tlsconfig

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2023 License: MIT Imports: 18 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetCipherSuite

func GetCipherSuite(s string) (uint16, bool)

GetCipherSuite returns the corresponding cipher suite, and boolean value if it is supported.

func LoadX509KeyPairWithOCSP

func LoadX509KeyPairWithOCSP(certFile, keyFile string) (*tls.Certificate, error)

LoadX509KeyPairWithOCSP reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.

func NewClientTLSFromFiles

func NewClientTLSFromFiles(certFile, keyFile, rootsFile string) (*tls.Config, error)

NewClientTLSFromFiles will build a tls.Config from the supplied certificate, key and optional trust roots files, these files are all expected to be PEM encoded. The file paths are relative to the working directory if not specified in absolute format. caBundle is optional. rootsFile is optional, if not specified the standard OS CA roots will be used.

func NewServerTLSFromFiles

func NewServerTLSFromFiles(certFile, keyFile, rootsFile string, clientauthType tls.ClientAuthType) (*tls.Config, error)

NewServerTLSFromFiles will build a tls.Config from the supplied certificate, key and optional trust roots files, these files are all expected to be PEM encoded. The file paths are relative to the working directory if not specified in absolute format. caBundle is optional. rootsFile is optional, if not specified the standard OS CA roots will be used.

func UpdateCipherSuites

func UpdateCipherSuites(tls *tls.Config, ss []string) error

UpdateCipherSuites in tls.Config

func X509KeyPair

func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (*tls.Certificate, error)

X509KeyPair parses a public/private key pair from a pair of PEM encoded data.

func X509KeyPairWithOCSP

func X509KeyPairWithOCSP(certPEMBlock, keyPEMBlock, ocspStaple []byte) (*tls.Certificate, error)

X509KeyPairWithOCSP parses a public/private key pair from a pair of PEM encoded data.

Types

type HTTPTransport

type HTTPTransport struct {
	// contains filtered or unexported fields
}

HTTPTransport is an implementation of http.RoundTripper with an auto-updating TLSClientConfig.

func NewHTTPTransportWithReloader

func NewHTTPTransportWithReloader(
	certFile, keyFile, rootsFile string,
	checkInterval time.Duration,
	HTTPUserTransport *http.Transport) (*HTTPTransport, error)

NewHTTPTransportWithReloader creates an HTTPTransport based on a given Transport (or http.DefaultTransport).

func (*HTTPTransport) Close

func (t *HTTPTransport) Close() error

Close will close the reloader and release its resources

func (*HTTPTransport) RoundTrip

func (t *HTTPTransport) RoundTrip(r *http.Request) (*http.Response, error)

RoundTrip implements the http.RoundTripper interface.

type KeypairReloader

type KeypairReloader struct {
	// contains filtered or unexported fields
}

KeypairReloader keeps necessary info to provide reloaded certificate

func NewClientTLSWithReloader

func NewClientTLSWithReloader(certFile, keyFile, rootsFile string, checkInterval time.Duration) (*tls.Config, *KeypairReloader, error)

NewClientTLSWithReloader is a wrapper around NewClientTLSFromFiles with NewKeypairReloader

func NewKeypairReloader

func NewKeypairReloader(label, certPath, keyPath string, checkInterval time.Duration) (*KeypairReloader, error)

NewKeypairReloader return an instance of the TLS cert loader

func (*KeypairReloader) CertAndKeyFiles

func (k *KeypairReloader) CertAndKeyFiles() (string, string)

CertAndKeyFiles returns cert and key files

func (*KeypairReloader) Close

func (k *KeypairReloader) Close() error

Close will close the reloader and release its resources

func (*KeypairReloader) GetClientCertificateFunc

func (k *KeypairReloader) GetClientCertificateFunc() func(*tls.CertificateRequestInfo) (*tls.Certificate, error)

GetClientCertificateFunc is a callback for TLSConfig to provide TLS certificate and key pair for Client

func (*KeypairReloader) GetKeypairFunc

func (k *KeypairReloader) GetKeypairFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error)

GetKeypairFunc is a callback for TLSConfig to provide TLS certificate and key pair for Server

func (*KeypairReloader) Keypair

func (k *KeypairReloader) Keypair() *tls.Certificate

Keypair returns current pair

func (*KeypairReloader) LoadedAt

func (k *KeypairReloader) LoadedAt() time.Time

LoadedAt return the last time when the pair was loaded

func (*KeypairReloader) LoadedCount

func (k *KeypairReloader) LoadedCount() uint32

LoadedCount returns the number of times the pair was loaded from disk

func (*KeypairReloader) OnReload

OnReload allows to add OnReloadFunc handler

func (*KeypairReloader) Reload

func (k *KeypairReloader) Reload() error

Reload will explicitly load TLS certs from the disk

type OnReloadFunc

type OnReloadFunc func(pair *tls.Certificate)

OnReloadFunc is a callback to handle cert reload

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL