Documentation ¶
Index ¶
- Constants
- func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)
- func CipherSuite(cipherName string) (uint16, error)
- func CipherSuiteToNameOrDie(intVal uint16) string
- func CipherSuitesOrDie(cipherNames []string) []uint16
- func CipherSuitesToNamesOrDie(intVals []uint16) []string
- func DefaultCiphers() []uint16
- func DefaultTLSVersion() uint16
- func IPAddressesDNSNames(hosts []string) ([]net.IP, []string)
- func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)
- func SecureTLSConfig(config *tls.Config) *tls.Config
- func TLSVersion(versionName string) (uint16, error)
- func TLSVersionOrDie(versionName string) uint16
- func TLSVersionToNameOrDie(intVal uint16) string
- func ValidCipherSuites() []string
- func ValidTLSVersions() []string
- type CA
- func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error)
- func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error)
- func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)
- func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error)
- func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)
- type CertificateExtensionFunc
- type RandomSerialGenerator
- type SerialFileGenerator
- type SerialGenerator
- type TLSCARoots
- type TLSCertificateConfig
Constants ¶
const ( DefaultCertificateLifetimeInDays = 365 * 2 // 2 years DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years )
Variables ¶
This section is empty.
Functions ¶
func CertsFromPEM ¶ added in v0.4.2
func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)
func CipherSuite ¶ added in v1.5.0
func CipherSuiteToNameOrDie ¶
CipherSuiteToNameOrDie given a cipher suite as an int, return its readable name
func CipherSuitesOrDie ¶ added in v1.5.0
func CipherSuitesToNamesOrDie ¶
CipherSuitesToNamesOrDie given a list of cipher suites as ints, return their readable names
func DefaultCiphers ¶ added in v1.5.0
func DefaultCiphers() []uint16
func DefaultTLSVersion ¶ added in v1.5.0
func DefaultTLSVersion() uint16
func IPAddressesDNSNames ¶ added in v0.2.2
func NewKeyPair ¶
func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)
func SecureTLSConfig ¶ added in v1.0.7
SecureTLSConfig enforces the default minimum security settings for the cluster.
func TLSVersion ¶ added in v1.5.0
func TLSVersionOrDie ¶ added in v1.5.0
func TLSVersionToNameOrDie ¶
TLSVersionToNameOrDie given a tls version as an int, return its readable name
func ValidCipherSuites ¶ added in v1.5.0
func ValidCipherSuites() []string
func ValidTLSVersions ¶ added in v1.5.0
func ValidTLSVersions() []string
Types ¶
type CA ¶
type CA struct { Config *TLSCertificateConfig SerialGenerator SerialGenerator }
func EnsureCA ¶ added in v0.4.2
EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error if serialFile is empty, a RandomSerialGenerator will be used
func (*CA) EnsureClientCertificate ¶ added in v0.4.2
func (*CA) EnsureServerCert ¶ added in v0.4.2
func (*CA) MakeAndWriteServerCert ¶ added in v1.3.0
func (*CA) MakeClientCertificate ¶ added in v0.4.2
func (*CA) MakeServerCert ¶
func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)
type CertificateExtensionFunc ¶ added in v1.5.0
type CertificateExtensionFunc func(*x509.Certificate) error
CertificateExtensionFunc is passed a certificate that it may extend, or return an error if the extension attempt failed.
type RandomSerialGenerator ¶ added in v1.1.4
type RandomSerialGenerator struct { }
RandomSerialGenerator returns a serial based on time.Now and the subject
func (*RandomSerialGenerator) Next ¶ added in v1.1.4
func (s *RandomSerialGenerator) Next(template *x509.Certificate) (int64, error)
type SerialFileGenerator ¶ added in v1.1.4
type SerialFileGenerator struct { SerialFile string Serial int64 // contains filtered or unexported fields }
SerialFileGenerator returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.
func NewSerialFileGenerator ¶ added in v1.1.4
func NewSerialFileGenerator(serialFile string) (*SerialFileGenerator, error)
func (*SerialFileGenerator) Next ¶ added in v1.1.4
func (s *SerialFileGenerator) Next(template *x509.Certificate) (int64, error)
Next returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.
type SerialGenerator ¶ added in v1.1.4
type SerialGenerator interface {
Next(template *x509.Certificate) (int64, error)
}
SerialGenerator is an interface for getting a serial number for the cert. It MUST be thread-safe.
type TLSCARoots ¶ added in v0.4.2
type TLSCARoots struct {
Roots []*x509.Certificate
}
type TLSCertificateConfig ¶
type TLSCertificateConfig struct { Certs []*x509.Certificate Key crypto.PrivateKey }
func GetServerCert ¶ added in v0.4.2
func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error)
func GetTLSCertificateConfig ¶ added in v0.4.2
func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)
func (*TLSCertificateConfig) GetPEMBytes ¶ added in v1.3.0
func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)