Documentation ¶
Overview ¶
Package tls aids working with TLS Certificates
Index ¶
- Variables
- func Bundle(opt x509.VerifyOptions, cert *x509.Certificate, key x509utils.PrivateKey) (*tls.Certificate, error)
- func BundleFn(opt x509.VerifyOptions, less func(a, b []*x509.Certificate) bool, ...) (*tls.Certificate, error)
- func NewConfig(store Store) (*tls.Config, error)
- func SplitClientHelloInfo(chi *tls.ClientHelloInfo) (ctx context.Context, serverName string, err error)
- func Verify(cert *tls.Certificate, roots *x509.CertPool) error
- func WithStore(cfg *tls.Config, store Store) error
- type Bundler
- type Certificate
- type ClientHelloInfo
- type Config
- type Store
- type StoreReadWriter
- type StoreReader
- type StoreWriter
- type StoreX509Writer
Constants ¶
This section is empty.
Variables ¶
var ErrNoStore = core.Wrap(core.ErrInvalid, "store not provided")
ErrNoStore is an error indicating the Store wasn't provided.
Functions ¶
func Bundle ¶ added in v0.2.6
func Bundle(opt x509.VerifyOptions, cert *x509.Certificate, key x509utils.PrivateKey) (*tls.Certificate, error)
Bundle assembles a verified tls.Certificate, choosing the shortest trust chain.
func BundleFn ¶ added in v0.2.6
func BundleFn(opt x509.VerifyOptions, less func(a, b []*x509.Certificate) bool, cert *x509.Certificate, key x509utils.PrivateKey) (*tls.Certificate, error)
BundleFn assembles a verified tls.Certificate, using the given quality function.
func NewConfig ¶
NewConfig returns a basic tls.Config optionally configured to use the given Store.
func SplitClientHelloInfo ¶ added in v0.2.9
func SplitClientHelloInfo(chi *tls.ClientHelloInfo) (ctx context.Context, serverName string, err error)
SplitClientHelloInfo takes the context and server name out of a tls.ClientHelloInfo. If no ServerName is provided, the server's IP address will be used.
func Verify ¶ added in v0.2.8
func Verify(cert *tls.Certificate, roots *x509.CertPool) error
Verify checks if a tls.Certificate is good to use. If roots is provided, the chain will also be verified.
Types ¶
type Bundler ¶ added in v0.2.6
type Bundler struct { // Root Certificates. Defaults to system's. Roots x509utils.CertPool // Intermediate Certificates. Inter x509utils.CertPool // Quality comparison function. Defaults to shorter-chain. Less func(a, b []*x509.Certificate) bool // contains filtered or unexported fields }
Bundler uses two CertPools to bundle keys and certificates
func (*Bundler) Bundle ¶ added in v0.2.6
func (s *Bundler) Bundle(cert *x509.Certificate, key x509utils.PrivateKey) (*tls.Certificate, error)
Bundle bundles a key and a certificate into a tls.Certificate using the specified roots, intermediates and quality function.
type Certificate ¶
type Certificate = tls.Certificate
Certificate is an alias of the standard tls.Certificate
type ClientHelloInfo ¶ added in v0.2.8
type ClientHelloInfo = tls.ClientHelloInfo
ClientHelloInfo is an alias of the standard tls.ClientHelloInfo.
type Store ¶
type Store interface { GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error) GetCAPool() *x509.CertPool }
A Store is used to set up a tls.Config.
type StoreReadWriter ¶ added in v0.2.9
type StoreReadWriter interface { StoreReader StoreWriter }
StoreReadWriter includes read and write methods for the Store
type StoreReader ¶ added in v0.2.9
type StoreReader interface { Store Get(ctx context.Context, name string) (*tls.Certificate, error) ForEach(ctx context.Context, fn func(context.Context, *tls.Certificate) bool) ForEachMatch(ctx context.Context, name string, fn func(context.Context, *tls.Certificate) bool) }
StoreReader adds read methods to the Store.
type StoreWriter ¶ added in v0.2.9
type StoreWriter interface { Store Put(ctx context.Context, cert *tls.Certificate) error Delete(ctx context.Context, cert *tls.Certificate) error }
StoreWriter adds tls.Certificate write methods to the Store.
type StoreX509Writer ¶ added in v0.2.9
type StoreX509Writer interface { Store AddCACerts(ctx context.Context, roots ...*x509.Certificate) error AddPrivateKey(ctx context.Context, key crypto.Signer) error AddCert(ctx context.Context, cert *x509.Certificate) error AddCertPair(ctx context.Context, key crypto.Signer, cert *x509.Certificate, intermediates []*x509.Certificate) error DeleteCert(ctx context.Context, cert *x509.Certificate) error }
StoreX509Writer adds x509.Certificate write methods to the Store.
Directories ¶
Path | Synopsis |
---|---|
Package sni provices logic to work with TLS SNI fields
|
Package sni provices logic to work with TLS SNI fields |
store
|
|
basic
Package basic implements a generic programmable TLS store
|
Package basic implements a generic programmable TLS store |
buffer
Package buffer provides helpers to decode PEM files, populate a tls.StoreWriter, and work with key and cert sets
|
Package buffer provides helpers to decode PEM files, populate a tls.StoreWriter, and work with key and cert sets |
Package x509utils provides utilities to aid working with x509 certificates
|
Package x509utils provides utilities to aid working with x509 certificates |
certpool
Package certpool provides an X.509 certificates store
|
Package certpool provides an X.509 certificates store |