nolint: staticcheck.

CreateCertificate creates a new certificate based on a template.

CreateCertificateRequest creates a new certificate request based on a template.

CreateCRL .ceate crl.

MarshalECPrivateKey marshals an EC private key into ASN.1, DER format.

MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form.

MarshalPKCS1PublicKey converts an RSA public key to PKCS#1, ASN.1 DER form.

MarshalPKCS8PrivateKey converts a private key to PKCS#8 encoded form.

MarshalPKIXPublicKey serialises a public key to DER-encoded PKIX format.

NewCertPool returns a new, empty CertPool.

ParseCertificate parses a single certificate from the given ASN.1 DER data.

ParseCertificateRequest parses a single certificate request from the given ASN.1 DER data.

ParseCertificates parses one or more certificates from the given ASN.1 DER data.

ParseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.

ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.

ParsePKCS1PublicKey parses a PKCS#1 public key in ASN.1 DER form.

ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key.

nolint: staticcheck.

CANotAuthorizedForExtKeyUsage results when an intermediate or root certificate does not permit a requested extended key usage.

CANotAuthorizedForThisName results when an intermediate or root certificate has a name constraint which doesn't permit a DNS or other name (including IP address) in the leaf certificate.

Expired results when a certificate has expired, based on the time given in the VerifyOptions.

IncompatibleUsage results when the certificate's key usage indicates that it may only be used for a different purpose.

NameConstraintsWithoutSANs results when a leaf certificate doesn't contain a Subject Alternative Name extension, but a CA certificate contains name constraints, and the Common Name can be interpreted as a hostname.

NameMismatch results when the subject name of a parent certificate does not match the issuer name in the child.

NotAuthorizedToSign results when a certificate is signed by another which isn't marked as a CA certificate.

TooManyConstraints results when the number of comparison operations needed to check a certificate exceeds the limit set by VerifyOptions.MaxConstraintComparisions.

TooManyIntermediates results when a path length constraint is violated.

UnconstrainedName results when a CA certificate contains permitted name constraints, but leaf certificate contains a name of an unsupported or unconstrained type.

ErrUnsupportedAlgorithm results from attempting to perform an operation that involves algorithms that are not currently implemented.

A Certificate represents an X.509 certificate.

CertificateInvalidError results when an odd error occurs.

CertificateRequest represents a PKCS #10, certificate signature request.

CertPool is a set of certificates.

ConstraintViolationError results when a requested usage is not permitted by a certificate.

HostnameError results when the set of authorized names doesn't match the requested name.

SystemRootsError results when we fail to load the system root certificates.

UnknownAuthorityError results when the certificate issuer is unknown.

VerifyOptions contains parameters for Certificate.Verify.

An InsecureAlgorithmError.