-
Notifications
You must be signed in to change notification settings - Fork 0
/
verify.go
53 lines (46 loc) · 1.24 KB
/
verify.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package tlsutils
import (
"crypto/x509"
"fmt"
)
// verify a dca certificate against it's parent
func VerifyDCA(root, dca *x509.Certificate) (bool, error) {
roots := x509.NewCertPool()
roots.AddCert(root)
opts := x509.VerifyOptions{
Roots: roots,
}
if _, err := dca.Verify(opts); err != nil {
return false, fmt.Errorf("failed to verify certificate: " + err.Error())
}
return true, nil
}
// verify a server certificate against it's chain
func VerifyLow(root, DCA, child *x509.Certificate) (bool, error) {
roots := x509.NewCertPool()
inter := x509.NewCertPool()
roots.AddCert(root)
inter.AddCert(DCA)
opts := x509.VerifyOptions{
Roots: roots,
Intermediates: inter,
}
if _, err := child.Verify(opts); err != nil {
return false, fmt.Errorf("failed to verify certificate: " + err.Error())
}
return true, nil
}
// verify a server certificate against it's chain
func VerifyLowNoDca(root, child *x509.Certificate) (bool, error) {
roots := x509.NewCertPool()
inter := x509.NewCertPool()
roots.AddCert(root)
opts := x509.VerifyOptions{
Roots: roots,
Intermediates: inter,
}
if _, err := child.Verify(opts); err != nil {
return false, fmt.Errorf("failed to verify certificate: " + err.Error())
}
return true, nil
}