README

OpenSSL bindings for Go

Please see http://godoc.org/github.com/spacemonkeygo/openssl for more info

License

Copyright (C) 2017. See AUTHORS.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Using on macOS
  1. Install homebrew
  2. $ brew install openssl or $ brew install openssl@1.1
Using on Windows
  1. Install mingw-w64
  2. Install pkg-config-lite
  3. Build (or install precompiled) openssl for mingw32-w64
  4. Set PKG_CONFIG_PATH to the directory containing openssl.pc (i.e. c:\mingw64\mingw64\lib\pkgconfig)

Documentation

Overview

Package openssl is a light wrapper around OpenSSL for Go.

It strives to provide a near-drop-in replacement for the Go standard library tls package, while allowing for:

Performance

OpenSSL is battle-tested and optimized C. While Go's built-in library shows great promise, it is still young and in some places, inefficient. This simple OpenSSL wrapper can often do at least 2x with the same cipher and protocol.

On my lappytop, I get the following benchmarking speeds:

BenchmarkSHA1Large_openssl      1000  2611282 ns/op  401.56 MB/s
BenchmarkSHA1Large_stdlib        500  3963983 ns/op  264.53 MB/s
BenchmarkSHA1Small_openssl   1000000     3476 ns/op    0.29 MB/s
BenchmarkSHA1Small_stdlib    5000000      550 ns/op    1.82 MB/s
BenchmarkSHA256Large_openssl     200  8085314 ns/op  129.69 MB/s
BenchmarkSHA256Large_stdlib      100 18948189 ns/op   55.34 MB/s
BenchmarkSHA256Small_openssl 1000000     4262 ns/op    0.23 MB/s
BenchmarkSHA256Small_stdlib  1000000     1444 ns/op    0.69 MB/s
BenchmarkOpenSSLThroughput    100000    21634 ns/op   47.33 MB/s
BenchmarkStdlibThroughput      50000    58974 ns/op   17.36 MB/s

Interoperability

Many systems support OpenSSL with a variety of plugins and modules for things, such as hardware acceleration in embedded devices.

Greater flexibility and configuration

OpenSSL allows for far greater configuration of corner cases and backwards compatibility (such as support of SSLv2). You shouldn't be using SSLv2 if you can help but, but sometimes you can't help it.

Security

Yeah yeah, Heartbleed. But according to the author of the standard library's TLS implementation, Go's TLS library is vulnerable to timing attacks. And whether or not OpenSSL received the appropriate amount of scrutiny pre-Heartbleed, it sure is receiving it now.

Usage

Starting an HTTP server that uses OpenSSL is very easy. It's as simple as:

log.Fatal(openssl.ListenAndServeTLS(
      ":8443", "my_server.crt", "my_server.key", myHandler))

Getting a net.Listener that uses OpenSSL is also easy:

ctx, err := openssl.NewCtxFromFiles("my_server.crt", "my_server.key")
if err != nil {
        log.Fatal(err)
}
l, err := openssl.Listen("tcp", ":7777", ctx)

Making a client connection is straightforward too:

ctx, err := NewCtx()
if err != nil {
        log.Fatal(err)
}
err = ctx.LoadVerifyLocations("/etc/ssl/certs/ca-certificates.crt", "")
if err != nil {
        log.Fatal(err)
}
conn, err := openssl.Dial("tcp", "localhost:7777", ctx, 0)

Help wanted: To get this library to work with net/http's client, we had to fork net/http. It would be nice if an alternate http client library supported the generality needed to use OpenSSL instead of crypto/tls.

Index

Constants

View Source
const (
	KeyTypeNone    = NID_undef
	KeyTypeRSA     = NID_rsaEncryption
	KeyTypeRSA2    = NID_rsa
	KeyTypeDSA     = NID_dsa
	KeyTypeDSA1    = NID_dsa_2
	KeyTypeDSA2    = NID_dsaWithSHA
	KeyTypeDSA3    = NID_dsaWithSHA1
	KeyTypeDSA4    = NID_dsaWithSHA1_2
	KeyTypeDH      = NID_dhKeyAgreement
	KeyTypeDHX     = NID_dhpublicnumber
	KeyTypeEC      = NID_X9_62_id_ecPublicKey
	KeyTypeHMAC    = NID_hmac
	KeyTypeCMAC    = NID_cmac
	KeyTypeTLS1PRF = NID_tls1_prf
	KeyTypeHKDF    = NID_hkdf
	KeyTypeX25519  = NID_X25519
	KeyTypeX448    = NID_X448
	KeyTypeED25519 = NID_ED25519
	KeyTypeED448   = NID_ED448
)

    Constants for the various key types. Mapping of name -> NID taken from openssl/evp.h

    View Source
    const (
    	GCM_TAG_MAXLEN = 16
    )
    View Source
    const (
    	KeyNameSize = 16
    )
    View Source
    const (
    	SSLRecordSize = 16 * 1024
    )

    Variables

    View Source
    var (
    	ValidationError = errors.New("Host validation error")
    )

    Functions

    func DeriveSharedSecret

    func DeriveSharedSecret(private PrivateKey, public PublicKey) ([]byte, error)

      DeriveSharedSecret derives a shared secret using a private key and a peer's public key. The specific algorithm that is used depends on the types of the keys, but it is most commonly a variant of Diffie-Hellman.

      func FIPSModeSet

      func FIPSModeSet(mode bool) error

        FIPSModeSet enables a FIPS 140-2 validated mode of operation. https://wiki.openssl.org/index.php/FIPS_mode_set()

        func Listen

        func Listen(network, laddr string, ctx *Ctx) (net.Listener, error)

          Listen is a wrapper around net.Listen that wraps incoming connections with an OpenSSL server connection using the provided context ctx.

          func ListenAndServeTLS

          func ListenAndServeTLS(addr string, cert_file string, key_file string,
          	handler http.Handler) error

            ListenAndServeTLS will take an http.Handler and serve it using OpenSSL over the given tcp address, configured to use the provided cert and key files.

            func MD4

            func MD4(data []byte) (result [16]byte, err error)

            func MD5

            func MD5(data []byte) (result [16]byte, err error)

            func NewListener

            func NewListener(inner net.Listener, ctx *Ctx) net.Listener

              NewListener wraps an existing net.Listener such that all accepted connections are wrapped as OpenSSL server connections using the provided context ctx.

              func Nid2ShortName

              func Nid2ShortName(nid NID) (string, error)

              func SHA1

              func SHA1(data []byte) (result [20]byte, err error)

              func SHA256

              func SHA256(data []byte) (result [32]byte, err error)

              func ServerListenAndServeTLS

              func ServerListenAndServeTLS(srv *http.Server,
              	cert_file, key_file string) error

                ServerListenAndServeTLS will take an http.Server and serve it using OpenSSL configured to use the provided cert and key files.

                func SplitPEM

                func SplitPEM(data []byte) [][]byte

                Types

                type AuthenticatedDecryptionCipherCtx

                type AuthenticatedDecryptionCipherCtx interface {
                	DecryptionCipherCtx
                
                	// pass in any extra data that was added during encryption with the
                	// encryption context's ExtraData()
                	ExtraData([]byte) error
                
                	// use before finalizing decryption to tell the library what the
                	// tag is expected to be
                	SetTag([]byte) error
                }

                func NewGCMDecryptionCipherCtx

                func NewGCMDecryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) (
                	AuthenticatedDecryptionCipherCtx, error)

                type AuthenticatedEncryptionCipherCtx

                type AuthenticatedEncryptionCipherCtx interface {
                	EncryptionCipherCtx
                
                	// data passed in to ExtraData() is part of the final output; it is
                	// not encrypted itself, but is part of the authenticated data. when
                	// decrypting or authenticating, pass back with the decryption
                	// context's ExtraData()
                	ExtraData([]byte) error
                
                	// use after finalizing encryption to get the authenticating tag
                	GetTag() ([]byte, error)
                }

                func NewGCMEncryptionCipherCtx

                func NewGCMEncryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) (
                	AuthenticatedEncryptionCipherCtx, error)

                type Certificate

                type Certificate struct {
                	Issuer *Certificate
                	// contains filtered or unexported fields
                }

                func LoadCertificateFromPEM

                func LoadCertificateFromPEM(pem_block []byte) (*Certificate, error)

                  LoadCertificateFromPEM loads an X509 certificate from a PEM-encoded block.

                  func NewCertificate

                  func NewCertificate(info *CertificateInfo, key PublicKey) (*Certificate, error)

                    NewCertificate generates a basic certificate based on the provided CertificateInfo struct

                    func (*Certificate) AddExtension

                    func (c *Certificate) AddExtension(nid NID, value string) error

                      Add an extension to a certificate. Extension constants are NID_* as found in openssl.

                      func (*Certificate) AddExtensions

                      func (c *Certificate) AddExtensions(extensions map[NID]string) error

                        Wraps AddExtension using a map of NID to text extension. Will return without finishing if it encounters an error.

                        func (*Certificate) CheckEmail

                        func (c *Certificate) CheckEmail(email string, flags CheckFlags) error

                          CheckEmail checks that the X509 certificate is signed for the provided email address. See http://www.openssl.org/docs/crypto/X509_check_host.html for more. Specifically returns ValidationError if the Certificate didn't match but there was no internal error.

                          func (*Certificate) CheckHost

                          func (c *Certificate) CheckHost(host string, flags CheckFlags) error

                            CheckHost checks that the X509 certificate is signed for the provided host name. See http://www.openssl.org/docs/crypto/X509_check_host.html for more. Note that CheckHost does not check the IP field. See VerifyHostname. Specifically returns ValidationError if the Certificate didn't match but there was no internal error.

                            func (*Certificate) CheckIP

                            func (c *Certificate) CheckIP(ip net.IP, flags CheckFlags) error

                              CheckIP checks that the X509 certificate is signed for the provided IP address. See http://www.openssl.org/docs/crypto/X509_check_host.html for more. Specifically returns ValidationError if the Certificate didn't match but there was no internal error.

                              func (*Certificate) GetIssuerName

                              func (c *Certificate) GetIssuerName() (*Name, error)

                              func (*Certificate) GetSerialNumberHex

                              func (c *Certificate) GetSerialNumberHex() (serial string)

                                GetSerialNumberHex returns the certificate's serial number in hex format

                                func (*Certificate) GetSubjectName

                                func (c *Certificate) GetSubjectName() (*Name, error)

                                func (*Certificate) GetVersion

                                func (c *Certificate) GetVersion() X509_Version

                                  GetVersion returns the X509 version of the certificate.

                                  func (*Certificate) MarshalPEM

                                  func (c *Certificate) MarshalPEM() (pem_block []byte, err error)

                                    MarshalPEM converts the X509 certificate to PEM-encoded format

                                    func (*Certificate) PublicKey

                                    func (c *Certificate) PublicKey() (PublicKey, error)

                                      PublicKey returns the public key embedded in the X509 certificate.

                                      func (*Certificate) SetExpireDate

                                      func (c *Certificate) SetExpireDate(when time.Duration) error

                                        SetExpireDate sets the certificate issue date relative to the current time.

                                        func (*Certificate) SetIssueDate

                                        func (c *Certificate) SetIssueDate(when time.Duration) error

                                          SetIssueDate sets the certificate issue date relative to the current time.

                                          func (*Certificate) SetIssuer

                                          func (c *Certificate) SetIssuer(issuer *Certificate) error

                                            SetIssuer updates the stored Issuer cert and the internal x509 Issuer Name of a certificate. The stored Issuer reference is used when adding extensions.

                                            func (*Certificate) SetIssuerName

                                            func (c *Certificate) SetIssuerName(name *Name) error

                                              SetIssuerName populates the issuer name of a certificate. Use SetIssuer instead, if possible.

                                              func (*Certificate) SetPubKey

                                              func (c *Certificate) SetPubKey(pubKey PublicKey) error

                                                SetPubKey assigns a new public key to a certificate.

                                                func (*Certificate) SetSerial

                                                func (c *Certificate) SetSerial(serial *big.Int) error

                                                  SetSerial sets the serial of a certificate.

                                                  func (*Certificate) SetSubjectName

                                                  func (c *Certificate) SetSubjectName(name *Name) error

                                                  func (*Certificate) SetVersion

                                                  func (c *Certificate) SetVersion(version X509_Version) error

                                                    SetVersion sets the X509 version of the certificate.

                                                    func (*Certificate) Sign

                                                    func (c *Certificate) Sign(privKey PrivateKey, digest EVP_MD) error

                                                      Sign a certificate using a private key and a digest name. Accepted digest names are 'sha256', 'sha384', and 'sha512'.

                                                      func (*Certificate) VerifyHostname

                                                      func (c *Certificate) VerifyHostname(host string) error

                                                        VerifyHostname is a combination of CheckHost and CheckIP. If the provided hostname looks like an IP address, it will be checked as an IP address, otherwise it will be checked as a hostname. Specifically returns ValidationError if the Certificate didn't match but there was no internal error.

                                                        type CertificateInfo

                                                        type CertificateInfo struct {
                                                        	Serial       *big.Int
                                                        	Issued       time.Duration
                                                        	Expires      time.Duration
                                                        	Country      string
                                                        	Organization string
                                                        	CommonName   string
                                                        }

                                                        type CertificateStore

                                                        type CertificateStore struct {
                                                        	// contains filtered or unexported fields
                                                        }

                                                        func NewCertificateStore

                                                        func NewCertificateStore() (*CertificateStore, error)

                                                          Allocate a new, empty CertificateStore

                                                          func (*CertificateStore) AddCertificate

                                                          func (s *CertificateStore) AddCertificate(cert *Certificate) error

                                                            AddCertificate marks the provided Certificate as a trusted certificate in the given CertificateStore.

                                                            func (*CertificateStore) LoadCertificatesFromPEM

                                                            func (s *CertificateStore) LoadCertificatesFromPEM(data []byte) error

                                                              Parse a chained PEM file, loading all certificates into the Store.

                                                              type CertificateStoreCtx

                                                              type CertificateStoreCtx struct {
                                                              	// contains filtered or unexported fields
                                                              }

                                                              func (*CertificateStoreCtx) Depth

                                                              func (self *CertificateStoreCtx) Depth() int

                                                              func (*CertificateStoreCtx) Err

                                                              func (self *CertificateStoreCtx) Err() error

                                                              func (*CertificateStoreCtx) GetCurrentCert

                                                              func (self *CertificateStoreCtx) GetCurrentCert() *Certificate

                                                                the certicate returned is only valid for the lifetime of the underlying X509_STORE_CTX

                                                                func (*CertificateStoreCtx) VerifyResult

                                                                func (self *CertificateStoreCtx) VerifyResult() VerifyResult

                                                                type CheckFlags

                                                                type CheckFlags int

                                                                type Cipher

                                                                type Cipher struct {
                                                                	// contains filtered or unexported fields
                                                                }

                                                                func GetCipherByName

                                                                func GetCipherByName(name string) (*Cipher, error)

                                                                func GetCipherByNid

                                                                func GetCipherByNid(nid NID) (*Cipher, error)

                                                                func (*Cipher) BlockSize

                                                                func (c *Cipher) BlockSize() int

                                                                func (*Cipher) IVSize

                                                                func (c *Cipher) IVSize() int

                                                                func (*Cipher) KeySize

                                                                func (c *Cipher) KeySize() int

                                                                func (*Cipher) Nid

                                                                func (c *Cipher) Nid() NID

                                                                func (*Cipher) ShortName

                                                                func (c *Cipher) ShortName() (string, error)

                                                                type CipherCtx

                                                                type CipherCtx interface {
                                                                	Cipher() *Cipher
                                                                	BlockSize() int
                                                                	KeySize() int
                                                                	IVSize() int
                                                                }

                                                                type Conn

                                                                type Conn struct {
                                                                	*SSL
                                                                	// contains filtered or unexported fields
                                                                }

                                                                func Client

                                                                func Client(conn net.Conn, ctx *Ctx) (*Conn, error)

                                                                  Client wraps an existing stream connection and puts it in the connect state for any subsequent handshakes.

                                                                  IMPORTANT NOTE: if you use this method instead of Dial to construct an SSL connection, you are responsible for verifying the peer's hostname. Otherwise, you are vulnerable to MITM attacks.

                                                                  Client also does not set up SNI for you like Dial does.

                                                                  Client connections probably won't work for you unless you set a verify location or add some certs to the certificate store of the client context you're using. This library is not nice enough to use the system certificate store by default for you yet.

                                                                  func Dial

                                                                  func Dial(network, addr string, ctx *Ctx, flags DialFlags) (*Conn, error)

                                                                    Dial will connect to network/address and then wrap the corresponding underlying connection with an OpenSSL client connection using context ctx. If flags includes InsecureSkipHostVerification, the server certificate's hostname will not be checked to match the hostname in addr. Otherwise, flags should be 0.

                                                                    Dial probably won't work for you unless you set a verify location or add some certs to the certificate store of the client context you're using. This library is not nice enough to use the system certificate store by default for you yet.

                                                                    func DialSession

                                                                    func DialSession(network, addr string, ctx *Ctx, flags DialFlags,
                                                                    	session []byte) (*Conn, error)

                                                                      DialSession will connect to network/address and then wrap the corresponding underlying connection with an OpenSSL client connection using context ctx. If flags includes InsecureSkipHostVerification, the server certificate's hostname will not be checked to match the hostname in addr. Otherwise, flags should be 0.

                                                                      Dial probably won't work for you unless you set a verify location or add some certs to the certificate store of the client context you're using. This library is not nice enough to use the system certificate store by default for you yet.

                                                                      If session is not nil it will be used to resume the tls state. The session can be retrieved from the GetSession method on the Conn.

                                                                      func Server

                                                                      func Server(conn net.Conn, ctx *Ctx) (*Conn, error)

                                                                        Server wraps an existing stream connection and puts it in the accept state for any subsequent handshakes.

                                                                        func (*Conn) Close

                                                                        func (c *Conn) Close() error

                                                                          Close shuts down the SSL connection and closes the underlying wrapped connection.

                                                                          func (*Conn) ConnectionState

                                                                          func (c *Conn) ConnectionState() (rv ConnectionState)

                                                                          func (*Conn) CurrentCipher

                                                                          func (c *Conn) CurrentCipher() (string, error)

                                                                          func (*Conn) GetCtx

                                                                          func (c *Conn) GetCtx() *Ctx

                                                                          func (*Conn) GetSession

                                                                          func (c *Conn) GetSession() ([]byte, error)

                                                                          func (*Conn) Handshake

                                                                          func (c *Conn) Handshake() error

                                                                            Handshake performs an SSL handshake. If a handshake is not manually triggered, it will run before the first I/O on the encrypted stream.

                                                                            func (*Conn) LocalAddr

                                                                            func (c *Conn) LocalAddr() net.Addr

                                                                              LocalAddr returns the underlying connection's local address

                                                                              func (*Conn) PeerCertificate

                                                                              func (c *Conn) PeerCertificate() (*Certificate, error)

                                                                                PeerCertificate returns the Certificate of the peer with which you're communicating. Only valid after a handshake.

                                                                                func (*Conn) PeerCertificateChain

                                                                                func (c *Conn) PeerCertificateChain() (rv []*Certificate, err error)

                                                                                  PeerCertificateChain returns the certificate chain of the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using PeerCertificate.

                                                                                  func (*Conn) Read

                                                                                  func (c *Conn) Read(b []byte) (n int, err error)

                                                                                    Read reads up to len(b) bytes into b. It returns the number of bytes read and an error if applicable. io.EOF is returned when the caller can expect to see no more data.

                                                                                    func (*Conn) RemoteAddr

                                                                                    func (c *Conn) RemoteAddr() net.Addr

                                                                                      RemoteAddr returns the underlying connection's remote address

                                                                                      func (*Conn) SessionReused

                                                                                      func (c *Conn) SessionReused() bool

                                                                                      func (*Conn) SetDeadline

                                                                                      func (c *Conn) SetDeadline(t time.Time) error

                                                                                        SetDeadline calls SetDeadline on the underlying connection.

                                                                                        func (*Conn) SetReadDeadline

                                                                                        func (c *Conn) SetReadDeadline(t time.Time) error

                                                                                          SetReadDeadline calls SetReadDeadline on the underlying connection.

                                                                                          func (*Conn) SetTlsExtHostName

                                                                                          func (c *Conn) SetTlsExtHostName(name string) error

                                                                                          func (*Conn) SetWriteDeadline

                                                                                          func (c *Conn) SetWriteDeadline(t time.Time) error

                                                                                            SetWriteDeadline calls SetWriteDeadline on the underlying connection.

                                                                                            func (*Conn) UnderlyingConn

                                                                                            func (c *Conn) UnderlyingConn() net.Conn

                                                                                            func (*Conn) VerifyHostname

                                                                                            func (c *Conn) VerifyHostname(host string) error

                                                                                              VerifyHostname pulls the PeerCertificate and calls VerifyHostname on the certificate.

                                                                                              func (*Conn) VerifyResult

                                                                                              func (c *Conn) VerifyResult() VerifyResult

                                                                                              func (*Conn) Write

                                                                                              func (c *Conn) Write(b []byte) (written int, err error)

                                                                                                Write will encrypt the contents of b and write it to the underlying stream. Performance will be vastly improved if the size of b is a multiple of SSLRecordSize.

                                                                                                type ConnectionState

                                                                                                type ConnectionState struct {
                                                                                                	Certificate           *Certificate
                                                                                                	CertificateError      error
                                                                                                	CertificateChain      []*Certificate
                                                                                                	CertificateChainError error
                                                                                                	SessionReused         bool
                                                                                                }

                                                                                                type Ctx

                                                                                                type Ctx struct {
                                                                                                	// contains filtered or unexported fields
                                                                                                }

                                                                                                func NewCtx

                                                                                                func NewCtx() (*Ctx, error)

                                                                                                  NewCtx creates a context that supports any TLS version 1.0 and newer.

                                                                                                  func NewCtxFromFiles

                                                                                                  func NewCtxFromFiles(cert_file string, key_file string) (*Ctx, error)

                                                                                                    NewCtxFromFiles calls NewCtx, loads the provided files, and configures the context to use them.

                                                                                                    func NewCtxWithVersion

                                                                                                    func NewCtxWithVersion(version SSLVersion) (*Ctx, error)

                                                                                                      NewCtxWithVersion creates an SSL context that is specific to the provided SSL version. See http://www.openssl.org/docs/ssl/SSL_CTX_new.html for more.

                                                                                                      func (*Ctx) AddChainCertificate

                                                                                                      func (c *Ctx) AddChainCertificate(cert *Certificate) error

                                                                                                        AddChainCertificate adds a certificate to the chain presented in the handshake.

                                                                                                        func (*Ctx) ClearOptions

                                                                                                        func (c *Ctx) ClearOptions(options Options) Options

                                                                                                        func (*Ctx) GetCertificateStore

                                                                                                        func (c *Ctx) GetCertificateStore() *CertificateStore

                                                                                                          GetCertificateStore returns the context's certificate store that will be used for peer validation.

                                                                                                          func (*Ctx) GetMode

                                                                                                          func (c *Ctx) GetMode() Modes

                                                                                                            GetMode returns context modes. See http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html

                                                                                                            func (*Ctx) GetOptions

                                                                                                            func (c *Ctx) GetOptions() Options

                                                                                                              GetOptions returns context options. See https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html

                                                                                                              func (*Ctx) GetTimeout

                                                                                                              func (c *Ctx) GetTimeout() time.Duration

                                                                                                                Get session cache timeout. See https://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html

                                                                                                                func (*Ctx) GetVerifyCallback

                                                                                                                func (c *Ctx) GetVerifyCallback() VerifyCallback

                                                                                                                func (*Ctx) GetVerifyDepth

                                                                                                                func (c *Ctx) GetVerifyDepth() int

                                                                                                                  GetVerifyDepth controls how many certificates deep the certificate verification logic is willing to follow a certificate chain. See https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                  func (*Ctx) LoadVerifyLocations

                                                                                                                  func (c *Ctx) LoadVerifyLocations(ca_file string, ca_path string) error

                                                                                                                    LoadVerifyLocations tells the context to trust all certificate authorities provided in either the ca_file or the ca_path. See http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html for more.

                                                                                                                    func (*Ctx) SessGetCacheSize

                                                                                                                    func (c *Ctx) SessGetCacheSize() int

                                                                                                                      Get session cache size. https://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html

                                                                                                                      func (*Ctx) SessSetCacheSize

                                                                                                                      func (c *Ctx) SessSetCacheSize(t int) int

                                                                                                                        Set session cache size. Returns previously set value. https://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html

                                                                                                                        func (*Ctx) SetCipherList

                                                                                                                        func (c *Ctx) SetCipherList(list string) error

                                                                                                                          SetCipherList sets the list of available ciphers. The format of the list is described at http://www.openssl.org/docs/apps/ciphers.html, but see http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html for more.

                                                                                                                          func (*Ctx) SetDHParameters

                                                                                                                          func (c *Ctx) SetDHParameters(dh *DH) error

                                                                                                                            SetDHParameters sets the DH group (DH parameters) used to negotiate an emphemeral DH key during handshaking.

                                                                                                                            func (*Ctx) SetEllipticCurve

                                                                                                                            func (c *Ctx) SetEllipticCurve(curve EllipticCurve) error

                                                                                                                              SetEllipticCurve sets the elliptic curve used by the SSL context to enable an ECDH cipher suite to be selected during the handshake.

                                                                                                                              func (*Ctx) SetMode

                                                                                                                              func (c *Ctx) SetMode(modes Modes) Modes

                                                                                                                                SetMode sets context modes. See http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html

                                                                                                                                func (*Ctx) SetOptions

                                                                                                                                func (c *Ctx) SetOptions(options Options) Options

                                                                                                                                  SetOptions sets context options. See http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html

                                                                                                                                  func (*Ctx) SetSessionCacheMode

                                                                                                                                  func (c *Ctx) SetSessionCacheMode(modes SessionCacheModes) SessionCacheModes

                                                                                                                                    SetSessionCacheMode enables or disables session caching. See http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html

                                                                                                                                    func (*Ctx) SetSessionId

                                                                                                                                    func (c *Ctx) SetSessionId(session_id []byte) error

                                                                                                                                    func (*Ctx) SetTLSExtServernameCallback

                                                                                                                                    func (c *Ctx) SetTLSExtServernameCallback(sni_cb TLSExtServernameCallback)

                                                                                                                                      SetTLSExtServernameCallback sets callback function for Server Name Indication (SNI) rfc6066 (http://tools.ietf.org/html/rfc6066). See http://stackoverflow.com/questions/22373332/serving-multiple-domains-in-one-box-with-sni

                                                                                                                                      func (*Ctx) SetTicketStore

                                                                                                                                      func (c *Ctx) SetTicketStore(store *TicketStore)

                                                                                                                                        SetTicketStore sets the ticket store for the context so that clients can do ticket based session resumption. If the store is nil, the

                                                                                                                                        func (*Ctx) SetTimeout

                                                                                                                                        func (c *Ctx) SetTimeout(t time.Duration) time.Duration

                                                                                                                                          Set session cache timeout. Returns previously set value. See https://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html

                                                                                                                                          func (*Ctx) SetVerify

                                                                                                                                          func (c *Ctx) SetVerify(options VerifyOptions, verify_cb VerifyCallback)

                                                                                                                                            SetVerify controls peer verification settings. See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                            func (*Ctx) SetVerifyCallback

                                                                                                                                            func (c *Ctx) SetVerifyCallback(verify_cb VerifyCallback)

                                                                                                                                            func (*Ctx) SetVerifyDepth

                                                                                                                                            func (c *Ctx) SetVerifyDepth(depth int)

                                                                                                                                              SetVerifyDepth controls how many certificates deep the certificate verification logic is willing to follow a certificate chain. See https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                              func (*Ctx) SetVerifyMode

                                                                                                                                              func (c *Ctx) SetVerifyMode(options VerifyOptions)

                                                                                                                                              func (*Ctx) UseCertificate

                                                                                                                                              func (c *Ctx) UseCertificate(cert *Certificate) error

                                                                                                                                                UseCertificate configures the context to present the given certificate to peers.

                                                                                                                                                func (*Ctx) UsePrivateKey

                                                                                                                                                func (c *Ctx) UsePrivateKey(key PrivateKey) error

                                                                                                                                                  UsePrivateKey configures the context to use the given private key for SSL handshakes.

                                                                                                                                                  func (*Ctx) VerifyMode

                                                                                                                                                  func (c *Ctx) VerifyMode() VerifyOptions

                                                                                                                                                  type DH

                                                                                                                                                  type DH struct {
                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                  }

                                                                                                                                                  func LoadDHParametersFromPEM

                                                                                                                                                  func LoadDHParametersFromPEM(pem_block []byte) (*DH, error)

                                                                                                                                                    LoadDHParametersFromPEM loads the Diffie-Hellman parameters from a PEM-encoded block.

                                                                                                                                                    type DecryptionCipherCtx

                                                                                                                                                    type DecryptionCipherCtx interface {
                                                                                                                                                    	CipherCtx
                                                                                                                                                    
                                                                                                                                                    	// pass in ciphertext, get back plaintext. can be called
                                                                                                                                                    	// multiple times as needed
                                                                                                                                                    	DecryptUpdate(input []byte) ([]byte, error)
                                                                                                                                                    
                                                                                                                                                    	// call after all ciphertext has been passed in; may return
                                                                                                                                                    	// additional plaintext if needed to finish off a block
                                                                                                                                                    	DecryptFinal() ([]byte, error)
                                                                                                                                                    }

                                                                                                                                                    func NewDecryptionCipherCtx

                                                                                                                                                    func NewDecryptionCipherCtx(c *Cipher, e *Engine, key, iv []byte) (
                                                                                                                                                    	DecryptionCipherCtx, error)

                                                                                                                                                    type DialFlags

                                                                                                                                                    type DialFlags int
                                                                                                                                                    const (
                                                                                                                                                    	InsecureSkipHostVerification DialFlags = 1 << iota
                                                                                                                                                    	DisableSNI
                                                                                                                                                    )

                                                                                                                                                    type Digest

                                                                                                                                                    type Digest struct {
                                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                                    }

                                                                                                                                                      Digest represents and openssl message digest.

                                                                                                                                                      func GetDigestByName

                                                                                                                                                      func GetDigestByName(name string) (*Digest, error)

                                                                                                                                                        GetDigestByName returns the Digest with the name or nil and an error if the digest was not found.

                                                                                                                                                        func GetDigestByNid

                                                                                                                                                        func GetDigestByNid(nid NID) (*Digest, error)

                                                                                                                                                          GetDigestByName returns the Digest with the NID or nil and an error if the digest was not found.

                                                                                                                                                          type EVP_MD

                                                                                                                                                          type EVP_MD int
                                                                                                                                                          const (
                                                                                                                                                          	EVP_NULL      EVP_MD = iota
                                                                                                                                                          	EVP_MD5       EVP_MD = iota
                                                                                                                                                          	EVP_MD4       EVP_MD = iota
                                                                                                                                                          	EVP_SHA       EVP_MD = iota
                                                                                                                                                          	EVP_SHA1      EVP_MD = iota
                                                                                                                                                          	EVP_DSS       EVP_MD = iota
                                                                                                                                                          	EVP_DSS1      EVP_MD = iota
                                                                                                                                                          	EVP_MDC2      EVP_MD = iota
                                                                                                                                                          	EVP_RIPEMD160 EVP_MD = iota
                                                                                                                                                          	EVP_SHA224    EVP_MD = iota
                                                                                                                                                          	EVP_SHA256    EVP_MD = iota
                                                                                                                                                          	EVP_SHA384    EVP_MD = iota
                                                                                                                                                          	EVP_SHA512    EVP_MD = iota
                                                                                                                                                          )

                                                                                                                                                          type EllipticCurve

                                                                                                                                                          type EllipticCurve int

                                                                                                                                                            EllipticCurve repesents the ASN.1 OID of an elliptic curve. see https://www.openssl.org/docs/apps/ecparam.html for a list of implemented curves.

                                                                                                                                                            const (
                                                                                                                                                            	// P-256: X9.62/SECG curve over a 256 bit prime field
                                                                                                                                                            	Prime256v1 EllipticCurve = C.NID_X9_62_prime256v1
                                                                                                                                                            	// P-384: NIST/SECG curve over a 384 bit prime field
                                                                                                                                                            	Secp384r1 EllipticCurve = C.NID_secp384r1
                                                                                                                                                            	// P-521: NIST/SECG curve over a 521 bit prime field
                                                                                                                                                            	Secp521r1 EllipticCurve = C.NID_secp521r1
                                                                                                                                                            )

                                                                                                                                                            type EncryptionCipherCtx

                                                                                                                                                            type EncryptionCipherCtx interface {
                                                                                                                                                            	CipherCtx
                                                                                                                                                            
                                                                                                                                                            	// pass in plaintext, get back ciphertext. can be called
                                                                                                                                                            	// multiple times as needed
                                                                                                                                                            	EncryptUpdate(input []byte) ([]byte, error)
                                                                                                                                                            
                                                                                                                                                            	// call after all plaintext has been passed in; may return
                                                                                                                                                            	// additional ciphertext if needed to finish off a block
                                                                                                                                                            	// or extra padding information
                                                                                                                                                            	EncryptFinal() ([]byte, error)
                                                                                                                                                            }

                                                                                                                                                            func NewEncryptionCipherCtx

                                                                                                                                                            func NewEncryptionCipherCtx(c *Cipher, e *Engine, key, iv []byte) (
                                                                                                                                                            	EncryptionCipherCtx, error)

                                                                                                                                                            type Engine

                                                                                                                                                            type Engine struct {
                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                            }

                                                                                                                                                            func EngineById

                                                                                                                                                            func EngineById(name string) (*Engine, error)

                                                                                                                                                            type HMAC

                                                                                                                                                            type HMAC struct {
                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                            }

                                                                                                                                                            func NewHMAC

                                                                                                                                                            func NewHMAC(key []byte, digestAlgorithm EVP_MD) (*HMAC, error)

                                                                                                                                                            func NewHMACWithEngine

                                                                                                                                                            func NewHMACWithEngine(key []byte, digestAlgorithm EVP_MD, e *Engine) (*HMAC, error)

                                                                                                                                                            func (*HMAC) Close

                                                                                                                                                            func (h *HMAC) Close()

                                                                                                                                                            func (*HMAC) Final

                                                                                                                                                            func (h *HMAC) Final() (result []byte, err error)

                                                                                                                                                            func (*HMAC) Reset

                                                                                                                                                            func (h *HMAC) Reset() error

                                                                                                                                                            func (*HMAC) Write

                                                                                                                                                            func (h *HMAC) Write(data []byte) (n int, err error)

                                                                                                                                                            type MD4Hash

                                                                                                                                                            type MD4Hash struct {
                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                            }

                                                                                                                                                            func NewMD4Hash

                                                                                                                                                            func NewMD4Hash() (*MD4Hash, error)

                                                                                                                                                            func NewMD4HashWithEngine

                                                                                                                                                            func NewMD4HashWithEngine(e *Engine) (*MD4Hash, error)

                                                                                                                                                            func (*MD4Hash) Close

                                                                                                                                                            func (s *MD4Hash) Close()

                                                                                                                                                            func (*MD4Hash) Reset

                                                                                                                                                            func (s *MD4Hash) Reset() error

                                                                                                                                                            func (*MD4Hash) Sum

                                                                                                                                                            func (s *MD4Hash) Sum() (result [16]byte, err error)

                                                                                                                                                            func (*MD4Hash) Write

                                                                                                                                                            func (s *MD4Hash) Write(p []byte) (n int, err error)

                                                                                                                                                            type MD5Hash

                                                                                                                                                            type MD5Hash struct {
                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                            }

                                                                                                                                                            func NewMD5Hash

                                                                                                                                                            func NewMD5Hash() (*MD5Hash, error)

                                                                                                                                                            func NewMD5HashWithEngine

                                                                                                                                                            func NewMD5HashWithEngine(e *Engine) (*MD5Hash, error)

                                                                                                                                                            func (*MD5Hash) Close

                                                                                                                                                            func (s *MD5Hash) Close()

                                                                                                                                                            func (*MD5Hash) Reset

                                                                                                                                                            func (s *MD5Hash) Reset() error

                                                                                                                                                            func (*MD5Hash) Sum

                                                                                                                                                            func (s *MD5Hash) Sum() (result [16]byte, err error)

                                                                                                                                                            func (*MD5Hash) Write

                                                                                                                                                            func (s *MD5Hash) Write(p []byte) (n int, err error)

                                                                                                                                                            type Method

                                                                                                                                                            type Method *C.EVP_MD
                                                                                                                                                            var (
                                                                                                                                                            	SHA1_Method   Method = C.X_EVP_sha1()
                                                                                                                                                            	SHA256_Method Method = C.X_EVP_sha256()
                                                                                                                                                            	SHA512_Method Method = C.X_EVP_sha512()
                                                                                                                                                            )

                                                                                                                                                            type Modes

                                                                                                                                                            type Modes int
                                                                                                                                                            const (
                                                                                                                                                            	// ReleaseBuffers is only valid if you are using OpenSSL 1.0.1 or newer
                                                                                                                                                            	ReleaseBuffers Modes = C.SSL_MODE_RELEASE_BUFFERS
                                                                                                                                                            )

                                                                                                                                                            type NID

                                                                                                                                                            type NID int
                                                                                                                                                            const (
                                                                                                                                                            	NID_undef                              NID = 0
                                                                                                                                                            	NID_rsadsi                             NID = 1
                                                                                                                                                            	NID_pkcs                               NID = 2
                                                                                                                                                            	NID_md2                                NID = 3
                                                                                                                                                            	NID_md5                                NID = 4
                                                                                                                                                            	NID_rc4                                NID = 5
                                                                                                                                                            	NID_rsaEncryption                      NID = 6
                                                                                                                                                            	NID_md2WithRSAEncryption               NID = 7
                                                                                                                                                            	NID_md5WithRSAEncryption               NID = 8
                                                                                                                                                            	NID_pbeWithMD2AndDES_CBC               NID = 9
                                                                                                                                                            	NID_pbeWithMD5AndDES_CBC               NID = 10
                                                                                                                                                            	NID_X500                               NID = 11
                                                                                                                                                            	NID_X509                               NID = 12
                                                                                                                                                            	NID_commonName                         NID = 13
                                                                                                                                                            	NID_countryName                        NID = 14
                                                                                                                                                            	NID_localityName                       NID = 15
                                                                                                                                                            	NID_stateOrProvinceName                NID = 16
                                                                                                                                                            	NID_organizationName                   NID = 17
                                                                                                                                                            	NID_organizationalUnitName             NID = 18
                                                                                                                                                            	NID_rsa                                NID = 19
                                                                                                                                                            	NID_pkcs7                              NID = 20
                                                                                                                                                            	NID_pkcs7_data                         NID = 21
                                                                                                                                                            	NID_pkcs7_signed                       NID = 22
                                                                                                                                                            	NID_pkcs7_enveloped                    NID = 23
                                                                                                                                                            	NID_pkcs7_signedAndEnveloped           NID = 24
                                                                                                                                                            	NID_pkcs7_digest                       NID = 25
                                                                                                                                                            	NID_pkcs7_encrypted                    NID = 26
                                                                                                                                                            	NID_pkcs3                              NID = 27
                                                                                                                                                            	NID_dhKeyAgreement                     NID = 28
                                                                                                                                                            	NID_des_ecb                            NID = 29
                                                                                                                                                            	NID_des_cfb64                          NID = 30
                                                                                                                                                            	NID_des_cbc                            NID = 31
                                                                                                                                                            	NID_des_ede                            NID = 32
                                                                                                                                                            	NID_des_ede3                           NID = 33
                                                                                                                                                            	NID_idea_cbc                           NID = 34
                                                                                                                                                            	NID_idea_cfb64                         NID = 35
                                                                                                                                                            	NID_idea_ecb                           NID = 36
                                                                                                                                                            	NID_rc2_cbc                            NID = 37
                                                                                                                                                            	NID_rc2_ecb                            NID = 38
                                                                                                                                                            	NID_rc2_cfb64                          NID = 39
                                                                                                                                                            	NID_rc2_ofb64                          NID = 40
                                                                                                                                                            	NID_sha                                NID = 41
                                                                                                                                                            	NID_shaWithRSAEncryption               NID = 42
                                                                                                                                                            	NID_des_ede_cbc                        NID = 43
                                                                                                                                                            	NID_des_ede3_cbc                       NID = 44
                                                                                                                                                            	NID_des_ofb64                          NID = 45
                                                                                                                                                            	NID_idea_ofb64                         NID = 46
                                                                                                                                                            	NID_pkcs9                              NID = 47
                                                                                                                                                            	NID_pkcs9_emailAddress                 NID = 48
                                                                                                                                                            	NID_pkcs9_unstructuredName             NID = 49
                                                                                                                                                            	NID_pkcs9_contentType                  NID = 50
                                                                                                                                                            	NID_pkcs9_messageDigest                NID = 51
                                                                                                                                                            	NID_pkcs9_signingTime                  NID = 52
                                                                                                                                                            	NID_pkcs9_countersignature             NID = 53
                                                                                                                                                            	NID_pkcs9_challengePassword            NID = 54
                                                                                                                                                            	NID_pkcs9_unstructuredAddress          NID = 55
                                                                                                                                                            	NID_pkcs9_extCertAttributes            NID = 56
                                                                                                                                                            	NID_netscape                           NID = 57
                                                                                                                                                            	NID_netscape_cert_extension            NID = 58
                                                                                                                                                            	NID_netscape_data_type                 NID = 59
                                                                                                                                                            	NID_des_ede_cfb64                      NID = 60
                                                                                                                                                            	NID_des_ede3_cfb64                     NID = 61
                                                                                                                                                            	NID_des_ede_ofb64                      NID = 62
                                                                                                                                                            	NID_des_ede3_ofb64                     NID = 63
                                                                                                                                                            	NID_sha1                               NID = 64
                                                                                                                                                            	NID_sha1WithRSAEncryption              NID = 65
                                                                                                                                                            	NID_dsaWithSHA                         NID = 66
                                                                                                                                                            	NID_dsa_2                              NID = 67
                                                                                                                                                            	NID_pbeWithSHA1AndRC2_CBC              NID = 68
                                                                                                                                                            	NID_id_pbkdf2                          NID = 69
                                                                                                                                                            	NID_dsaWithSHA1_2                      NID = 70
                                                                                                                                                            	NID_netscape_cert_type                 NID = 71
                                                                                                                                                            	NID_netscape_base_url                  NID = 72
                                                                                                                                                            	NID_netscape_revocation_url            NID = 73
                                                                                                                                                            	NID_netscape_ca_revocation_url         NID = 74
                                                                                                                                                            	NID_netscape_renewal_url               NID = 75
                                                                                                                                                            	NID_netscape_ca_policy_url             NID = 76
                                                                                                                                                            	NID_netscape_ssl_server_name           NID = 77
                                                                                                                                                            	NID_netscape_comment                   NID = 78
                                                                                                                                                            	NID_netscape_cert_sequence             NID = 79
                                                                                                                                                            	NID_desx_cbc                           NID = 80
                                                                                                                                                            	NID_id_ce                              NID = 81
                                                                                                                                                            	NID_subject_key_identifier             NID = 82
                                                                                                                                                            	NID_key_usage                          NID = 83
                                                                                                                                                            	NID_private_key_usage_period           NID = 84
                                                                                                                                                            	NID_subject_alt_name                   NID = 85
                                                                                                                                                            	NID_issuer_alt_name                    NID = 86
                                                                                                                                                            	NID_basic_constraints                  NID = 87
                                                                                                                                                            	NID_crl_number                         NID = 88
                                                                                                                                                            	NID_certificate_policies               NID = 89
                                                                                                                                                            	NID_authority_key_identifier           NID = 90
                                                                                                                                                            	NID_bf_cbc                             NID = 91
                                                                                                                                                            	NID_bf_ecb                             NID = 92
                                                                                                                                                            	NID_bf_cfb64                           NID = 93
                                                                                                                                                            	NID_bf_ofb64                           NID = 94
                                                                                                                                                            	NID_mdc2                               NID = 95
                                                                                                                                                            	NID_mdc2WithRSA                        NID = 96
                                                                                                                                                            	NID_rc4_40                             NID = 97
                                                                                                                                                            	NID_rc2_40_cbc                         NID = 98
                                                                                                                                                            	NID_givenName                          NID = 99
                                                                                                                                                            	NID_surname                            NID = 100
                                                                                                                                                            	NID_initials                           NID = 101
                                                                                                                                                            	NID_uniqueIdentifier                   NID = 102
                                                                                                                                                            	NID_crl_distribution_points            NID = 103
                                                                                                                                                            	NID_md5WithRSA                         NID = 104
                                                                                                                                                            	NID_serialNumber                       NID = 105
                                                                                                                                                            	NID_title                              NID = 106
                                                                                                                                                            	NID_description                        NID = 107
                                                                                                                                                            	NID_cast5_cbc                          NID = 108
                                                                                                                                                            	NID_cast5_ecb                          NID = 109
                                                                                                                                                            	NID_cast5_cfb64                        NID = 110
                                                                                                                                                            	NID_cast5_ofb64                        NID = 111
                                                                                                                                                            	NID_pbeWithMD5AndCast5_CBC             NID = 112
                                                                                                                                                            	NID_dsaWithSHA1                        NID = 113
                                                                                                                                                            	NID_md5_sha1                           NID = 114
                                                                                                                                                            	NID_sha1WithRSA                        NID = 115
                                                                                                                                                            	NID_dsa                                NID = 116
                                                                                                                                                            	NID_ripemd160                          NID = 117
                                                                                                                                                            	NID_ripemd160WithRSA                   NID = 119
                                                                                                                                                            	NID_rc5_cbc                            NID = 120
                                                                                                                                                            	NID_rc5_ecb                            NID = 121
                                                                                                                                                            	NID_rc5_cfb64                          NID = 122
                                                                                                                                                            	NID_rc5_ofb64                          NID = 123
                                                                                                                                                            	NID_rle_compression                    NID = 124
                                                                                                                                                            	NID_zlib_compression                   NID = 125
                                                                                                                                                            	NID_ext_key_usage                      NID = 126
                                                                                                                                                            	NID_id_pkix                            NID = 127
                                                                                                                                                            	NID_id_kp                              NID = 128
                                                                                                                                                            	NID_server_auth                        NID = 129
                                                                                                                                                            	NID_client_auth                        NID = 130
                                                                                                                                                            	NID_code_sign                          NID = 131
                                                                                                                                                            	NID_email_protect                      NID = 132
                                                                                                                                                            	NID_time_stamp                         NID = 133
                                                                                                                                                            	NID_ms_code_ind                        NID = 134
                                                                                                                                                            	NID_ms_code_com                        NID = 135
                                                                                                                                                            	NID_ms_ctl_sign                        NID = 136
                                                                                                                                                            	NID_ms_sgc                             NID = 137
                                                                                                                                                            	NID_ms_efs                             NID = 138
                                                                                                                                                            	NID_ns_sgc                             NID = 139
                                                                                                                                                            	NID_delta_crl                          NID = 140
                                                                                                                                                            	NID_crl_reason                         NID = 141
                                                                                                                                                            	NID_invalidity_date                    NID = 142
                                                                                                                                                            	NID_sxnet                              NID = 143
                                                                                                                                                            	NID_pbe_WithSHA1And128BitRC4           NID = 144
                                                                                                                                                            	NID_pbe_WithSHA1And40BitRC4            NID = 145
                                                                                                                                                            	NID_pbe_WithSHA1And3_Key_TripleDES_CBC NID = 146
                                                                                                                                                            	NID_pbe_WithSHA1And2_Key_TripleDES_CBC NID = 147
                                                                                                                                                            	NID_pbe_WithSHA1And128BitRC2_CBC       NID = 148
                                                                                                                                                            	NID_pbe_WithSHA1And40BitRC2_CBC        NID = 149
                                                                                                                                                            	NID_keyBag                             NID = 150
                                                                                                                                                            	NID_pkcs8ShroudedKeyBag                NID = 151
                                                                                                                                                            	NID_certBag                            NID = 152
                                                                                                                                                            	NID_crlBag                             NID = 153
                                                                                                                                                            	NID_secretBag                          NID = 154
                                                                                                                                                            	NID_safeContentsBag                    NID = 155
                                                                                                                                                            	NID_friendlyName                       NID = 156
                                                                                                                                                            	NID_localKeyID                         NID = 157
                                                                                                                                                            	NID_x509Certificate                    NID = 158
                                                                                                                                                            	NID_sdsiCertificate                    NID = 159
                                                                                                                                                            	NID_x509Crl                            NID = 160
                                                                                                                                                            	NID_pbes2                              NID = 161
                                                                                                                                                            	NID_pbmac1                             NID = 162
                                                                                                                                                            	NID_hmacWithSHA1                       NID = 163
                                                                                                                                                            	NID_id_qt_cps                          NID = 164
                                                                                                                                                            	NID_id_qt_unotice                      NID = 165
                                                                                                                                                            	NID_rc2_64_cbc                         NID = 166
                                                                                                                                                            	NID_SMIMECapabilities                  NID = 167
                                                                                                                                                            	NID_pbeWithMD2AndRC2_CBC               NID = 168
                                                                                                                                                            	NID_pbeWithMD5AndRC2_CBC               NID = 169
                                                                                                                                                            	NID_pbeWithSHA1AndDES_CBC              NID = 170
                                                                                                                                                            	NID_ms_ext_req                         NID = 171
                                                                                                                                                            	NID_ext_req                            NID = 172
                                                                                                                                                            	NID_name                               NID = 173
                                                                                                                                                            	NID_dnQualifier                        NID = 174
                                                                                                                                                            	NID_id_pe                              NID = 175
                                                                                                                                                            	NID_id_ad                              NID = 176
                                                                                                                                                            	NID_info_access                        NID = 177
                                                                                                                                                            	NID_ad_OCSP                            NID = 178
                                                                                                                                                            	NID_ad_ca_issuers                      NID = 179
                                                                                                                                                            	NID_OCSP_sign                          NID = 180
                                                                                                                                                            	NID_X9_62_id_ecPublicKey               NID = 408
                                                                                                                                                            	NID_hmac                               NID = 855
                                                                                                                                                            	NID_cmac                               NID = 894
                                                                                                                                                            	NID_dhpublicnumber                     NID = 920
                                                                                                                                                            	NID_tls1_prf                           NID = 1021
                                                                                                                                                            	NID_hkdf                               NID = 1036
                                                                                                                                                            	NID_X25519                             NID = 1034
                                                                                                                                                            	NID_X448                               NID = 1035
                                                                                                                                                            	NID_ED25519                            NID = 1087
                                                                                                                                                            	NID_ED448                              NID = 1088
                                                                                                                                                            )

                                                                                                                                                            type Name

                                                                                                                                                            type Name struct {
                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                            }

                                                                                                                                                            func NewName

                                                                                                                                                            func NewName() (*Name, error)

                                                                                                                                                              Allocate and return a new Name object.

                                                                                                                                                              func (*Name) AddTextEntries

                                                                                                                                                              func (n *Name) AddTextEntries(entries map[string]string) error

                                                                                                                                                                AddTextEntries allows adding multiple entries to a name in one call.

                                                                                                                                                                func (*Name) AddTextEntry

                                                                                                                                                                func (n *Name) AddTextEntry(field, value string) error

                                                                                                                                                                  AddTextEntry appends a text entry to an X509 NAME.

                                                                                                                                                                  func (*Name) GetEntry

                                                                                                                                                                  func (n *Name) GetEntry(nid NID) (entry string, ok bool)

                                                                                                                                                                    GetEntry returns a name entry based on NID. If no entry, then ("", false) is returned.

                                                                                                                                                                    type Options

                                                                                                                                                                    type Options int
                                                                                                                                                                    const (
                                                                                                                                                                    	// NoCompression is only valid if you are using OpenSSL 1.0.1 or newer
                                                                                                                                                                    	NoCompression                      Options = C.SSL_OP_NO_COMPRESSION
                                                                                                                                                                    	NoSSLv2                            Options = C.SSL_OP_NO_SSLv2
                                                                                                                                                                    	NoSSLv3                            Options = C.SSL_OP_NO_SSLv3
                                                                                                                                                                    	NoTLSv1                            Options = C.SSL_OP_NO_TLSv1
                                                                                                                                                                    	CipherServerPreference             Options = C.SSL_OP_CIPHER_SERVER_PREFERENCE
                                                                                                                                                                    	NoSessionResumptionOrRenegotiation Options = C.SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
                                                                                                                                                                    	NoTicket                           Options = C.SSL_OP_NO_TICKET
                                                                                                                                                                    )

                                                                                                                                                                    type PrivateKey

                                                                                                                                                                    type PrivateKey interface {
                                                                                                                                                                    	PublicKey
                                                                                                                                                                    
                                                                                                                                                                    	// Signs the data using PKCS1.15
                                                                                                                                                                    	SignPKCS1v15(Method, []byte) ([]byte, error)
                                                                                                                                                                    
                                                                                                                                                                    	// MarshalPKCS1PrivateKeyPEM converts the private key to PEM-encoded PKCS1
                                                                                                                                                                    	// format
                                                                                                                                                                    	MarshalPKCS1PrivateKeyPEM() (pem_block []byte, err error)
                                                                                                                                                                    
                                                                                                                                                                    	// MarshalPKCS1PrivateKeyDER converts the private key to DER-encoded PKCS1
                                                                                                                                                                    	// format
                                                                                                                                                                    	MarshalPKCS1PrivateKeyDER() (der_block []byte, err error)
                                                                                                                                                                    }

                                                                                                                                                                    func GenerateECKey

                                                                                                                                                                    func GenerateECKey(curve EllipticCurve) (PrivateKey, error)

                                                                                                                                                                      GenerateECKey generates a new elliptic curve private key on the speicified curve.

                                                                                                                                                                      func GenerateED25519Key

                                                                                                                                                                      func GenerateED25519Key() (PrivateKey, error)

                                                                                                                                                                        GenerateED25519Key generates a Ed25519 key

                                                                                                                                                                        func GenerateRSAKey

                                                                                                                                                                        func GenerateRSAKey(bits int) (PrivateKey, error)

                                                                                                                                                                          GenerateRSAKey generates a new RSA private key with an exponent of 3.

                                                                                                                                                                          func GenerateRSAKeyWithExponent

                                                                                                                                                                          func GenerateRSAKeyWithExponent(bits int, exponent int) (PrivateKey, error)

                                                                                                                                                                            GenerateRSAKeyWithExponent generates a new RSA private key.

                                                                                                                                                                            func LoadPrivateKeyFromDER

                                                                                                                                                                            func LoadPrivateKeyFromDER(der_block []byte) (PrivateKey, error)

                                                                                                                                                                              LoadPrivateKeyFromDER loads a private key from a DER-encoded block.

                                                                                                                                                                              func LoadPrivateKeyFromPEM

                                                                                                                                                                              func LoadPrivateKeyFromPEM(pem_block []byte) (PrivateKey, error)

                                                                                                                                                                                LoadPrivateKeyFromPEM loads a private key from a PEM-encoded block.

                                                                                                                                                                                func LoadPrivateKeyFromPEMWidthPassword

                                                                                                                                                                                func LoadPrivateKeyFromPEMWidthPassword(pem_block []byte, password string) (
                                                                                                                                                                                	PrivateKey, error)

                                                                                                                                                                                  LoadPrivateKeyFromPEMWidthPassword loads a private key from a PEM-encoded block. Backwards-compatible with typo

                                                                                                                                                                                  func LoadPrivateKeyFromPEMWithPassword

                                                                                                                                                                                  func LoadPrivateKeyFromPEMWithPassword(pem_block []byte, password string) (
                                                                                                                                                                                  	PrivateKey, error)

                                                                                                                                                                                    LoadPrivateKeyFromPEMWithPassword loads a private key from a PEM-encoded block.

                                                                                                                                                                                    type PublicKey

                                                                                                                                                                                    type PublicKey interface {
                                                                                                                                                                                    	// Verifies the data signature using PKCS1.15
                                                                                                                                                                                    	VerifyPKCS1v15(method Method, data, sig []byte) error
                                                                                                                                                                                    
                                                                                                                                                                                    	// MarshalPKIXPublicKeyPEM converts the public key to PEM-encoded PKIX
                                                                                                                                                                                    	// format
                                                                                                                                                                                    	MarshalPKIXPublicKeyPEM() (pem_block []byte, err error)
                                                                                                                                                                                    
                                                                                                                                                                                    	// MarshalPKIXPublicKeyDER converts the public key to DER-encoded PKIX
                                                                                                                                                                                    	// format
                                                                                                                                                                                    	MarshalPKIXPublicKeyDER() (der_block []byte, err error)
                                                                                                                                                                                    
                                                                                                                                                                                    	// KeyType returns an identifier for what kind of key is represented by this
                                                                                                                                                                                    	// object.
                                                                                                                                                                                    	KeyType() NID
                                                                                                                                                                                    
                                                                                                                                                                                    	// BaseType returns an identifier for what kind of key is represented
                                                                                                                                                                                    	// by this object.
                                                                                                                                                                                    	// Keys that share same algorithm but use different legacy formats
                                                                                                                                                                                    	// will have the same BaseType.
                                                                                                                                                                                    	//
                                                                                                                                                                                    	// For example, a key with a `KeyType() == KeyTypeRSA` and a key with a
                                                                                                                                                                                    	// `KeyType() == KeyTypeRSA2` would both have `BaseType() == KeyTypeRSA`.
                                                                                                                                                                                    	BaseType() NID
                                                                                                                                                                                    	// contains filtered or unexported methods
                                                                                                                                                                                    }

                                                                                                                                                                                    func LoadPublicKeyFromDER

                                                                                                                                                                                    func LoadPublicKeyFromDER(der_block []byte) (PublicKey, error)

                                                                                                                                                                                      LoadPublicKeyFromDER loads a public key from a DER-encoded block.

                                                                                                                                                                                      func LoadPublicKeyFromPEM

                                                                                                                                                                                      func LoadPublicKeyFromPEM(pem_block []byte) (PublicKey, error)

                                                                                                                                                                                        LoadPublicKeyFromPEM loads a public key from a PEM-encoded block.

                                                                                                                                                                                        type SHA1Hash

                                                                                                                                                                                        type SHA1Hash struct {
                                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                                        }

                                                                                                                                                                                        func NewSHA1Hash

                                                                                                                                                                                        func NewSHA1Hash() (*SHA1Hash, error)

                                                                                                                                                                                        func NewSHA1HashWithEngine

                                                                                                                                                                                        func NewSHA1HashWithEngine(e *Engine) (*SHA1Hash, error)

                                                                                                                                                                                        func (*SHA1Hash) Close

                                                                                                                                                                                        func (s *SHA1Hash) Close()

                                                                                                                                                                                        func (*SHA1Hash) Reset

                                                                                                                                                                                        func (s *SHA1Hash) Reset() error

                                                                                                                                                                                        func (*SHA1Hash) Sum

                                                                                                                                                                                        func (s *SHA1Hash) Sum() (result [20]byte, err error)

                                                                                                                                                                                        func (*SHA1Hash) Write

                                                                                                                                                                                        func (s *SHA1Hash) Write(p []byte) (n int, err error)

                                                                                                                                                                                        type SHA256Hash

                                                                                                                                                                                        type SHA256Hash struct {
                                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                                        }

                                                                                                                                                                                        func NewSHA256Hash

                                                                                                                                                                                        func NewSHA256Hash() (*SHA256Hash, error)

                                                                                                                                                                                        func NewSHA256HashWithEngine

                                                                                                                                                                                        func NewSHA256HashWithEngine(e *Engine) (*SHA256Hash, error)

                                                                                                                                                                                        func (*SHA256Hash) Close

                                                                                                                                                                                        func (s *SHA256Hash) Close()

                                                                                                                                                                                        func (*SHA256Hash) Reset

                                                                                                                                                                                        func (s *SHA256Hash) Reset() error

                                                                                                                                                                                        func (*SHA256Hash) Sum

                                                                                                                                                                                        func (s *SHA256Hash) Sum() (result [32]byte, err error)

                                                                                                                                                                                        func (*SHA256Hash) Write

                                                                                                                                                                                        func (s *SHA256Hash) Write(p []byte) (n int, err error)

                                                                                                                                                                                        type SSL

                                                                                                                                                                                        type SSL struct {
                                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                                        }

                                                                                                                                                                                        func (*SSL) ClearOptions

                                                                                                                                                                                        func (s *SSL) ClearOptions(options Options) Options

                                                                                                                                                                                          ClearOptions clear SSL options. See https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html

                                                                                                                                                                                          func (*SSL) GetOptions

                                                                                                                                                                                          func (s *SSL) GetOptions() Options

                                                                                                                                                                                            GetOptions returns SSL options. See https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html

                                                                                                                                                                                            func (*SSL) GetServername

                                                                                                                                                                                            func (s *SSL) GetServername() string

                                                                                                                                                                                              Wrapper around SSL_get_servername. Returns server name according to rfc6066 http://tools.ietf.org/html/rfc6066.

                                                                                                                                                                                              func (*SSL) GetVerifyCallback

                                                                                                                                                                                              func (s *SSL) GetVerifyCallback() VerifyCallback

                                                                                                                                                                                                GetVerifyCallback returns callback function. See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                                                                                func (*SSL) GetVerifyDepth

                                                                                                                                                                                                func (s *SSL) GetVerifyDepth() int

                                                                                                                                                                                                  GetVerifyDepth controls how many certificates deep the certificate verification logic is willing to follow a certificate chain. See https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                                                                                  func (*SSL) SetOptions

                                                                                                                                                                                                  func (s *SSL) SetOptions(options Options) Options

                                                                                                                                                                                                    SetOptions sets SSL options. See https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html

                                                                                                                                                                                                    func (*SSL) SetSSLCtx

                                                                                                                                                                                                    func (s *SSL) SetSSLCtx(ctx *Ctx)

                                                                                                                                                                                                      SetSSLCtx changes context to new one. Useful for Server Name Indication (SNI) rfc6066 http://tools.ietf.org/html/rfc6066. See http://stackoverflow.com/questions/22373332/serving-multiple-domains-in-one-box-with-sni

                                                                                                                                                                                                      func (*SSL) SetVerify

                                                                                                                                                                                                      func (s *SSL) SetVerify(options VerifyOptions, verify_cb VerifyCallback)

                                                                                                                                                                                                        SetVerify controls peer verification settings. See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                                                                                        func (*SSL) SetVerifyCallback

                                                                                                                                                                                                        func (s *SSL) SetVerifyCallback(verify_cb VerifyCallback)

                                                                                                                                                                                                          SetVerifyCallback controls peer verification setting. See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                                                                                          func (*SSL) SetVerifyDepth

                                                                                                                                                                                                          func (s *SSL) SetVerifyDepth(depth int)

                                                                                                                                                                                                            SetVerifyDepth controls how many certificates deep the certificate verification logic is willing to follow a certificate chain. See https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                                                                                            func (*SSL) SetVerifyMode

                                                                                                                                                                                                            func (s *SSL) SetVerifyMode(options VerifyOptions)

                                                                                                                                                                                                              SetVerifyMode controls peer verification setting. See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                                                                                              func (*SSL) VerifyMode

                                                                                                                                                                                                              func (s *SSL) VerifyMode() VerifyOptions

                                                                                                                                                                                                                VerifyMode returns peer verification setting. See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

                                                                                                                                                                                                                type SSLTLSExtErr

                                                                                                                                                                                                                type SSLTLSExtErr int
                                                                                                                                                                                                                const (
                                                                                                                                                                                                                	SSLTLSExtErrOK           SSLTLSExtErr = C.SSL_TLSEXT_ERR_OK
                                                                                                                                                                                                                	SSLTLSExtErrAlertWarning SSLTLSExtErr = C.SSL_TLSEXT_ERR_ALERT_WARNING
                                                                                                                                                                                                                	SSLTLSEXTErrAlertFatal   SSLTLSExtErr = C.SSL_TLSEXT_ERR_ALERT_FATAL
                                                                                                                                                                                                                	SSLTLSEXTErrNoAck        SSLTLSExtErr = C.SSL_TLSEXT_ERR_NOACK
                                                                                                                                                                                                                )

                                                                                                                                                                                                                type SSLVersion

                                                                                                                                                                                                                type SSLVersion int
                                                                                                                                                                                                                const (
                                                                                                                                                                                                                	SSLv3   SSLVersion = 0x02 // Vulnerable to "POODLE" attack.
                                                                                                                                                                                                                	TLSv1   SSLVersion = 0x03
                                                                                                                                                                                                                	TLSv1_1 SSLVersion = 0x04
                                                                                                                                                                                                                	TLSv1_2 SSLVersion = 0x05
                                                                                                                                                                                                                
                                                                                                                                                                                                                	// Make sure to disable SSLv2 and SSLv3 if you use this. SSLv3 is vulnerable
                                                                                                                                                                                                                	// to the "POODLE" attack, and SSLv2 is what, just don't even.
                                                                                                                                                                                                                	AnyVersion SSLVersion = 0x06
                                                                                                                                                                                                                )

                                                                                                                                                                                                                type TLSExtServernameCallback

                                                                                                                                                                                                                type TLSExtServernameCallback func(ssl *SSL) SSLTLSExtErr

                                                                                                                                                                                                                type TicketCipherCtx

                                                                                                                                                                                                                type TicketCipherCtx struct {
                                                                                                                                                                                                                	Cipher *Cipher
                                                                                                                                                                                                                	Engine *Engine
                                                                                                                                                                                                                }

                                                                                                                                                                                                                  TicketCipherCtx describes the cipher that will be used by the ticket store for encrypting the tickets. Engine may be nil if no engine is desired.

                                                                                                                                                                                                                  type TicketDigestCtx

                                                                                                                                                                                                                  type TicketDigestCtx struct {
                                                                                                                                                                                                                  	Digest *Digest
                                                                                                                                                                                                                  	Engine *Engine
                                                                                                                                                                                                                  }

                                                                                                                                                                                                                    TicketDigestCtx describes the digest that will be used by the ticket store to authenticate the data. Engine may be nil if no engine is desired.

                                                                                                                                                                                                                    type TicketKey

                                                                                                                                                                                                                    type TicketKey struct {
                                                                                                                                                                                                                    	Name      TicketName
                                                                                                                                                                                                                    	CipherKey []byte
                                                                                                                                                                                                                    	HMACKey   []byte
                                                                                                                                                                                                                    	IV        []byte
                                                                                                                                                                                                                    }

                                                                                                                                                                                                                      TicketKey is the key material for a ticket. If this is lost, forward secrecy is lost as it allows decrypting TLS sessions retroactively.

                                                                                                                                                                                                                      type TicketKeyManager

                                                                                                                                                                                                                      type TicketKeyManager interface {
                                                                                                                                                                                                                      	// New should create a brand new TicketKey with a new name.
                                                                                                                                                                                                                      	New() *TicketKey
                                                                                                                                                                                                                      
                                                                                                                                                                                                                      	// Current should return a key that is still valid.
                                                                                                                                                                                                                      	Current() *TicketKey
                                                                                                                                                                                                                      
                                                                                                                                                                                                                      	// Lookup should return a key with the given name, or nil if no name
                                                                                                                                                                                                                      	// exists.
                                                                                                                                                                                                                      	Lookup(name TicketName) *TicketKey
                                                                                                                                                                                                                      
                                                                                                                                                                                                                      	// Expired should return if the key with the given name is expired and
                                                                                                                                                                                                                      	// should not be used any more.
                                                                                                                                                                                                                      	Expired(name TicketName) bool
                                                                                                                                                                                                                      
                                                                                                                                                                                                                      	// ShouldRenew should return if the key is still ok to use for the current
                                                                                                                                                                                                                      	// session, but we should send a new key for the client.
                                                                                                                                                                                                                      	ShouldRenew(name TicketName) bool
                                                                                                                                                                                                                      }

                                                                                                                                                                                                                        TicketKeyManager is a manager for TicketKeys. It allows one to control the lifetime of tickets, causing renewals and expirations for keys that are created. Calls to the manager are serialized.

                                                                                                                                                                                                                        type TicketName

                                                                                                                                                                                                                        type TicketName [KeyNameSize]byte

                                                                                                                                                                                                                          TicketName is an identifier for the key material for a ticket.

                                                                                                                                                                                                                          type TicketStore

                                                                                                                                                                                                                          type TicketStore struct {
                                                                                                                                                                                                                          	CipherCtx TicketCipherCtx
                                                                                                                                                                                                                          	DigestCtx TicketDigestCtx
                                                                                                                                                                                                                          	Keys      TicketKeyManager
                                                                                                                                                                                                                          }

                                                                                                                                                                                                                            TicketStore descibes the encryption and authentication methods the tickets will use along with a key manager for generating and keeping track of the secrets.

                                                                                                                                                                                                                            type VerifyCallback

                                                                                                                                                                                                                            type VerifyCallback func(ok bool, store *CertificateStoreCtx) bool

                                                                                                                                                                                                                            type VerifyOptions

                                                                                                                                                                                                                            type VerifyOptions int
                                                                                                                                                                                                                            const (
                                                                                                                                                                                                                            	VerifyNone             VerifyOptions = C.SSL_VERIFY_NONE
                                                                                                                                                                                                                            	VerifyPeer             VerifyOptions = C.SSL_VERIFY_PEER
                                                                                                                                                                                                                            	VerifyFailIfNoPeerCert VerifyOptions = C.SSL_VERIFY_FAIL_IF_NO_PEER_CERT
                                                                                                                                                                                                                            	VerifyClientOnce       VerifyOptions = C.SSL_VERIFY_CLIENT_ONCE
                                                                                                                                                                                                                            )

                                                                                                                                                                                                                            type VerifyResult

                                                                                                                                                                                                                            type VerifyResult int
                                                                                                                                                                                                                            const (
                                                                                                                                                                                                                            	Ok                            VerifyResult = C.X509_V_OK
                                                                                                                                                                                                                            	UnableToGetIssuerCert         VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
                                                                                                                                                                                                                            	UnableToGetCrl                VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_CRL
                                                                                                                                                                                                                            	UnableToDecryptCertSignature  VerifyResult = C.X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
                                                                                                                                                                                                                            	UnableToDecryptCrlSignature   VerifyResult = C.X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
                                                                                                                                                                                                                            	UnableToDecodeIssuerPublicKey VerifyResult = C.X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
                                                                                                                                                                                                                            	CertSignatureFailure          VerifyResult = C.X509_V_ERR_CERT_SIGNATURE_FAILURE
                                                                                                                                                                                                                            	CrlSignatureFailure           VerifyResult = C.X509_V_ERR_CRL_SIGNATURE_FAILURE
                                                                                                                                                                                                                            	CertNotYetValid               VerifyResult = C.X509_V_ERR_CERT_NOT_YET_VALID
                                                                                                                                                                                                                            	CertHasExpired                VerifyResult = C.X509_V_ERR_CERT_HAS_EXPIRED
                                                                                                                                                                                                                            	CrlNotYetValid                VerifyResult = C.X509_V_ERR_CRL_NOT_YET_VALID
                                                                                                                                                                                                                            	CrlHasExpired                 VerifyResult = C.X509_V_ERR_CRL_HAS_EXPIRED
                                                                                                                                                                                                                            	ErrorInCertNotBeforeField     VerifyResult = C.X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
                                                                                                                                                                                                                            	ErrorInCertNotAfterField      VerifyResult = C.X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
                                                                                                                                                                                                                            	ErrorInCrlLastUpdateField     VerifyResult = C.X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
                                                                                                                                                                                                                            	ErrorInCrlNextUpdateField     VerifyResult = C.X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
                                                                                                                                                                                                                            	OutOfMem                      VerifyResult = C.X509_V_ERR_OUT_OF_MEM
                                                                                                                                                                                                                            	DepthZeroSelfSignedCert       VerifyResult = C.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
                                                                                                                                                                                                                            	SelfSignedCertInChain         VerifyResult = C.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
                                                                                                                                                                                                                            	UnableToGetIssuerCertLocally  VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
                                                                                                                                                                                                                            	UnableToVerifyLeafSignature   VerifyResult = C.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
                                                                                                                                                                                                                            	CertChainTooLong              VerifyResult = C.X509_V_ERR_CERT_CHAIN_TOO_LONG
                                                                                                                                                                                                                            	CertRevoked                   VerifyResult = C.X509_V_ERR_CERT_REVOKED
                                                                                                                                                                                                                            	InvalidCa                     VerifyResult = C.X509_V_ERR_INVALID_CA
                                                                                                                                                                                                                            	PathLengthExceeded            VerifyResult = C.X509_V_ERR_PATH_LENGTH_EXCEEDED
                                                                                                                                                                                                                            	InvalidPurpose                VerifyResult = C.X509_V_ERR_INVALID_PURPOSE
                                                                                                                                                                                                                            	CertUntrusted                 VerifyResult = C.X509_V_ERR_CERT_UNTRUSTED
                                                                                                                                                                                                                            	CertRejected                  VerifyResult = C.X509_V_ERR_CERT_REJECTED
                                                                                                                                                                                                                            	SubjectIssuerMismatch         VerifyResult = C.X509_V_ERR_SUBJECT_ISSUER_MISMATCH
                                                                                                                                                                                                                            	AkidSkidMismatch              VerifyResult = C.X509_V_ERR_AKID_SKID_MISMATCH
                                                                                                                                                                                                                            	AkidIssuerSerialMismatch      VerifyResult = C.X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
                                                                                                                                                                                                                            	KeyusageNoCertsign            VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_CERTSIGN
                                                                                                                                                                                                                            	UnableToGetCrlIssuer          VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
                                                                                                                                                                                                                            	UnhandledCriticalExtension    VerifyResult = C.X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
                                                                                                                                                                                                                            	KeyusageNoCrlSign             VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
                                                                                                                                                                                                                            	UnhandledCriticalCrlExtension VerifyResult = C.X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
                                                                                                                                                                                                                            	InvalidNonCa                  VerifyResult = C.X509_V_ERR_INVALID_NON_CA
                                                                                                                                                                                                                            	ProxyPathLengthExceeded       VerifyResult = C.X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
                                                                                                                                                                                                                            	KeyusageNoDigitalSignature    VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
                                                                                                                                                                                                                            	ProxyCertificatesNotAllowed   VerifyResult = C.X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
                                                                                                                                                                                                                            	InvalidExtension              VerifyResult = C.X509_V_ERR_INVALID_EXTENSION
                                                                                                                                                                                                                            	InvalidPolicyExtension        VerifyResult = C.X509_V_ERR_INVALID_POLICY_EXTENSION
                                                                                                                                                                                                                            	NoExplicitPolicy              VerifyResult = C.X509_V_ERR_NO_EXPLICIT_POLICY
                                                                                                                                                                                                                            	UnnestedResource              VerifyResult = C.X509_V_ERR_UNNESTED_RESOURCE
                                                                                                                                                                                                                            	ApplicationVerification       VerifyResult = C.X509_V_ERR_APPLICATION_VERIFICATION
                                                                                                                                                                                                                            )

                                                                                                                                                                                                                            type X509_Version

                                                                                                                                                                                                                            type X509_Version int

                                                                                                                                                                                                                              X509_Version represents a version on an x509 certificate.

                                                                                                                                                                                                                              const (
                                                                                                                                                                                                                              	X509_V1 X509_Version = 0
                                                                                                                                                                                                                              	X509_V3 X509_Version = 2
                                                                                                                                                                                                                              )

                                                                                                                                                                                                                                Specify constants for x509 versions because the standard states that they are represented internally as one lower than the common version name.

                                                                                                                                                                                                                                Directories

                                                                                                                                                                                                                                Path Synopsis