tlsconfig

package
v0.27.273 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 1, 2024 License: MIT Imports: 18 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetCipherSuite 

func GetCipherSuite(s string) (uint16, bool)

GetCipherSuite returns the corresponding cipher suite, and boolean value if it is supported.

func LoadX509KeyPairWithOCSP 

func LoadX509KeyPairWithOCSP(certFile, keyFile string) (*tls.Certificate, error)

LoadX509KeyPairWithOCSP reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.

func NewClientTLSFromFiles 

func NewClientTLSFromFiles(certFile, keyFile, rootsFile string) (*tls.Config, error)

NewClientTLSFromFiles will build a tls.Config from the supplied certificate, key and optional trust roots files, these files are all expected to be PEM encoded. The file paths are relative to the working directory if not specified in absolute format. caBundle is optional. rootsFile is optional, if not specified the standard OS CA roots will be used.

func NewServerTLSFromFiles 

func NewServerTLSFromFiles(certFile, keyFile, rootsFile, caFile string, clientauthType tls.ClientAuthType) (*tls.Config, error)

NewServerTLSFromFiles will build a tls.Config from the supplied certificate, key and optional trust roots files, these files are all expected to be PEM encoded. The file paths are relative to the working directory if not specified in absolute format. caBundle is optional. rootsFile is optional, if not specified the standard OS CA roots will be used.

func UpdateCipherSuites 

func UpdateCipherSuites(tls *tls.Config, ss []string) error

UpdateCipherSuites in tls.Config

func X509KeyPair 

func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (*tls.Certificate, error)

X509KeyPair parses a public/private key pair from a pair of PEM encoded data.

func X509KeyPairWithOCSP 

func X509KeyPairWithOCSP(certPEMBlock, keyPEMBlock, ocspStaple []byte) (*tls.Certificate, error)

X509KeyPairWithOCSP parses a public/private key pair from a pair of PEM encoded data.

Types

type HTTPTransport 

type HTTPTransport struct {
	// contains filtered or unexported fields
}

HTTPTransport is an implementation of http.RoundTripper with an auto-updating TLSClientConfig.

func NewHTTPTransportWithReloader 

func NewHTTPTransportWithReloader(
	certFile, keyFile, rootsFile string,
	checkInterval time.Duration,
	HTTPUserTransport *http.Transport) (*HTTPTransport, error)

NewHTTPTransportWithReloader creates an HTTPTransport based on a given Transport (or http.DefaultTransport).

func (*HTTPTransport) Close 

func (t *HTTPTransport) Close() error

Close will close the reloader and release its resources

func (*HTTPTransport) RoundTrip 

func (t *HTTPTransport) RoundTrip(r *http.Request) (*http.Response, error)

RoundTrip implements the http.RoundTripper interface.

type KeypairReloader 

type KeypairReloader struct {
	// contains filtered or unexported fields
}

KeypairReloader keeps necessary info to provide reloaded certificate

func NewClientTLSWithReloader 

func NewClientTLSWithReloader(certFile, keyFile, rootsFile string, checkInterval time.Duration) (*tls.Config, *KeypairReloader, error)

NewClientTLSWithReloader is a wrapper around NewClientTLSFromFiles with NewKeypairReloader

func NewKeypairReloader 

func NewKeypairReloader(label, certPath, keyPath string, checkInterval time.Duration) (*KeypairReloader, error)

NewKeypairReloader return an instance of the TLS cert loader

func (*KeypairReloader) CertAndKeyFiles 

func (k *KeypairReloader) CertAndKeyFiles() (string, string)

CertAndKeyFiles returns cert and key files

func (*KeypairReloader) Close 

func (k *KeypairReloader) Close() error

Close will close the reloader and release its resources

func (*KeypairReloader) GetClientCertificateFunc 

func (k *KeypairReloader) GetClientCertificateFunc() func(*tls.CertificateRequestInfo) (*tls.Certificate, error)

GetClientCertificateFunc is a callback for TLSConfig to provide TLS certificate and key pair for Client

func (*KeypairReloader) GetKeypairFunc 

func (k *KeypairReloader) GetKeypairFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error)

GetKeypairFunc is a callback for TLSConfig to provide TLS certificate and key pair for Server

func (*KeypairReloader) Keypair 

func (k *KeypairReloader) Keypair() *tls.Certificate

Keypair returns current pair

func (*KeypairReloader) LoadedAt 

func (k *KeypairReloader) LoadedAt() time.Time

LoadedAt return the last time when the pair was loaded

func (*KeypairReloader) LoadedCount 

func (k *KeypairReloader) LoadedCount() uint32

LoadedCount returns the number of times the pair was loaded from disk

func (*KeypairReloader) OnReload 

func (k *KeypairReloader) OnReload(f OnReloadFunc) *KeypairReloader

OnReload allows to add OnReloadFunc handler

func (*KeypairReloader) Reload 

func (k *KeypairReloader) Reload() error

Reload will explicitly load TLS certs from the disk

type OnReloadFunc 

type OnReloadFunc func(pair *tls.Certificate)

OnReloadFunc is a callback to handle cert reload

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.