Black Lives Matter. Support the Equal Justice Initiative.

Source file src/crypto/x509/verify.go

Documentation: crypto/x509

     1  // Copyright 2011 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package x509
     6  
     7  import (
     8  	"bytes"
     9  	"errors"
    10  	"fmt"
    11  	"net"
    12  	"net/url"
    13  	"reflect"
    14  	"runtime"
    15  	"strings"
    16  	"time"
    17  	"unicode/utf8"
    18  )
    19  
    20  type InvalidReason int
    21  
    22  const (
    23  	// NotAuthorizedToSign results when a certificate is signed by another
    24  	// which isn't marked as a CA certificate.
    25  	NotAuthorizedToSign InvalidReason = iota
    26  	// Expired results when a certificate has expired, based on the time
    27  	// given in the VerifyOptions.
    28  	Expired
    29  	// CANotAuthorizedForThisName results when an intermediate or root
    30  	// certificate has a name constraint which doesn't permit a DNS or
    31  	// other name (including IP address) in the leaf certificate.
    32  	CANotAuthorizedForThisName
    33  	// TooManyIntermediates results when a path length constraint is
    34  	// violated.
    35  	TooManyIntermediates
    36  	// IncompatibleUsage results when the certificate's key usage indicates
    37  	// that it may only be used for a different purpose.
    38  	IncompatibleUsage
    39  	// NameMismatch results when the subject name of a parent certificate
    40  	// does not match the issuer name in the child.
    41  	NameMismatch
    42  	// NameConstraintsWithoutSANs is a legacy error and is no longer returned.
    43  	NameConstraintsWithoutSANs
    44  	// UnconstrainedName results when a CA certificate contains permitted
    45  	// name constraints, but leaf certificate contains a name of an
    46  	// unsupported or unconstrained type.
    47  	UnconstrainedName
    48  	// TooManyConstraints results when the number of comparison operations
    49  	// needed to check a certificate exceeds the limit set by
    50  	// VerifyOptions.MaxConstraintComparisions. This limit exists to
    51  	// prevent pathological certificates can consuming excessive amounts of
    52  	// CPU time to verify.
    53  	TooManyConstraints
    54  	// CANotAuthorizedForExtKeyUsage results when an intermediate or root
    55  	// certificate does not permit a requested extended key usage.
    56