Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewDialClient ¶
func NewDialClient(svid x509svid.Source, bundle x509bundle.Source, authorizer tlsconfig.Authorizer) *tls.Config
NewDialClient returns a `tls.Config` intended for network clients. Because pre v1.12 Dapr servers will be using the issuing CA key pair (!!) for serving and client auth, we need to fallback the `VerifyPeerCertificate` method to match on `cluster.local` DNS if and when the SPIFFE mTLS handshake fails. TODO: @joshvanl: This package should be removed in v1.13.
func NewDialClientOptionalClientAuth ¶
func NewDialClientOptionalClientAuth(svid x509svid.Source, bundle x509bundle.Source, authorizer tlsconfig.Authorizer) (*tls.Config, error)
NewDialClientOptionalClientAuth returns a `tls.Config` intended for network clients with optional client authentication. Because pre v1.12 Dapr servers will be using the issuing CA key pair (!!) for serving and client auth, we need to fallback the `VerifyPeerCertificate` method to match on `cluster.local` DNS if and when the SPIFFE mTLS handshake fails. Sets the client certificate to that configured in environment variables to satisfy sentry v1.11 servers.
func NewServer ¶
func NewServer(svid x509svid.Source, bundle x509bundle.Source, authorizer tlsconfig.Authorizer) *tls.Config
NewServer returns a `tls.Config` intended for network servers. Because pre v1.12 Dapr clients will be using the issuing CA key pair (!!) for serving and client auth, we need to fallback the `VerifyPeerCertificate` method to match on `cluster.local` DNS if and when the SPIFFE mTLS handshake fails. TODO: @joshvanl: This package should be removed in v1.13.
Types ¶
This section is empty.
Source Files