tls

package module
v0.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 14, 2024 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package tls aids working with TLS Certificates

Index

Constants

This section is empty.

Variables

View Source
var ErrNoStore = core.Wrap(core.ErrInvalid, "store not provided")

ErrNoStore is an error indicating the Store wasn't provided.

Functions

func Bundle added in v0.2.6

Bundle assembles a verified tls.Certificate, choosing the shortest trust chain.

func BundleFn added in v0.2.6

func BundleFn(opt x509.VerifyOptions, less func(a, b []*x509.Certificate) bool,
	cert *x509.Certificate, key x509utils.PrivateKey) (*tls.Certificate, error)

BundleFn assembles a verified tls.Certificate, using the given quality function.

func NewConfig

func NewConfig(store Store) (*tls.Config, error)

NewConfig returns a basic tls.Config optionally configured to use the given Store.

func SplitClientHelloInfo added in v0.2.9

func SplitClientHelloInfo(chi *tls.ClientHelloInfo) (ctx context.Context, serverName string, err error)

SplitClientHelloInfo takes the context and server name out of a tls.ClientHelloInfo. If no ServerName is provided, the server's IP address will be used.

func Verify added in v0.2.8

func Verify(cert *tls.Certificate, roots *x509.CertPool) error

Verify checks if a tls.Certificate is good to use. If roots is provided, the chain will also be verified.

func WithStore

func WithStore(cfg *tls.Config, store Store) error

WithStore binds a given Store to the tls.Config

Types

type Bundler added in v0.2.6

type Bundler struct {
	// Root Certificates. Defaults to system's.
	Roots x509utils.CertPool
	// Intermediate Certificates.
	Inter x509utils.CertPool
	// Quality comparison function. Defaults to shorter-chain.
	Less func(a, b []*x509.Certificate) bool
	// contains filtered or unexported fields
}

Bundler uses two CertPools to bundle keys and certificates

func (*Bundler) Bundle added in v0.2.6

func (s *Bundler) Bundle(cert *x509.Certificate, key x509utils.PrivateKey) (*tls.Certificate, error)

Bundle bundles a key and a certificate into a tls.Certificate using the specified roots, intermediates and quality function.

func (*Bundler) Reset added in v0.2.6

func (s *Bundler) Reset()

Reset drops any cached information.

type Certificate

type Certificate = tls.Certificate

Certificate is an alias of the standard tls.Certificate

type ClientHelloInfo added in v0.2.8

type ClientHelloInfo = tls.ClientHelloInfo

ClientHelloInfo is an alias of the standard tls.ClientHelloInfo.

type Config

type Config = tls.Config

Config is an alias of the standard tls.Config

type Store

type Store interface {
	GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)
	GetCAPool() *x509.CertPool
}

A Store is used to set up a tls.Config.

type StoreReadWriter added in v0.2.9

type StoreReadWriter interface {
	StoreReader
	StoreWriter
}

StoreReadWriter includes read and write methods for the Store

type StoreReader added in v0.2.9

type StoreReader interface {
	Store

	Get(ctx context.Context, name string) (*tls.Certificate, error)

	ForEach(ctx context.Context, fn func(context.Context, *tls.Certificate) bool)
	ForEachMatch(ctx context.Context, name string, fn func(context.Context, *tls.Certificate) bool)
}

StoreReader adds read methods to the Store.

type StoreWriter added in v0.2.9

type StoreWriter interface {
	Store

	Put(ctx context.Context, cert *tls.Certificate) error
	Delete(ctx context.Context, cert *tls.Certificate) error
}

StoreWriter adds tls.Certificate write methods to the Store.

type StoreX509Writer added in v0.2.9

type StoreX509Writer interface {
	Store

	AddCACerts(ctx context.Context, roots ...*x509.Certificate) error

	AddPrivateKey(ctx context.Context, key crypto.Signer) error
	AddCert(ctx context.Context, cert *x509.Certificate) error
	AddCertPair(ctx context.Context, key crypto.Signer, cert *x509.Certificate, intermediates []*x509.Certificate) error

	DeleteCert(ctx context.Context, cert *x509.Certificate) error
}

StoreX509Writer adds x509.Certificate write methods to the Store.

Directories

Path Synopsis
Package sni provices logic to work with TLS SNI fields
Package sni provices logic to work with TLS SNI fields
store
basic
Package basic implements a generic programmable TLS store
Package basic implements a generic programmable TLS store
buffer
Package buffer provides helpers to decode PEM files, populate a tls.StoreWriter, and work with key and cert sets
Package buffer provides helpers to decode PEM files, populate a tls.StoreWriter, and work with key and cert sets
Package x509utils provides utilities to aid working with x509 certificates
Package x509utils provides utilities to aid working with x509 certificates
certpool
Package certpool provides an X.509 certificates store
Package certpool provides an X.509 certificates store

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL