package x509
import (
- "os"
"strings"
"time"
)
Reason InvalidReason
}
-func (e CertificateInvalidError) String() string {
+func (e CertificateInvalidError) Error() string {
switch e.Reason {
case NotAuthorizedToSign:
return "x509: certificate is not authorized to sign other other certificates"
Host string
}
-func (h HostnameError) String() string {
+func (h HostnameError) Error() string {
var valid string
c := h.Certificate
if len(c.DNSNames) > 0 {
cert *Certificate
}
-func (e UnknownAuthorityError) String() string {
+func (e UnknownAuthorityError) Error() string {
return "x509: certificate signed by unknown authority"
}
DNSName string
Intermediates *CertPool
Roots *CertPool
- CurrentTime int64 // if 0, the current system time is used.
+ CurrentTime time.Time // if zero, the current time is used
}
const (
)
// isValid performs validity checks on the c.
-func (c *Certificate) isValid(certType int, opts *VerifyOptions) os.Error {
- if opts.CurrentTime < c.NotBefore.Seconds() ||
- opts.CurrentTime > c.NotAfter.Seconds() {
+func (c *Certificate) isValid(certType int, opts *VerifyOptions) error {
+ now := opts.CurrentTime
+ if now.IsZero() {
+ now = time.Now()
+ }
+ if now.Before(c.NotBefore) || now.After(c.NotAfter) {
return CertificateInvalidError{c, Expired}
}
// the chain is c and the last element is from opts.Roots.
//
// WARNING: this doesn't do any revocation checking.
-func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err os.Error) {
- if opts.CurrentTime == 0 {
- opts.CurrentTime = time.Seconds()
- }
+func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) {
err = c.isValid(leafCertificate, &opts)
if err != nil {
return
return n
}
-func (c *Certificate) buildChains(cache map[int][][]*Certificate, currentChain []*Certificate, opts *VerifyOptions) (chains [][]*Certificate, err os.Error) {
+func (c *Certificate) buildChains(cache map[int][][]*Certificate, currentChain []*Certificate, opts *VerifyOptions) (chains [][]*Certificate, err error) {
for _, rootNum := range opts.Roots.findVerifiedParents(c) {
root := opts.Roots.certs[rootNum]
err = root.isValid(rootCertificate, opts)
}
// VerifyHostname returns nil if c is a valid certificate for the named host.
-// Otherwise it returns an os.Error describing the mismatch.
-func (c *Certificate) VerifyHostname(h string) os.Error {
+// Otherwise it returns an error describing the mismatch.
+func (c *Certificate) VerifyHostname(h string) error {
if len(c.DNSNames) > 0 {
for _, match := range c.DNSNames {
if matchHostnames(match, h) {