tls

package
v1.7.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 23, 2019 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// MinVersion Map of allowed TLS minimum versions
	MinVersion = map[string]uint16{
		"VersionTLS10": tls.VersionTLS10,
		"VersionTLS11": tls.VersionTLS11,
		"VersionTLS12": tls.VersionTLS12,
		"VersionTLS13": tls.VersionTLS13,
	}

	// CipherSuites Map of TLS CipherSuites from crypto/tls
	// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
	CipherSuites = map[string]uint16{
		"TLS_RSA_WITH_RC4_128_SHA":                tls.TLS_RSA_WITH_RC4_128_SHA,
		"TLS_RSA_WITH_3DES_EDE_CBC_SHA":           tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
		"TLS_RSA_WITH_AES_128_CBC_SHA":            tls.TLS_RSA_WITH_AES_128_CBC_SHA,
		"TLS_RSA_WITH_AES_256_CBC_SHA":            tls.TLS_RSA_WITH_AES_256_CBC_SHA,
		"TLS_RSA_WITH_AES_128_CBC_SHA256":         tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
		"TLS_RSA_WITH_AES_128_GCM_SHA256":         tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
		"TLS_RSA_WITH_AES_256_GCM_SHA384":         tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
		"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA":        tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA":    tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
		"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA":    tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
		"TLS_ECDHE_RSA_WITH_RC4_128_SHA":          tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
		"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA":     tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA":      tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA":      tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256":   tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256":   tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384":   tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
		"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305":    tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
		"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305":  tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
		"TLS_AES_128_GCM_SHA256":                  tls.TLS_AES_128_GCM_SHA256,
		"TLS_AES_256_GCM_SHA384":                  tls.TLS_AES_256_GCM_SHA384,
		"TLS_CHACHA20_POLY1305_SHA256":            tls.TLS_CHACHA20_POLY1305_SHA256,
		"TLS_FALLBACK_SCSV":                       tls.TLS_FALLBACK_SCSV,
	}
)

Functions

func MatchDomain

func MatchDomain(domain string, certDomain string) bool

MatchDomain return true if a domain match the cert domain

func SortTLSPerEntryPoints

func SortTLSPerEntryPoints(configurations []*Configuration, epConfiguration map[string]map[string]*tls.Certificate, defaultEntryPoints []string)

SortTLSPerEntryPoints converts TLS configuration sorted by Certificates into TLS configuration sorted by EntryPoints

Types

type Certificate

type Certificate struct {
	CertFile FileOrContent
	KeyFile  FileOrContent
}

Certificate holds a SSL cert/key pair Certs and Key could be either a file path, or the file content itself

func (*Certificate) AppendCertificate added in v1.7.19

func (c *Certificate) AppendCertificate(certs map[string]map[string]*tls.Certificate, ep string) error

AppendCertificate appends a Certificate to a certificates map keyed by entrypoint.

type CertificateStore

type CertificateStore struct {
	DynamicCerts       *safe.Safe
	StaticCerts        *safe.Safe
	DefaultCertificate *tls.Certificate
	CertCache          *cache.Cache
	SniStrict          bool
}

CertificateStore store for dynamic and static certificates

func NewCertificateStore

func NewCertificateStore() *CertificateStore

NewCertificateStore create a store for dynamic and static certificates

func (CertificateStore) ContainsCertificates

func (c CertificateStore) ContainsCertificates() bool

ContainsCertificates checks if there are any certs in the store

func (CertificateStore) GetAllDomains

func (c CertificateStore) GetAllDomains() []string

GetAllDomains return a slice with all the certificate domain

func (CertificateStore) GetBestCertificate

func (c CertificateStore) GetBestCertificate(clientHello *tls.ClientHelloInfo) *tls.Certificate

GetBestCertificate returns the best match certificate, and caches the response

func (CertificateStore) ResetCache

func (c CertificateStore) ResetCache()

ResetCache clears the cache in the store

type Certificates

type Certificates []Certificate

Certificates defines traefik certificates type Certs and Keys could be either a file path, or the file content itself

func (*Certificates) CreateTLSConfig

func (c *Certificates) CreateTLSConfig(entryPointName string) (*tls.Config, error)

CreateTLSConfig creates a TLS config from Certificate structures

func (*Certificates) Set

func (c *Certificates) Set(value string) error

Set is the method to set the flag value, part of the flag.Value interface. Set's argument is a string to be parsed to set the flag. It's a comma-separated list, so we split it.

func (*Certificates) String

func (c *Certificates) String() string

String is the method to format the flag's value, part of the flag.Value interface. The String method's output will be used in diagnostics.

func (*Certificates) Type

func (c *Certificates) Type() string

Type is type of the struct

type ClientCA

type ClientCA struct {
	Files    FilesOrContents
	Optional bool
}

ClientCA defines traefik CA files for a entryPoint and it indicates if they are mandatory or have just to be analyzed if provided

type Configuration

type Configuration struct {
	EntryPoints []string
	Certificate *Certificate
}

Configuration allows mapping a TLS certificate to a list of entrypoints

type FileOrContent

type FileOrContent string

FileOrContent hold a file path or content

func (FileOrContent) IsPath

func (f FileOrContent) IsPath() bool

IsPath returns true if the FileOrContent is a file path, otherwise returns false

func (FileOrContent) Read

func (f FileOrContent) Read() ([]byte, error)

func (FileOrContent) String

func (f FileOrContent) String() string

type FilesOrContents

type FilesOrContents []FileOrContent

FilesOrContents hold the CA we want to have in root

func (*FilesOrContents) Get

func (r *FilesOrContents) Get() interface{}

Get return the FilesOrContents list

func (*FilesOrContents) Set

func (r *FilesOrContents) Set(value string) error

Set is the method to set the flag value, part of the flag.Value interface. Set's argument is a string to be parsed to set the flag. It's a comma-separated list, so we split it.

func (*FilesOrContents) SetValue

func (r *FilesOrContents) SetValue(val interface{})

SetValue sets the FilesOrContents with val

func (*FilesOrContents) String

func (r *FilesOrContents) String() string

String is the method to format the flag's value, part of the flag.Value interface. The String method's output will be used in diagnostics.

func (*FilesOrContents) Type

func (r *FilesOrContents) Type() string

Type is type of the struct

type TLS

type TLS struct {
	MinVersion         string `export:"true"`
	CipherSuites       []string
	Certificates       Certificates
	ClientCAFiles      FilesOrContents // Deprecated
	ClientCA           ClientCA
	DefaultCertificate *Certificate
	SniStrict          bool `export:"true"`
}

TLS configures TLS for an entry point

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL