Documentation ¶
Index ¶
- func GetCipherSuite(s string) (uint16, bool)
- func LoadX509KeyPairWithOCSP(certFile, keyFile string) (*tls.Certificate, error)
- func NewClientTLSFromFiles(certFile, keyFile, rootsFile string) (*tls.Config, error)
- func NewServerTLSFromFiles(certFile, keyFile, rootsFile string, clientauthType tls.ClientAuthType) (*tls.Config, error)
- func UpdateCipherSuites(tls *tls.Config, ss []string) error
- func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (*tls.Certificate, error)
- func X509KeyPairWithOCSP(certPEMBlock, keyPEMBlock, ocspStaple []byte) (*tls.Certificate, error)
- type HTTPTransport
- type KeypairReloader
- func (k *KeypairReloader) CertAndKeyFiles() (string, string)
- func (k *KeypairReloader) Close() error
- func (k *KeypairReloader) GetClientCertificateFunc() func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
- func (k *KeypairReloader) GetKeypairFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error)
- func (k *KeypairReloader) Keypair() *tls.Certificate
- func (k *KeypairReloader) LoadedAt() time.Time
- func (k *KeypairReloader) LoadedCount() uint32
- func (k *KeypairReloader) OnReload(f OnReloadFunc) *KeypairReloader
- func (k *KeypairReloader) Reload() error
- type OnReloadFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetCipherSuite ¶
GetCipherSuite returns the corresponding cipher suite, and boolean value if it is supported.
func LoadX509KeyPairWithOCSP ¶
func LoadX509KeyPairWithOCSP(certFile, keyFile string) (*tls.Certificate, error)
LoadX509KeyPairWithOCSP reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.
func NewClientTLSFromFiles ¶
NewClientTLSFromFiles will build a tls.Config from the supplied certificate, key and optional trust roots files, these files are all expected to be PEM encoded. The file paths are relative to the working directory if not specified in absolute format. caBundle is optional. rootsFile is optional, if not specified the standard OS CA roots will be used.
func NewServerTLSFromFiles ¶
func NewServerTLSFromFiles(certFile, keyFile, rootsFile string, clientauthType tls.ClientAuthType) (*tls.Config, error)
NewServerTLSFromFiles will build a tls.Config from the supplied certificate, key and optional trust roots files, these files are all expected to be PEM encoded. The file paths are relative to the working directory if not specified in absolute format. caBundle is optional. rootsFile is optional, if not specified the standard OS CA roots will be used.
func UpdateCipherSuites ¶
UpdateCipherSuites in tls.Config
func X509KeyPair ¶
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (*tls.Certificate, error)
X509KeyPair parses a public/private key pair from a pair of PEM encoded data.
func X509KeyPairWithOCSP ¶
func X509KeyPairWithOCSP(certPEMBlock, keyPEMBlock, ocspStaple []byte) (*tls.Certificate, error)
X509KeyPairWithOCSP parses a public/private key pair from a pair of PEM encoded data.
Types ¶
type HTTPTransport ¶
type HTTPTransport struct {
// contains filtered or unexported fields
}
HTTPTransport is an implementation of http.RoundTripper with an auto-updating TLSClientConfig.
func NewHTTPTransportWithReloader ¶
func NewHTTPTransportWithReloader( certFile, keyFile, rootsFile string, checkInterval time.Duration, HTTPUserTransport *http.Transport) (*HTTPTransport, error)
NewHTTPTransportWithReloader creates an HTTPTransport based on a given Transport (or http.DefaultTransport).
func (*HTTPTransport) Close ¶
func (t *HTTPTransport) Close() error
Close will close the reloader and release its resources
type KeypairReloader ¶
type KeypairReloader struct {
// contains filtered or unexported fields
}
KeypairReloader keeps necessary info to provide reloaded certificate
func NewClientTLSWithReloader ¶
func NewClientTLSWithReloader(certFile, keyFile, rootsFile string, checkInterval time.Duration) (*tls.Config, *KeypairReloader, error)
NewClientTLSWithReloader is a wrapper around NewClientTLSFromFiles with NewKeypairReloader
func NewKeypairReloader ¶
func NewKeypairReloader(label, certPath, keyPath string, checkInterval time.Duration) (*KeypairReloader, error)
NewKeypairReloader return an instance of the TLS cert loader
func (*KeypairReloader) CertAndKeyFiles ¶
func (k *KeypairReloader) CertAndKeyFiles() (string, string)
CertAndKeyFiles returns cert and key files
func (*KeypairReloader) Close ¶
func (k *KeypairReloader) Close() error
Close will close the reloader and release its resources
func (*KeypairReloader) GetClientCertificateFunc ¶
func (k *KeypairReloader) GetClientCertificateFunc() func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
GetClientCertificateFunc is a callback for TLSConfig to provide TLS certificate and key pair for Client
func (*KeypairReloader) GetKeypairFunc ¶
func (k *KeypairReloader) GetKeypairFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error)
GetKeypairFunc is a callback for TLSConfig to provide TLS certificate and key pair for Server
func (*KeypairReloader) Keypair ¶
func (k *KeypairReloader) Keypair() *tls.Certificate
Keypair returns current pair
func (*KeypairReloader) LoadedAt ¶
func (k *KeypairReloader) LoadedAt() time.Time
LoadedAt return the last time when the pair was loaded
func (*KeypairReloader) LoadedCount ¶
func (k *KeypairReloader) LoadedCount() uint32
LoadedCount returns the number of times the pair was loaded from disk
func (*KeypairReloader) OnReload ¶
func (k *KeypairReloader) OnReload(f OnReloadFunc) *KeypairReloader
OnReload allows to add OnReloadFunc handler
func (*KeypairReloader) Reload ¶
func (k *KeypairReloader) Reload() error
Reload will explicitly load TLS certs from the disk
type OnReloadFunc ¶
type OnReloadFunc func(pair *tls.Certificate)
OnReloadFunc is a callback to handle cert reload