Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewKeepAliveListener ¶
NewKeepAliveListener returns a listener that listens on the given address. Be careful when wrap around KeepAliveListener with another Listener if TLSInfo is not nil. Some pkgs (like go/http) might expect Listener to return TLSConn type to start TLS handshake. http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/overview.html
Types ¶
type TLSInfo ¶
type TLSInfo struct {
CertFile string
KeyFile string
ClientCAFile string
TrustedCAFile string
ClientAuthType tls.ClientAuthType
CRLVerifier crlcache.Verifier
InsecureSkipVerify bool
SkipClientSANVerify bool
// ServerName ensures the cert matches the given host in case of discovery / virtual hosting
ServerName string
// HandshakeFailure is optionally called when a connection fails to handshake. The
// connection will be closed immediately afterwards.
HandshakeFailure func(*tls.Conn, error)
// CipherSuites is a list of supported cipher suites.
// If empty, Go auto-populates it by default.
// Note that cipher suites are prioritized in the given order.
CipherSuites []string
// AllowedCN is a CN which must be provided by a client.
AllowedCN string
// AllowedHostname is an IP address or hostname that must match the TLS
// certificate provided by a client.
AllowedHostname string
// EmptyCN indicates that the cert must have empty CN.
// If true, ClientConfig() will return an error for a cert with non empty CN.
EmptyCN bool
// contains filtered or unexported fields
}
TLSInfo provides TLS configuration
func (*TLSInfo) ServerTLSWithReloader ¶
ServerTLSWithReloader returns tls.Config with reloader
Source Files
Click to show internal directories.
Click to hide internal directories.