type PublicKey struct {
elliptic.Curve
X, Y *big.Int
+
+ boring unsafe.Pointer
}
+ // Any methods implemented on PublicKey might need to also be implemented on
+ // PrivateKey, as the latter embeds the former and will expose its methods.
+
// Equal reports whether pub and x have the same value.
//
// Two keys are only considered to have the same value if they have the same Curve value.
type PublicKey struct {
N *big.Int // modulus
E int // public exponent
+
+ boring unsafe.Pointer
}
+ // Any methods implemented on PublicKey might need to also be implemented on
+ // PrivateKey, as the latter embeds the former and will expose its methods.
+
// Size returns the modulus size in bytes. Raw signatures and ciphertexts
// for or by this public key will have the same size.
func (pub *PublicKey) Size() int {
// verified. Platform-specific verification needs the ASN.1 contents.
var errNotParsed = errors.New("x509: missing ASN.1 contents; use ParseCertificate")
- // VerifyOptions contains parameters for Certificate.Verify. It's a structure
- // because other PKIX verification APIs have ended up needing many options.
+ // VerifyOptions contains parameters for Certificate.Verify.
type VerifyOptions struct {
- DNSName string
+ // IsBoring is a validity check for BoringCrypto.
+ // If not nil, it will be called to check whether a given certificate
+ // can be used for constructing verification chains.
+ IsBoring func(*Certificate) bool
+
+ // DNSName, if set, is checked against the leaf certificate with
+ // Certificate.VerifyHostname.
+ DNSName string
+
+ // Intermediates is an optional pool of certificates that are not trust
+ // anchors, but can be used to form a chain from the leaf certificate to a
+ // root certificate.
Intermediates *CertPool
- Roots *CertPool // if nil, the system roots are used
- CurrentTime time.Time // if zero, the current time is used
+ // Roots is the set of trusted root certificates the leaf certificate needs
+ // to chain up to. If nil, the system roots or the platform verifier are used.
+ Roots *CertPool
+
+ // CurrentTime is used to check the validity of all certificates in the
+ // chain. If zero, the current time is used.
+ CurrentTime time.Time
+
// KeyUsage specifies which Extended Key Usage values are acceptable. A leaf
// certificate is accepted if it contains any of the listed values. An empty
// list means ExtKeyUsageServerAuth. To accept any key usage, include