Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type GetCertificateFunc ¶
type GetCertificateFunc func(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificateFunc is a callback that allows a TLS stack deliver different certificates based on the client trying to establish a TLS connection.
For example, a GetCertificateFunc can return different TLS certificates depending upon the TLS SNI sent by the client.
type LoadX509KeyPairFunc ¶
type LoadX509KeyPairFunc func(certFile, keyFile string) (tls.Certificate, error)
LoadX509KeyPairFunc is a function that parses a private key and certificate file and returns a TLS certificate on success.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is a TLS certificate manager that can handle multiple certificates. When a client tries to establish a TLS connection, Manager will try to pick a certificate that can be validated by the client.
For instance, if the client specifies a TLS SNI then Manager will try to find the corresponding certificate. If there is no such certificate it will fallback to the certificate named public.crt.
Manager will automatically reload certificates if the corresponding file changes.
func NewManager ¶
func NewManager(ctx context.Context, certFile, keyFile string, loadX509KeyPair LoadX509KeyPairFunc) (manager *Manager, err error)
NewManager returns a new Manager that handles one certificate specified via the certFile and keyFile. It will use the loadX509KeyPair function to (re)load certificates.
The certificate loaded from certFile is considered the default certificate. If a client does not send the TLS SNI extension then Manager will return this certificate.
func (*Manager) AddCertificate ¶
AddCertificate adds the TLS certificate in certFile resp. keyFile to the Manager.
If there is already a certificate with the same base name it will be replaced by the newly added one.
func (*Manager) GetCertificate ¶
func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate returns a TLS certificate based on the client hello.
It tries to find a certificate that would be accepted by the client according to the client hello. However, if no certificate can be found GetCertificate returns the certificate loaded from the Public file.
func (*Manager) GetClientCertificate ¶
func (m *Manager) GetClientCertificate(reqInfo *tls.CertificateRequestInfo) (*tls.Certificate, error)
GetClientCertificate returns a TLS certificate for mTLS based on the certificate request.
It tries to find a certificate that would be accepted by the server according to the certificate request. However, if no certificate can be found GetClientCertificate returns the certificate loaded from the Public file.
Source Files