Documentation ¶
Overview ¶
Package tlsconfig contains TLS-related interfaces, helpers, and implementations.
Index ¶
- type DefaultManager
- func (m *DefaultManager) Add(ctx context.Context, certPath string, keyPath string) (err error)
- func (m *DefaultManager) Clone() (clone *tls.Config)
- func (m *DefaultManager) CloneWithMetrics(proto string, srvName string, deviceDomains []string) (conf *tls.Config)
- func (m *DefaultManager) Refresh(ctx context.Context) (err error)
- func (m *DefaultManager) RotateTickets(ctx context.Context) (err error)
- type DefaultManagerConfig
- type EmptyMetrics
- func (EmptyMetrics) AfterHandshake(_ string, _ string, _ []string, _ []*tls.Certificate) (f func(s tls.ConnectionState) (err error))
- func (EmptyMetrics) BeforeHandshake(_ string) (f func(info *tls.ClientHelloInfo) (c *tls.Config, err error))
- func (EmptyMetrics) SetCertificateInfo(_ context.Context, _, _ string, _ time.Time)
- func (EmptyMetrics) SetSessionTicketRotationStatus(_ context.Context, _ bool)
- type Manager
- type Metrics
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DefaultManager ¶
type DefaultManager struct {
// contains filtered or unexported fields
}
DefaultManager is the default implementation of Manager.
func NewDefaultManager ¶
func NewDefaultManager(conf *DefaultManagerConfig) (m *DefaultManager, err error)
NewDefaultManager returns a new initialized *DefaultManager.
func (*DefaultManager) Clone ¶
func (m *DefaultManager) Clone() (clone *tls.Config)
Clone implements the Manager interface for *DefaultManager.
func (*DefaultManager) CloneWithMetrics ¶
func (m *DefaultManager) CloneWithMetrics( proto string, srvName string, deviceDomains []string, ) (conf *tls.Config)
CloneWithMetrics implements the Manager interface for *DefaultManager.
func (*DefaultManager) Refresh ¶
func (m *DefaultManager) Refresh(ctx context.Context) (err error)
Refresh implements the agdservice.Refresher interface for *DefaultManager.
func (*DefaultManager) RotateTickets ¶
func (m *DefaultManager) RotateTickets(ctx context.Context) (err error)
RotateTickets rereads and resets TLS session tickets.
type DefaultManagerConfig ¶
type DefaultManagerConfig struct { // Logger is used for logging the operation of the TLS manager. Logger *slog.Logger // ErrColl is used to collect TLS-related errors. ErrColl errcoll.Interface // Metrics is used to collect TLS-related statistics. Metrics Metrics // KeyLogFilename, if not empty, is the name of the TLS key log file. KeyLogFilename string // SessionTicketPaths are paths to files containing the TLS session tickets. SessionTicketPaths []string }
DefaultManagerConfig is the configuration structure for DefaultManager.
TODO(s.chzhen): Use it.
type EmptyMetrics ¶
type EmptyMetrics struct{}
EmptyMetrics is the implementation of the Metrics interface that does nothing.
func (EmptyMetrics) AfterHandshake ¶
func (EmptyMetrics) AfterHandshake( _ string, _ string, _ []string, _ []*tls.Certificate, ) (f func(s tls.ConnectionState) (err error))
AfterHandshake implements the Metrics interface for EmptyMetrics by returning a function that does nothing.
func (EmptyMetrics) BeforeHandshake ¶
func (EmptyMetrics) BeforeHandshake( _ string, ) (f func(info *tls.ClientHelloInfo) (c *tls.Config, err error))
BeforeHandshake implements the Metrics interface for EmptyMetrics by returning a function that does nothing.
func (EmptyMetrics) SetCertificateInfo ¶
SetCertificateInfo implements the Metrics interface for EmptyMetrics.
func (EmptyMetrics) SetSessionTicketRotationStatus ¶
func (EmptyMetrics) SetSessionTicketRotationStatus(_ context.Context, _ bool)
SetSessionTicketRotationStatus implements the Metrics interface for EmptyMetrics.
type Manager ¶
type Manager interface { // Add saves an initialized TLS certificate using the provided paths to a // certificate and a key. certPath and keyPath must not be empty. Add(ctx context.Context, certPath, keyPath string) (err error) // Clone returns the TLS configuration that contains saved TLS certificates. Clone() (c *tls.Config) // CloneWithMetrics is like [Manager.Clone] but it also sets metrics. CloneWithMetrics(proto, srvName string, deviceDomains []string) (c *tls.Config) }
Manager stores and updates TLS configurations.
type Metrics ¶
type Metrics interface { // BeforeHandshake returns a function that needs to be passed to // [tls.Config.GetConfigForClient]. f must not be nil. BeforeHandshake(proto string) (f func(*tls.ClientHelloInfo) (c *tls.Config, err error)) // AfterHandshake returns a function that needs to be passed to // [tls.Config.VerifyConnection]. f must not be nil. AfterHandshake( proto string, srvName string, devDomains []string, srvCerts []*tls.Certificate, ) (f func(s tls.ConnectionState) (err error)) // SetCertificateInfo sets the TLS certificate information. SetCertificateInfo(ctx context.Context, algo, subj string, notAfter time.Time) // SetSessionTicketRotationStatus sets the TLS session ticket rotation // status. SetSessionTicketRotationStatus(ctx context.Context, enabled bool) }
Metrics is an interface that is used for the collection of the TLS-related statistics.