Documentation ¶
Index ¶
- Variables
- func Check(c *x509.Certificate, r *Result) error
- func GetValidPostgresCert(spec string, config *tls.Config) (*tls.ConnectionState, error)
- func GetValidSTARTTLSCert(spec string, config *tls.Config) (*tls.ConnectionState, error)
- func ReadSpecSliceFromFile(name string) ([]string, error)
- type Protocol
- type Result
Constants ¶
This section is empty.
Variables ¶
var ErrExpired = fmt.Errorf("certififcate is expired")
ErrExpired is returned when the certificate is found to be expired
var ErrFuture = fmt.Errorf("certificate is still not valid")
ErrFuture indicates that a certificate NotBefore date is in the future
var ErrNil = fmt.Errorf("nil certificate")
ErrNil is an error thrown when a nil certificate pointer is evaluated
var ErrNoCerts = fmt.Errorf("no certificates to process")
ErrNoCerts indicates that no certificates are available for processing with the given spec
var ErrNoPostgresTLS = fmt.Errorf("PostgreSQL does not seem to support TLS")
ErrNoPostgresTLS indicates that the PotgreSQL server did not accept our attempt to setup TLS.
var ErrNoSTARTTLS = fmt.Errorf("Remote server does not announce STARTTLS")
ErrNoSTARTTLS indicates that the remote server does not advertise STARTTLS support
var ErrNoTLS = fmt.Errorf("Unable to complete TLS handshake")
ErrNoTLS indicates that the specified endpoint did not complete the TLS handshake.
var ErrUnsupportedSTARTTLS = fmt.Errorf("Unknown / unsupported protocol for STARTTLS")
ErrUnsupportedSTARTTLS is returned when the remote server does not speak a protocol for which we support STARTTLS
var TEHLO = 10 * time.Second
TEHLO is the interval to wait our EHLO command to be accepted and replied to, for SMTP servers
var TGreeting = 10 * time.Second
TGreeting is the interval to wait for the server greeting after connecting
var TNOOP = 10 * time.Second
TNOOP is the interval to wait for the NOOP command issued upon TLS to complete
var TNewConn = 30 * time.Second
TNewConn is the interval to wait for a new connection to the MTA to complete
var TQUIT = 10 * time.Second
TQUIT is the interval to wait for our final QUIT command to be accepted and responded. Also used for the LOGOUT IMAP command for IMAP servers
var TSTARTTLS = 10 * time.Second
TSTARTTLS is the interval to wait for out STARTTLS to be accepted and responded
var TTLS = 10 * time.Second
TTLS is the interval to wait for TLS establishment after STARTTLS
Functions ¶
func Check ¶
func Check(c *x509.Certificate, r *Result) error
Check validates the expiration dates of the given certificate, returning the relevant data. DaysLeft is calculated so as to return the min number of days remaining for any certificate in the chain.
func GetValidPostgresCert ¶
GetValidPostgresCert connects to a SMTP server and retrieves and validates the certificate obtained through a valid protocol negotiation.
func GetValidSTARTTLSCert ¶
GetValidSTARTTLSCert connects to a server, determines the underlying protocol and if supported, forwards to the correct handler method. Otherwise returns an appropriate error.
func ReadSpecSliceFromFile ¶
ReadSpecSliceFromFile reads a list of certificate specs from a file and returns the list of specs.
Types ¶
type Protocol ¶
type Protocol int
Protocol is used to encode the protocol to use to get TLS certificates from the server side.
type Result ¶
type Result struct { // Protocol is the protocol used for validation Protocol Protocol `json:"protocol"` // Success indicates whether the checking was successful or not. Success bool `json:"success"` // DaysLeft indicates the difference between current time and expiration date // of the certificate, with negative numbers indicating errors or expired // certificates. DaysLeft int `json:"days_left"` // Set to true when the certificate is known to be expired Expired bool `json:"expired"` // Cert points to the certificate that was checked. This is useful to // piggyback checks on certificates. Cert *x509.Certificate `json:"cert"` // Delay keeps track of how long it took to perform the certificate validation Delay time.Duration `json:"delay"` // CertSerial is a string representation of the certificate's serial, so that // it can be properly returned by compliant JSON processors CertSerial string `json:"cert_serial"` // PeerCertificates mirrors tls.ConnectionState.PeerCertificates PeerCertificates *[]*x509.Certificate `json:"peer_certificates"` // VerifiedChains mirrors tls.ConnectionState.VerifiedChains VerifiedChains *[][]*x509.Certificate `json:"verified_chains"` // TLSVersion provides a human readable (i.e. "TLSv1.1") of the protocol that // was negotiated. In situations where no TLS was used (i.e., when reading a // certificate from disk) the value will be the empry string. TLSVersion string `json:"tls_version"` // String representation of the cipher suite used for the connection. CipherSuite string `json:"cipher_suite"` }
Result encodes the result of validating a Certificate
func ProcessCert ¶
ProcessCert takes a spec certificate specification, which might be a file containing a PEM certificate or a dial string to connect to and obtain the certificate from.
func ReadFromFile ¶
ReadFromFile reads a certificate from a local file and returns the result of processing it