Versions in this module Expand all Collapse all v0 v0.1.0 Apr 10, 2023 Changes in this version + const GCM_TAG_MAXLEN + const KeyNameSize + const KeyTypeCMAC + const KeyTypeDH + const KeyTypeDHX + const KeyTypeDSA + const KeyTypeDSA1 + const KeyTypeDSA2 + const KeyTypeDSA3 + const KeyTypeDSA4 + const KeyTypeEC + const KeyTypeED25519 + const KeyTypeED448 + const KeyTypeHKDF + const KeyTypeHMAC + const KeyTypeNone + const KeyTypeRSA + const KeyTypeRSA2 + const KeyTypeTLS1PRF + const KeyTypeX25519 + const KeyTypeX448 + const SSLRecordSize + var ValidationError = errors.New("Host validation error") + func DeriveSharedSecret(private PrivateKey, public PublicKey) ([]byte, error) + func FIPSModeSet(mode bool) error + func Listen(network, laddr string, ctx *Ctx) (net.Listener, error) + func ListenAndServeTLS(addr string, cert_file string, key_file string, handler http.Handler) error + func MD4(data []byte) (result [16]byte, err error) + func MD5(data []byte) (result [16]byte, err error) + func NewListener(inner net.Listener, ctx *Ctx) net.Listener + func Nid2ShortName(nid NID) (string, error) + func SHA1(data []byte) (result [20]byte, err error) + func SHA256(data []byte) (result [32]byte, err error) + func ServerListenAndServeTLS(srv *http.Server, cert_file, key_file string) error + func SplitPEM(data []byte) [][]byte + type AuthenticatedDecryptionCipherCtx interface + ExtraData func([]byte) error + SetTag func([]byte) error + func NewGCMDecryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) (AuthenticatedDecryptionCipherCtx, error) + type AuthenticatedEncryptionCipherCtx interface + ExtraData func([]byte) error + GetTag func() ([]byte, error) + func NewGCMEncryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) (AuthenticatedEncryptionCipherCtx, error) + type Certificate struct + Issuer *Certificate + func LoadCertificateFromPEM(pem_block []byte) (*Certificate, error) + func NewCertificate(info *CertificateInfo, key PublicKey) (*Certificate, error) + func (c *Certificate) AddExtension(nid NID, value string) error + func (c *Certificate) AddExtensions(extensions map[NID]string) error + func (c *Certificate) CheckEmail(email string, flags CheckFlags) error + func (c *Certificate) CheckHost(host string, flags CheckFlags) error + func (c *Certificate) CheckIP(ip net.IP, flags CheckFlags) error + func (c *Certificate) GetIssuerName() (*Name, error) + func (c *Certificate) GetSerialNumberHex() (serial string) + func (c *Certificate) GetSubjectName() (*Name, error) + func (c *Certificate) GetVersion() X509_Version + func (c *Certificate) MarshalPEM() (pem_block []byte, err error) + func (c *Certificate) PublicKey() (PublicKey, error) + func (c *Certificate) SetExpireDate(when time.Duration) error + func (c *Certificate) SetIssueDate(when time.Duration) error + func (c *Certificate) SetIssuer(issuer *Certificate) error + func (c *Certificate) SetIssuerName(name *Name) error + func (c *Certificate) SetPubKey(pubKey PublicKey) error + func (c *Certificate) SetSerial(serial *big.Int) error + func (c *Certificate) SetSubjectName(name *Name) error + func (c *Certificate) SetVersion(version X509_Version) error + func (c *Certificate) Sign(privKey PrivateKey, digest EVP_MD) error + func (c *Certificate) VerifyHostname(host string) error + type CertificateInfo struct + CommonName string + Country string + Expires time.Duration + Issued time.Duration + Organization string + Serial *big.Int + type CertificateStore struct + func NewCertificateStore() (*CertificateStore, error) + func (s *CertificateStore) AddCertificate(cert *Certificate) error + func (s *CertificateStore) LoadCertificatesFromPEM(data []byte) error + type CertificateStoreCtx struct + func (self *CertificateStoreCtx) Depth() int + func (self *CertificateStoreCtx) Err() error + func (self *CertificateStoreCtx) GetCurrentCert() *Certificate + func (self *CertificateStoreCtx) VerifyResult() VerifyResult + type CheckFlags int + const AlwaysCheckSubject + const NoWildcards + type Cipher struct + func GetCipherByName(name string) (*Cipher, error) + func GetCipherByNid(nid NID) (*Cipher, error) + func (c *Cipher) BlockSize() int + func (c *Cipher) IVSize() int + func (c *Cipher) KeySize() int + func (c *Cipher) Nid() NID + func (c *Cipher) ShortName() (string, error) + type CipherCtx interface + BlockSize func() int + Cipher func() *Cipher + IVSize func() int + KeySize func() int + type Conn struct + func Client(conn net.Conn, ctx *Ctx) (*Conn, error) + func Dial(network, addr string, ctx *Ctx, flags DialFlags) (*Conn, error) + func DialSession(network, addr string, ctx *Ctx, flags DialFlags, session []byte) (*Conn, error) + func Server(conn net.Conn, ctx *Ctx) (*Conn, error) + func (c *Conn) Close() error + func (c *Conn) ConnectionState() (rv ConnectionState) + func (c *Conn) CurrentCipher() (string, error) + func (c *Conn) GetCtx() *Ctx + func (c *Conn) GetSession() ([]byte, error) + func (c *Conn) Handshake() error + func (c *Conn) LocalAddr() net.Addr + func (c *Conn) PeerCertificate() (*Certificate, error) + func (c *Conn) PeerCertificateChain() (rv []*Certificate, err error) + func (c *Conn) Read(b []byte) (n int, err error) + func (c *Conn) RemoteAddr() net.Addr + func (c *Conn) SessionReused() bool + func (c *Conn) SetDeadline(t time.Time) error + func (c *Conn) SetReadDeadline(t time.Time) error + func (c *Conn) SetTlsExtHostName(name string) error + func (c *Conn) SetWriteDeadline(t time.Time) error + func (c *Conn) UnderlyingConn() net.Conn + func (c *Conn) VerifyHostname(host string) error + func (c *Conn) VerifyResult() VerifyResult + func (c *Conn) Write(b []byte) (written int, err error) + type ConnectionState struct + Certificate *Certificate + CertificateChain []*Certificate + CertificateChainError error + CertificateError error + SessionReused bool + type Ctx struct + func NewCtx() (*Ctx, error) + func NewCtxFromFiles(cert_file string, key_file string) (*Ctx, error) + func NewCtxWithVersion(version SSLVersion) (*Ctx, error) + func (c *Ctx) AddChainCertificate(cert *Certificate) error + func (c *Ctx) ClearOptions(options Options) Options + func (c *Ctx) GetCertificateStore() *CertificateStore + func (c *Ctx) GetMode() Modes + func (c *Ctx) GetOptions() Options + func (c *Ctx) GetTimeout() time.Duration + func (c *Ctx) GetVerifyCallback() VerifyCallback + func (c *Ctx) GetVerifyDepth() int + func (c *Ctx) LoadVerifyLocations(ca_file string, ca_path string) error + func (c *Ctx) SessGetCacheSize() int + func (c *Ctx) SessSetCacheSize(t int) int + func (c *Ctx) SetCipherList(list string) error + func (c *Ctx) SetDHParameters(dh *DH) error + func (c *Ctx) SetEllipticCurve(curve EllipticCurve) error + func (c *Ctx) SetMode(modes Modes) Modes + func (c *Ctx) SetOptions(options Options) Options + func (c *Ctx) SetSessionCacheMode(modes SessionCacheModes) SessionCacheModes + func (c *Ctx) SetSessionId(session_id []byte) error + func (c *Ctx) SetTLSExtServernameCallback(sni_cb TLSExtServernameCallback) + func (c *Ctx) SetTicketStore(store *TicketStore) + func (c *Ctx) SetTimeout(t time.Duration) time.Duration + func (c *Ctx) SetVerify(options VerifyOptions, verify_cb VerifyCallback) + func (c *Ctx) SetVerifyCallback(verify_cb VerifyCallback) + func (c *Ctx) SetVerifyDepth(depth int) + func (c *Ctx) SetVerifyMode(options VerifyOptions) + func (c *Ctx) UseCertificate(cert *Certificate) error + func (c *Ctx) UsePrivateKey(key PrivateKey) error + func (c *Ctx) VerifyMode() VerifyOptions + type DH struct + func LoadDHParametersFromPEM(pem_block []byte) (*DH, error) + type DecryptionCipherCtx interface + DecryptFinal func() ([]byte, error) + DecryptUpdate func(input []byte) ([]byte, error) + func NewDecryptionCipherCtx(c *Cipher, e *Engine, key, iv []byte) (DecryptionCipherCtx, error) + type DialFlags int + const DisableSNI + const InsecureSkipHostVerification + type Digest struct + func GetDigestByName(name string) (*Digest, error) + func GetDigestByNid(nid NID) (*Digest, error) + type EVP_MD int + const EVP_DSS + const EVP_DSS1 + const EVP_MD4 + const EVP_MD5 + const EVP_MDC2 + const EVP_NULL + const EVP_RIPEMD160 + const EVP_SHA + const EVP_SHA1 + const EVP_SHA224 + const EVP_SHA256 + const EVP_SHA384 + const EVP_SHA512 + type EllipticCurve int + const Prime256v1 + const Secp384r1 + const Secp521r1 + type EncryptionCipherCtx interface + EncryptFinal func() ([]byte, error) + EncryptUpdate func(input []byte) ([]byte, error) + func NewEncryptionCipherCtx(c *Cipher, e *Engine, key, iv []byte) (EncryptionCipherCtx, error) + type Engine struct + func EngineById(name string) (*Engine, error) + type HMAC struct + func NewHMAC(key []byte, digestAlgorithm EVP_MD) (*HMAC, error) + func NewHMACWithEngine(key []byte, digestAlgorithm EVP_MD, e *Engine) (*HMAC, error) + func (h *HMAC) Close() + func (h *HMAC) Final() (result []byte, err error) + func (h *HMAC) Reset() error + func (h *HMAC) Write(data []byte) (n int, err error) + type MD4Hash struct + func NewMD4Hash() (*MD4Hash, error) + func NewMD4HashWithEngine(e *Engine) (*MD4Hash, error) + func (s *MD4Hash) Close() + func (s *MD4Hash) Reset() error + func (s *MD4Hash) Sum() (result [16]byte, err error) + func (s *MD4Hash) Write(p []byte) (n int, err error) + type MD5Hash struct + func NewMD5Hash() (*MD5Hash, error) + func NewMD5HashWithEngine(e *Engine) (*MD5Hash, error) + func (s *MD5Hash) Close() + func (s *MD5Hash) Reset() error + func (s *MD5Hash) Sum() (result [16]byte, err error) + func (s *MD5Hash) Write(p []byte) (n int, err error) + type Method *C.EVP_MD + var SHA1_Method Method = C.X_EVP_sha1() + var SHA256_Method Method = C.X_EVP_sha256() + var SHA512_Method Method = C.X_EVP_sha512() + type Modes int + const ReleaseBuffers + type NID int + const NID_ED25519 + const NID_ED448 + const NID_OCSP_sign + const NID_SMIMECapabilities + const NID_X25519 + const NID_X448 + const NID_X500 + const NID_X509 + const NID_X9_62_id_ecPublicKey + const NID_ad_OCSP + const NID_ad_ca_issuers + const NID_authority_key_identifier + const NID_basic_constraints + const NID_bf_cbc + const NID_bf_cfb64 + const NID_bf_ecb + const NID_bf_ofb64 + const NID_cast5_cbc + const NID_cast5_cfb64 + const NID_cast5_ecb + const NID_cast5_ofb64 + const NID_certBag + const NID_certificate_policies + const NID_client_auth + const NID_cmac + const NID_code_sign + const NID_commonName + const NID_countryName + const NID_crlBag + const NID_crl_distribution_points + const NID_crl_number + const NID_crl_reason + const NID_delta_crl + const NID_des_cbc + const NID_des_cfb64 + const NID_des_ecb + const NID_des_ede + const NID_des_ede3 + const NID_des_ede3_cbc + const NID_des_ede3_cfb64 + const NID_des_ede3_ofb64 + const NID_des_ede_cbc + const NID_des_ede_cfb64 + const NID_des_ede_ofb64 + const NID_des_ofb64 + const NID_description + const NID_desx_cbc + const NID_dhKeyAgreement + const NID_dhpublicnumber + const NID_dnQualifier + const NID_dsa + const NID_dsaWithSHA + const NID_dsaWithSHA1 + const NID_dsaWithSHA1_2 + const NID_dsa_2 + const NID_email_protect + const NID_ext_key_usage + const NID_ext_req + const NID_friendlyName + const NID_givenName + const NID_hkdf + const NID_hmac + const NID_hmacWithSHA1 + const NID_id_ad + const NID_id_ce + const NID_id_kp + const NID_id_pbkdf2 + const NID_id_pe + const NID_id_pkix + const NID_id_qt_cps + const NID_id_qt_unotice + const NID_idea_cbc + const NID_idea_cfb64 + const NID_idea_ecb + const NID_idea_ofb64 + const NID_info_access + const NID_initials + const NID_invalidity_date + const NID_issuer_alt_name + const NID_keyBag + const NID_key_usage + const NID_localKeyID + const NID_localityName + const NID_md2 + const NID_md2WithRSAEncryption + const NID_md5 + const NID_md5WithRSA + const NID_md5WithRSAEncryption + const NID_md5_sha1 + const NID_mdc2 + const NID_mdc2WithRSA + const NID_ms_code_com + const NID_ms_code_ind + const NID_ms_ctl_sign + const NID_ms_efs + const NID_ms_ext_req + const NID_ms_sgc + const NID_name + const NID_netscape + const NID_netscape_base_url + const NID_netscape_ca_policy_url + const NID_netscape_ca_revocation_url + const NID_netscape_cert_extension + const NID_netscape_cert_sequence + const NID_netscape_cert_type + const NID_netscape_comment + const NID_netscape_data_type + const NID_netscape_renewal_url + const NID_netscape_revocation_url + const NID_netscape_ssl_server_name + const NID_ns_sgc + const NID_organizationName + const NID_organizationalUnitName + const NID_pbeWithMD2AndDES_CBC + const NID_pbeWithMD2AndRC2_CBC + const NID_pbeWithMD5AndCast5_CBC + const NID_pbeWithMD5AndDES_CBC + const NID_pbeWithMD5AndRC2_CBC + const NID_pbeWithSHA1AndDES_CBC + const NID_pbeWithSHA1AndRC2_CBC + const NID_pbe_WithSHA1And128BitRC2_CBC + const NID_pbe_WithSHA1And128BitRC4 + const NID_pbe_WithSHA1And2_Key_TripleDES_CBC + const NID_pbe_WithSHA1And3_Key_TripleDES_CBC + const NID_pbe_WithSHA1And40BitRC2_CBC + const NID_pbe_WithSHA1And40BitRC4 + const NID_pbes2 + const NID_pbmac1 + const NID_pkcs + const NID_pkcs3 + const NID_pkcs7 + const NID_pkcs7_data + const NID_pkcs7_digest + const NID_pkcs7_encrypted + const NID_pkcs7_enveloped + const NID_pkcs7_signed + const NID_pkcs7_signedAndEnveloped + const NID_pkcs8ShroudedKeyBag + const NID_pkcs9 + const NID_pkcs9_challengePassword + const NID_pkcs9_contentType + const NID_pkcs9_countersignature + const NID_pkcs9_emailAddress + const NID_pkcs9_extCertAttributes + const NID_pkcs9_messageDigest + const NID_pkcs9_signingTime + const NID_pkcs9_unstructuredAddress + const NID_pkcs9_unstructuredName + const NID_private_key_usage_period + const NID_rc2_40_cbc + const NID_rc2_64_cbc + const NID_rc2_cbc + const NID_rc2_cfb64 + const NID_rc2_ecb + const NID_rc2_ofb64 + const NID_rc4 + const NID_rc4_40 + const NID_rc5_cbc + const NID_rc5_cfb64 + const NID_rc5_ecb + const NID_rc5_ofb64 + const NID_ripemd160 + const NID_ripemd160WithRSA + const NID_rle_compression + const NID_rsa + const NID_rsaEncryption + const NID_rsadsi + const NID_safeContentsBag + const NID_sdsiCertificate + const NID_secretBag + const NID_serialNumber + const NID_server_auth + const NID_sha + const NID_sha1 + const NID_sha1WithRSA + const NID_sha1WithRSAEncryption + const NID_shaWithRSAEncryption + const NID_stateOrProvinceName + const NID_subject_alt_name + const NID_subject_key_identifier + const NID_surname + const NID_sxnet + const NID_time_stamp + const NID_title + const NID_tls1_prf + const NID_undef + const NID_uniqueIdentifier + const NID_x509Certificate + const NID_x509Crl + const NID_zlib_compression + type Name struct + func NewName() (*Name, error) + func (n *Name) AddTextEntries(entries map[string]string) error + func (n *Name) AddTextEntry(field, value string) error + func (n *Name) GetEntry(nid NID) (entry string, ok bool) + type Options int + const CipherServerPreference + const NoCompression + const NoSSLv2 + const NoSSLv3 + const NoSessionResumptionOrRenegotiation + const NoTLSv1 + const NoTicket + type PrivateKey interface + MarshalPKCS1PrivateKeyDER func() (der_block []byte, err error) + MarshalPKCS1PrivateKeyPEM func() (pem_block []byte, err error) + SignPKCS1v15 func(Method, []byte) ([]byte, error) + func GenerateECKey(curve EllipticCurve) (PrivateKey, error) + func GenerateED25519Key() (PrivateKey, error) + func GenerateRSAKey(bits int) (PrivateKey, error) + func GenerateRSAKeyWithExponent(bits int, exponent int) (PrivateKey, error) + func LoadPrivateKeyFromDER(der_block []byte) (PrivateKey, error) + func LoadPrivateKeyFromPEM(pem_block []byte) (PrivateKey, error) + func LoadPrivateKeyFromPEMWidthPassword(pem_block []byte, password string) (PrivateKey, error) + func LoadPrivateKeyFromPEMWithPassword(pem_block []byte, password string) (PrivateKey, error) + type PublicKey interface + BaseType func() NID + KeyType func() NID + MarshalPKIXPublicKeyDER func() (der_block []byte, err error) + MarshalPKIXPublicKeyPEM func() (pem_block []byte, err error) + VerifyPKCS1v15 func(method Method, data, sig []byte) error + func LoadPublicKeyFromDER(der_block []byte) (PublicKey, error) + func LoadPublicKeyFromPEM(pem_block []byte) (PublicKey, error) + type SHA1Hash struct + func NewSHA1Hash() (*SHA1Hash, error) + func NewSHA1HashWithEngine(e *Engine) (*SHA1Hash, error) + func (s *SHA1Hash) Close() + func (s *SHA1Hash) Reset() error + func (s *SHA1Hash) Sum() (result [20]byte, err error) + func (s *SHA1Hash) Write(p []byte) (n int, err error) + type SHA256Hash struct + func NewSHA256Hash() (*SHA256Hash, error) + func NewSHA256HashWithEngine(e *Engine) (*SHA256Hash, error) + func (s *SHA256Hash) Close() + func (s *SHA256Hash) Reset() error + func (s *SHA256Hash) Sum() (result [32]byte, err error) + func (s *SHA256Hash) Write(p []byte) (n int, err error) + type SSL struct + func (s *SSL) ClearOptions(options Options) Options + func (s *SSL) GetOptions() Options + func (s *SSL) GetServername() string + func (s *SSL) GetVerifyCallback() VerifyCallback + func (s *SSL) GetVerifyDepth() int + func (s *SSL) SetOptions(options Options) Options + func (s *SSL) SetSSLCtx(ctx *Ctx) + func (s *SSL) SetVerify(options VerifyOptions, verify_cb VerifyCallback) + func (s *SSL) SetVerifyCallback(verify_cb VerifyCallback) + func (s *SSL) SetVerifyDepth(depth int) + func (s *SSL) SetVerifyMode(options VerifyOptions) + func (s *SSL) VerifyMode() VerifyOptions + type SSLTLSExtErr int + const SSLTLSEXTErrAlertFatal + const SSLTLSEXTErrNoAck + const SSLTLSExtErrAlertWarning + const SSLTLSExtErrOK + type SSLVersion int + const AnyVersion + const SSLv3 + const TLSv1 + const TLSv1_1 + const TLSv1_2 + type SessionCacheModes int + const NoAutoClear + const NoInternal + const NoInternalLookup + const NoInternalStore + const SessionCacheBoth + const SessionCacheClient + const SessionCacheOff + const SessionCacheServer + type TLSExtServernameCallback func(ssl *SSL) SSLTLSExtErr + type TicketCipherCtx struct + Cipher *Cipher + Engine *Engine + type TicketDigestCtx struct + Digest *Digest + Engine *Engine + type TicketKey struct + CipherKey []byte + HMACKey []byte + IV []byte + Name TicketName + type TicketKeyManager interface + Current func() *TicketKey + Expired func(name TicketName) bool + Lookup func(name TicketName) *TicketKey + New func() *TicketKey + ShouldRenew func(name TicketName) bool + type TicketName [KeyNameSize]byte + type TicketStore struct + CipherCtx TicketCipherCtx + DigestCtx TicketDigestCtx + Keys TicketKeyManager + type VerifyCallback func(ok bool, store *CertificateStoreCtx) bool + type VerifyOptions int + const VerifyClientOnce + const VerifyFailIfNoPeerCert + const VerifyNone + const VerifyPeer + type VerifyResult int + const AkidIssuerSerialMismatch + const AkidSkidMismatch + const ApplicationVerification + const CertChainTooLong + const CertHasExpired + const CertNotYetValid + const CertRejected + const CertRevoked + const CertSignatureFailure + const CertUntrusted + const CrlHasExpired + const CrlNotYetValid + const CrlSignatureFailure + const DepthZeroSelfSignedCert + const ErrorInCertNotAfterField + const ErrorInCertNotBeforeField + const ErrorInCrlLastUpdateField + const ErrorInCrlNextUpdateField + const InvalidCa + const InvalidExtension + const InvalidNonCa + const InvalidPolicyExtension + const InvalidPurpose + const KeyusageNoCertsign + const KeyusageNoCrlSign + const KeyusageNoDigitalSignature + const NoExplicitPolicy + const Ok + const OutOfMem + const PathLengthExceeded + const ProxyCertificatesNotAllowed + const ProxyPathLengthExceeded + const SelfSignedCertInChain + const SubjectIssuerMismatch + const UnableToDecodeIssuerPublicKey + const UnableToDecryptCertSignature + const UnableToDecryptCrlSignature + const UnableToGetCrl + const UnableToGetCrlIssuer + const UnableToGetIssuerCert + const UnableToGetIssuerCertLocally + const UnableToVerifyLeafSignature + const UnhandledCriticalCrlExtension + const UnhandledCriticalExtension + const UnnestedResource + type X509_Version int + const X509_V1 + const X509_V3