...

Package lints

import "github.com/letsencrypt/boulder/linter/lints"
Overview
Index
Subdirectories

Overview ▾

Constants

const (
    // CABF Baseline Requirements 6.3.2 Certificate operational periods:
    // For the purpose of calculations, a day is measured as 86,400 seconds.
    // Any amount of time greater than this, including fractional seconds and/or
    // leap seconds, shall represent an additional day.
    BRDay time.Duration = 86400 * time.Second

    // Declare our own Sources for use in zlint registry filtering.
    LetsEncryptCPS lint.LintSource = "LECPS"
    ChromeCTPolicy lint.LintSource = "ChromeCT"
)

Variables

var (
    CPSV33Date           = time.Date(2021, time.June, 8, 0, 0, 0, 0, time.UTC)
    MozillaPolicy281Date = time.Date(2023, time.February, 15, 0, 0, 0, 0, time.UTC)
)

func GetExtWithOID 

func GetExtWithOID(exts []pkix.Extension, oid asn1.ObjectIdentifier) *pkix.Extension

GetExtWithOID is a helper for several of our custom lints. It returns the extension with the given OID if it exists, or nil otherwise.

func ReadOptionalASN1BooleanWithTag 

func ReadOptionalASN1BooleanWithTag(incoming *cryptobyte.String, out *bool, tag cryptobyte_asn1.Tag, defaultValue bool) bool

ReadOptionalASN1BooleanWithTag attempts to read and advance incoming to search for an optional DER-encoded ASN.1 element tagged with the given tag. Unless out is nil, it stores whether an element with the tag was found in out, otherwise out will take the default value. It reports whether all reads were successful.

type IssuingDistributionPoint 

 IssuingDistributionPoint stores the IA5STRING value of the optional
 distribution point, and the (implied OPTIONAL) BOOLEAN values of
 onlyContainsUserCerts and onlyContainsCACerts.

		RFC 5280
		* Section 5.2.5
			IssuingDistributionPoint ::= SEQUENCE {
				distributionPoint          [0] DistributionPointName OPTIONAL,
				onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
				onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
				...
			}

		* Section 4.2.1.13
			DistributionPointName ::= CHOICE {
				fullName                [0]     GeneralNames,
				... }

		* Appendix A.1, Page 128
			GeneralName ::= CHOICE {
				...
		        uniformResourceIdentifier [6]  IA5String,
				... }

type IssuingDistributionPoint struct {
    DistributionPointURI  *url.URL
    OnlyContainsUserCerts bool
    OnlyContainsCACerts   bool
}

func NewIssuingDistributionPoint 

func NewIssuingDistributionPoint() *IssuingDistributionPoint

NewIssuingDistributionPoint is a constructor which returns an IssuingDistributionPoint with each field set to zero values.

Subdirectories

Name Synopsis
..
cabf_br
chrome
cpcps
rfc
test