github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/validation.go (about) 1 // Copyright 2015 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package x509 6 7 import "time" 8 9 // Validation stores different validation levels for a given certificate 10 type Validation struct { 11 BrowserTrusted bool `json:"browser_trusted"` 12 BrowserError string `json:"browser_error,omitempty"` 13 MatchesDomain bool `json:"matches_domain,omitempty"` 14 Domain string `json:"-"` 15 } 16 17 // ValidateWithStupidDetail fills out a Validation struct given a leaf 18 // certificate and intermediates / roots. If opts.DNSName is set, then it will 19 // also check if the domain matches. 20 // 21 // Deprecated: Use verifier.Verify() instead. 22 func (c *Certificate) ValidateWithStupidDetail(opts VerifyOptions) (chains []CertificateChain, validation *Validation, err error) { 23 24 // Manually set the time, so that all verifies we do get the same time 25 if opts.CurrentTime.IsZero() { 26 opts.CurrentTime = time.Now() 27 } 28 29 // XXX: Don't pass a KeyUsage to the Verify API 30 opts.KeyUsages = nil 31 domain := opts.DNSName 32 opts.DNSName = "" 33 34 out := new(Validation) 35 out.Domain = domain 36 37 if chains, _, _, err = c.Verify(opts); err != nil { 38 out.BrowserError = err.Error() 39 } else { 40 out.BrowserTrusted = true 41 } 42 43 if domain != "" { 44 nameErr := c.VerifyHostname(domain) 45 if nameErr != nil { 46 out.MatchesDomain = false 47 } else { 48 out.MatchesDomain = true 49 } 50 51 // Make sure we return an error if either chain building or hostname 52 // verification fails. 53 if err == nil && nameErr != nil { 54 err = nameErr 55 } 56 } 57 validation = out 58 59 return 60 }