Versions in this module Expand all Collapse all v2 v2.2.0 Feb 28, 2023 Changes in this version + func GetCertificate(svid x509svid.Source, opts ...Option) func(*tls.ClientHelloInfo) (*tls.Certificate, error) + func GetClientCertificate(svid x509svid.Source, opts ...Option) func(*tls.CertificateRequestInfo) (*tls.Certificate, error) + func HookMTLSClientConfig(config *tls.Config, svid x509svid.Source, bundle x509bundle.Source, ...) + func HookMTLSServerConfig(config *tls.Config, svid x509svid.Source, bundle x509bundle.Source, ...) + func HookMTLSWebClientConfig(config *tls.Config, svid x509svid.Source, roots *x509.CertPool, opts ...Option) + func HookMTLSWebServerConfig(config *tls.Config, cert *tls.Certificate, bundle x509bundle.Source, ...) + func HookTLSClientConfig(config *tls.Config, bundle x509bundle.Source, authorizer Authorizer, ...) + func HookTLSServerConfig(config *tls.Config, svid x509svid.Source, opts ...Option) + func MTLSClientConfig(svid x509svid.Source, bundle x509bundle.Source, authorizer Authorizer, ...) *tls.Config + func MTLSServerConfig(svid x509svid.Source, bundle x509bundle.Source, authorizer Authorizer, ...) *tls.Config + func MTLSWebClientConfig(svid x509svid.Source, roots *x509.CertPool, opts ...Option) *tls.Config + func MTLSWebServerConfig(cert *tls.Certificate, bundle x509bundle.Source, authorizer Authorizer, ...) *tls.Config + func TLSClientConfig(bundle x509bundle.Source, authorizer Authorizer, opts ...Option) *tls.Config + func TLSServerConfig(svid x509svid.Source, opts ...Option) *tls.Config + func VerifyPeerCertificate(bundle x509bundle.Source, authorizer Authorizer, opts ...Option) func([][]byte, [][]*x509.Certificate) error + func WrapVerifyPeerCertificate(wrapped func([][]byte, [][]*x509.Certificate) error, bundle x509bundle.Source, ...) func([][]byte, [][]*x509.Certificate) error + type Authorizer func(id spiffeid.ID, verifiedChains [][]*x509.Certificate) error + func AdaptMatcher(matcher spiffeid.Matcher) Authorizer + func AuthorizeAny() Authorizer + func AuthorizeID(allowed spiffeid.ID) Authorizer + func AuthorizeMemberOf(allowed spiffeid.TrustDomain) Authorizer + func AuthorizeOneOf(allowed ...spiffeid.ID) Authorizer + type GetCertificateInfo struct + type GotCertificateInfo struct + Cert *tls.Certificate + Err error + type Option interface + func WithTrace(trace Trace) Option + type Trace struct + GetCertificate func(GetCertificateInfo) interface{} + GotCertificate func(GotCertificateInfo, interface{})