Open adamdecaf opened 6 years ago
Go 1.10 added support for more cert "technical constraints". We used to rely on a fork (see https://github.com/mozilla/tls-observatory/pull/183) for some of these, but that's been removed (see https://github.com/mozilla/tls-observatory/pull/333) now that the project is on Go 1.10 fully.
We should support storing, displaying, and verifying all these constraints on certificates. The verifying is likely all done by Go already.
// Name constraints PermittedDNSDomainsCritical bool // if true then the name constraints are marked critical. PermittedDNSDomains []string ExcludedDNSDomains []string PermittedIPRanges []*net.IPNet ExcludedIPRanges []*net.IPNet PermittedEmailAddresses []string ExcludedEmailAddresses []string PermittedURIDomains []string ExcludedURIDomains []string
Go 1.10 added support for more cert "technical constraints". We used to rely on a fork (see https://github.com/mozilla/tls-observatory/pull/183) for some of these, but that's been removed (see https://github.com/mozilla/tls-observatory/pull/333) now that the project is on Go 1.10 fully.
We should support storing, displaying, and verifying all these constraints on certificates. The verifying is likely all done by Go already.