMismatch results when the subject name of a parent certificate
42 // NameConstraintsWithoutSANs results when a leaf certificate doesn't
43 // contain a Subject Alternative Name extension, but a CA certificate
46 // UnconstrainedName results when a CA certificate contains permitted
47 // name constraints, but leaf certificate contains a name of an
51 // needed to check a certificate exceeds the limit set by
57 // certificate does not permit an extended key usage that is claimed by
58 // the leaf certificate.
65 Cert *Certificate
73 return "x509: certificate is not authorized to sign other certificates"
75 return "x509: certificate has expired or is not yet valid"
77 return "x509: a root or intermediate certificate is not authorized to sign for this name: " + e.Detail
79 return "x509: a root or intermediate certificate is not authorized for an extended key usage: " + e.Detail
83 return "x509: certificate specifies an incompatible key usage: " + e.Detail
85 return "x509: issuer name does not match subject from issuing certificate"
97 Certificate *Certificate
102 c := h.Certificate
108 return "x509: cannot validate certificate for " + h.Host + " because it doesn't contain any IP SANs"
125 return "x509: certificate is not valid for any names, but wanted to match " + h.Host
127 return "x509: certificate is valid for " + valid + ", not " + h.Host
130 // UnknownAuthorityError results when the certificate issuer is unknown
132 Cert *Certificate
136 // hintCert contains a possible authority certificate that was rejected
138 hintCert *Certificate
142 s := "x509: certificate signed by unknown authority"
152 s += fmt.Sprintf(" (possibly because of %q while trying to verify candidate authority certificate %q)", e.hintErr, certName)
170 // errNotParsed is returned when a certificate without ASN.1 contents is
174 // VerifyOptions contains parameters for Certificate.Verify. It's a structure
187 // perform when checking a given certificate's name constraints. If
210 // rfc822Name from a certificate: ?The format of an rfc822Name is a "Mailbox"
407 // certificate.?
486 // checkNameConstraints checks that c permits a child certificate to claim the
491 func (c *Certificate) checkNameConstraints(count *int,
547 // the given EKU from a certificate. Normally, this would be a simple
570 // Any CA may issue an OCSP responder certificate.
583 func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *VerifyOptions) error {
609 var leaf *Certificate
633 // This certificate should not have parsed.
749 // signatures. A different CA marked its own trusted root certificate
750 // as being invalid for certificate signing. Another national CA
751 // distributed a certificate to be used to encrypt data for the
757 // certificate by adding a certificate policy statement stipulating
758 // that the certificate had to be used strictly as specified in the
777 // certificate in opts.Roots, using certificates in opts.Intermediates if
795 func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) {
863 var candidateChains [][]*Certificate
865 candidateChains = append(candidateChains, []*Certificate{c})
867 if candidateChains, err = c.buildChains(make(map[int][][]*Certificate), []*Certificate{c}, &opts); err != nil {
875 func appendToFreshChain(chain []*Certificate, cert *Certificate) []*Certificate {
876 n := make([]*Certificate, len(chain)+1)
882 func (c *Certificate) buildChains(cache map[int][][]*Certificate, currentChain []*Certificate, opts *VerifyOptions) (chains [][]*Certificate, err error) {
914 var childChains [][]*Certificate
999 // VerifyHostname returns nil if c is a valid certificate for the named host.
1001 func (c *Certificate) VerifyHostname(h string) error {
