type sum224 … type CertPool … type lazyCert … // NewCertPool returns a new, empty CertPool. func NewCertPool() *CertPool { … } // len returns the number of certs in the set. // A nil set is a valid empty set. func (s *CertPool) len() int { … } // cert returns cert index n in s. func (s *CertPool) cert(n int) (*Certificate, func([]*Certificate) error, error) { … } // Clone returns a copy of s. func (s *CertPool) Clone() *CertPool { … } // SystemCertPool returns a copy of the system cert pool. // // On Unix systems other than macOS the environment variables SSL_CERT_FILE and // SSL_CERT_DIR can be used to override the system default locations for the SSL // certificate file and SSL certificate files directory, respectively. The // latter can be a colon-separated list. // // Any mutations to the returned pool are not written to disk and do not affect // any other pool returned by SystemCertPool. // // New changes in the system cert pool might not be reflected in subsequent calls. func SystemCertPool() (*CertPool, error) { … } type potentialParent … // findPotentialParents returns the certificates in s which might have signed // cert. func (s *CertPool) findPotentialParents(cert *Certificate) []potentialParent { … } func (s *CertPool) contains(cert *Certificate) bool { … } // AddCert adds a certificate to a pool. func (s *CertPool) AddCert(cert *Certificate) { … } // addCertFunc adds metadata about a certificate to a pool, along with // a func to fetch that certificate later when needed. // // The rawSubject is Certificate.RawSubject and must be non-empty. // The getCert func may be called 0 or more times. func (s *CertPool) addCertFunc(rawSum224 sum224, rawSubject string, getCert func() (*Certificate, error), constraint func([]*Certificate) error) { … } // AppendCertsFromPEM attempts to parse a series of PEM encoded certificates. // It appends any certificates found to s and reports whether any certificates // were successfully parsed. // // On many Linux systems, /etc/ssl/cert.pem will contain the system wide set // of root CAs in a format suitable for this function. func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) { … } // Subjects returns a list of the DER-encoded subjects of // all of the certificates in the pool. // // Deprecated: if s was returned by [SystemCertPool], Subjects // will not include the system roots. func (s *CertPool) Subjects() [][]byte { … } // Equal reports whether s and other are equal. func (s *CertPool) Equal(other *CertPool) bool { … } // AddCertWithConstraint adds a certificate to the pool with the additional // constraint. When Certificate.Verify builds a chain which is rooted by cert, // it will additionally pass the whole chain to constraint to determine its // validity. If constraint returns a non-nil error, the chain will be discarded. // constraint may be called concurrently from multiple goroutines. func (s *CertPool) AddCertWithConstraint(cert *Certificate, constraint func([]*Certificate) error) { … }
Codebase Browser
go