tlsvalidate

package
v0.0.0-...-45fb5ce Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2026 License: Apache-2.0 Imports: 12 Imported by: 1

README

Package cloudeng.io/webapp/tlsvalidate

import cloudeng.io/webapp/tlsvalidate

Package tlsvalidate provides functions for validating TLS certificates across multiple hosts and addresses.

Types

Type Option
type Option func(o *options)

Option represents an option for configuring a Validator.

Functions
func WithCheckSerialNumbers(check bool) Option

WithCheckSerialNumbers returns an option that configures the validator to check that the certificates for all IP addresses for a given host have the same serial number.

func WithCiphersuites(suites []uint16) Option

WithCiphersuites returns an option that configures the validator to check that the ciphersuite used is one of the specified ciphersuites.

func WithCustomRootCAPEM(pemFile string) Option

WithCustomRootCAPEM returns an option that configures the validator to use the root CAs specified in the PEM file for verification. Note that WithRootCAs takes precedence over WithCustomRootCAPEM.

func WithExpandDNSNames(expand bool) Option

WithExpandDNSNames returns an option that configures the validator to expand the supplied hostname to all of its IP addresses. If false, the hostname is used as is.

func WithIPv4Only(ipv4Only bool) Option

WithIPv4Only returns an option that configures the validator to only consider IPv4 addresses for a host.

func WithIssuerRegexps(exprs ...*regexp.Regexp) Option

WithIssuerRegexps returns an option that configures the validator to check that the certificate's issuer matches at least one of the provided regular expressions.

func WithRootCAs(rootCAs *x509.CertPool) Option

WithRootCAs returns an option that configures the validator to use the supplied pool of root CAs for verification. WithRootCAs takes precedence over WithCustomRootCAPEM.

func WithTLSMinVersion(version uint16) Option

WithTLSMinVersion returns an option that configures the validator to check that the TLS version used is at least the specified version.

func WithValidForAtLeast(validFor time.Duration) Option

WithValidForAtLeast returns an option that configures the validator to check that the certificate is valid for at least the specified duration.

Type Validator
type Validator struct {
	// contains filtered or unexported fields
}

Validator provides a way to validate TLS certificates.

Functions
func NewValidator(opts ...Option) *Validator

NewValidator returns a new Validator configured with the supplied options.

Methods
func (v *Validator) Validate(ctx context.Context, host, port string) error

Validate performs TLS validation for the given host and port. It may expand the host to multiple IP addresses and will validate each one concurrently.

Documentation

Overview

Package tlsvalidate provides functions for validating TLS certificates across multiple hosts and addresses.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Option 

type Option func(o *options)

Option represents an option for configuring a Validator.

func WithCheckSerialNumbers 

func WithCheckSerialNumbers(check bool) Option

WithCheckSerialNumbers returns an option that configures the validator to check that the certificates for all IP addresses for a given host have the same serial number.

func WithCiphersuites 

func WithCiphersuites(suites []uint16) Option

WithCiphersuites returns an option that configures the validator to check that the ciphersuite used is one of the specified ciphersuites.

func WithCustomRootCAPEM 

func WithCustomRootCAPEM(pemFile string) Option

WithCustomRootCAPEM returns an option that configures the validator to use the root CAs specified in the PEM file for verification. Note that WithRootCAs takes precedence over WithCustomRootCAPEM.

func WithExpandDNSNames 

func WithExpandDNSNames(expand bool) Option

WithExpandDNSNames returns an option that configures the validator to expand the supplied hostname to all of its IP addresses. If false, the hostname is used as is.

func WithIPv4Only 

func WithIPv4Only(ipv4Only bool) Option

WithIPv4Only returns an option that configures the validator to only consider IPv4 addresses for a host.

func WithIssuerRegexps 

func WithIssuerRegexps(exprs ...*regexp.Regexp) Option

WithIssuerRegexps returns an option that configures the validator to check that the certificate's issuer matches at least one of the provided regular expressions.

func WithRootCAs 

func WithRootCAs(rootCAs *x509.CertPool) Option

WithRootCAs returns an option that configures the validator to use the supplied pool of root CAs for verification. WithRootCAs takes precedence over WithCustomRootCAPEM.

func WithTLSMinVersion 

func WithTLSMinVersion(version uint16) Option

WithTLSMinVersion returns an option that configures the validator to check that the TLS version used is at least the specified version.

func WithValidForAtLeast 

func WithValidForAtLeast(validFor time.Duration) Option

WithValidForAtLeast returns an option that configures the validator to check that the certificate is valid for at least the specified duration.

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

Validator provides a way to validate TLS certificates.

func NewValidator 

func NewValidator(opts ...Option) *Validator

NewValidator returns a new Validator configured with the supplied options.

func (*Validator) Validate 

func (v *Validator) Validate(ctx context.Context, host, port string) error

Validate performs TLS validation for the given host and port. It may expand the host to multiple IP addresses and will validate each one concurrently.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.