Documentation ¶
Index ¶
- Variables
- func ClearSecretManager()
- func GetSdsClient(cfg *auth.SdsSecretConfig) types.SdsClient
- func GetTLSConn(c net.Conn, b []byte) (net.Conn, error)
- func NewProvider(cfg *v2.TLSConfig) (types.TLSProvider, error)
- func NewTLSClientContextManager(cfg *v2.TLSConfig) (types.TLSContextManager, error)
- func NewTLSServerContextManager(cfg *v2.Listener) (types.TLSContextManager, error)
- func Register(name string, factory ConfigHooksFactory) error
- func RegisterSdsCallback(f func())
- type ConfigHooks
- type ConfigHooksFactory
- type Conn
- type TLSConn
Constants ¶
This section is empty.
Variables ¶
var ErrorNoCertConfigure = errors.New("no certificate config")
ErrorNoCertConfigure represents config has no certificate
Functions ¶
func ClearSecretManager ¶
func ClearSecretManager()
func GetSdsClient ¶
func GetSdsClient(cfg *auth.SdsSecretConfig) types.SdsClient
func NewProvider ¶
func NewProvider(cfg *v2.TLSConfig) (types.TLSProvider, error)
NewProvider returns a types.Provider. we support sds provider and static provider.
func NewTLSClientContextManager ¶
func NewTLSClientContextManager(cfg *v2.TLSConfig) (types.TLSContextManager, error)
NewTLSClientContextManager returns a types.TLSContextManager used in TLS Client
func NewTLSServerContextManager ¶
func NewTLSServerContextManager(cfg *v2.Listener) (types.TLSContextManager, error)
NewTLSServerContextManager returns a types.TLSContextManager used in TLS Server A Server Manager can contains multiple certificates in provider
func Register ¶
func Register(name string, factory ConfigHooksFactory) error
Register registers an extension.
func RegisterSdsCallback ¶
func RegisterSdsCallback(f func())
Types ¶
type ConfigHooks ¶
type ConfigHooks interface { // GetCertificate returns the tls.Certificate by index. // By default the index is the cert/key file path or cert/key pem string GetCertificate(certIndex, keyIndex string) (tls.Certificate, error) // GetX509Pool returns the x509.CertPool, which is a set of certificates. // By default the index is the ca certificate file path or certificate pem string GetX509Pool(caIndex string) (*x509.CertPool, error) // ServerHandshakeVerify returns a function that used to set "VerifyPeerCertificate" defined in tls.Config. // If it is returns nil, the normal certificate verification will be used. // Notice that we set tls.Config.InsecureSkipVerify to make sure the "VerifyPeerCertificate" is called, // so the ServerHandshakeVerify should verify the trusted ca if necessary. // If the TLSConfig.RequireClientCert is false, the ServerHandshakeVerify will be ignored ServerHandshakeVerify(cfg *tls.Config) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error // ClientHandshakeVerify returns a function that used to set "VerifyPeerCertificate" defined in tls.Config. // If it is returns nil, the normal certificate verification will be used. // Notice that we set tls.Config.InsecureSkipVerify to make sure the "VerifyPeerCertificate" is called, // so the ClientHandshakeVerify should verify the trusted ca if necessary. // If TLSConfig.InsecureSkip is true, the ClientHandshakeVerify will be ignored. ClientHandshakeVerify(cfg *tls.Config) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error }
ConfigHooks is a set of functions used to make a tls config
func DefaultConfigHooks ¶
func DefaultConfigHooks() ConfigHooks
DefaultConfigHooks returns the default config hooks implement
type ConfigHooksFactory ¶
type ConfigHooksFactory interface {
CreateConfigHooks(config map[string]interface{}) ConfigHooks
}
ConfigHooksFactory creates ConfigHooks by config
type Conn ¶
Conn is a generic stream-oriented network connection. It implements the net.Conn interface.
type TLSConn ¶
TLSConn represents a secured connection. It implements the net.Conn interface.
func (*TLSConn) ConnectionState ¶
func (c *TLSConn) ConnectionState() gotls.ConnectionState
ConnectionState records basic TLS details about the connection.
func (*TLSConn) GetRawConn ¶
GetRawConn returns network connection.
func (*TLSConn) GetTLSInfo ¶
GetTLSInfo returns TLSInfo
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package certtool used for generate certificate for test/examples By default, use CreateTemplate, GeneratePrivateKey, and SignCertificate, the certificates created in same process have same root ca
|
Package certtool used for generate certificate for test/examples By default, use CreateTemplate, GeneratePrivateKey, and SignCertificate, the certificates created in same process have same root ca |
crypto
|
|
tls
Package tls partially implements TLS 1.2, as specified in RFC 5246.
|
Package tls partially implements TLS 1.2, as specified in RFC 5246. |
tls/cipherhw
Package cipherhw exposes common functions for detecting whether hardware support for certain ciphers and authenticators is present.
|
Package cipherhw exposes common functions for detecting whether hardware support for certain ciphers and authenticators is present. |
tls/testenv
Package testenv provides information about what functionality is available in different testing environments run by the Go team.
|
Package testenv provides information about what functionality is available in different testing environments run by the Go team. |