tlsutil

package module

v0.0.0-...-a9f5402 Latest Latest Go to latest Published: Nov 11, 2024 License: BSD-3-Clause Imports: 11 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/creachadair/tlsutil

Links

Open Source Insights

README ¶

tlsutil

This repository defines a Go library for working with TLS certificates.

Documentation ¶

Overview ¶

Package tlsutil provides support for using TLS certificates.

Index ¶

type Certificate

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Certificate ¶

type Certificate struct {
	// contains filtered or unexported fields
}

A Certificate contains a certificate and its key pair.

func LoadCertificate ¶

func LoadCertificate(srcs ...[]byte) (Certificate, error)

LoadCertificate loads a certificate and private key from srcs. The contents of each slice must be in PEM format, and each slice may contain multiple PEM blocks.

An error is reported if the input does not contain exactly one CERTIFICATE block and exactly one PRIVATE KEY block, or if either of those blocks are not of the correct format. Any blocks of other types are ignored.

If the caller has certificate and key data stored separately, they can be concatenated into a single slice, or provided as separate slices.

func NewServerCert ¶

func NewServerCert(validFor time.Duration, sc Certificate, base *x509.Certificate) (Certificate, error)

NewServerCert creates a new server certificate that is valid for the specified period and is signed by the given signing cert. The contents of base are used as a template for the cert, allowing the caller to specify names and other constraints.

The following overrides are applied:

If the serial number is not specified, a random one is generated.
If the "not before" time is not specified, time.Now is used.
The IsCA flag is cleared on the resulting cert.
The key is marked for digital signatures and key encipherment.
If ExtKeyUsage == nil, client and server auth are added.

func NewSigningCert ¶

func NewSigningCert(validFor time.Duration, base *x509.Certificate) (Certificate, error)

NewSigningCert creates a new self-signed signing ("CA") certificate that is valid for the specified period. The contents of base are used as a template for the cert, allowing the caller to specify names and other constraints.

The following overrides are applied:

If the serial number is not specified, a random one is generated.
If the "not before" time is not specified, time.Now is used.
The IsCA flag is set on the resulting cert.
The key is marked for cert signing, digital signatures, and key encipherment.

func (Certificate) CertPEM ¶

func (c Certificate) CertPEM() []byte

CertPEM returns the certificate encoded as a CERTIFICATE block in PEM notation.

func (Certificate) PrivKeyPEM ¶

func (c Certificate) PrivKeyPEM() []byte

PrivKeyPEM returns the private key encoded as a PRIVATE KEY block in PEM notation.

func (Certificate) TLSCertificate ¶

func (c Certificate) TLSCertificate() (tls.Certificate, error)

TLSCertificate converts c into a crypto/tls.Certificate.

Source Files ¶

View all Source files

tlsutil.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL