dynamic_rootca

package

v0.0.0-...-6a0d788 Latest Latest Go to latest Published: Oct 3, 2022 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go418/http_client

Documentation ¶

Index ¶

Variables
type DynamicRootCAs
- func NewDynamicClientCertificate(ctx context.Context, log logr.Logger, newCertPool NewCertPool) DynamicRootCAs
type NewCertPool

Constants ¶

This section is empty.

Variables ¶

View Source

var CertCallbackRefreshDuration = 5 * time.Minute

CertCallbackRefreshDuration is exposed so that integration tests can crank up the reload speed.

Functions ¶

This section is empty.

Types ¶

type DynamicRootCAs ¶

type DynamicRootCAs interface {
	// run starts the controller and blocks until context expires
	// calling run is not necessary, but allows us to refresh certificates
	// before being required for a request (preventing long latency penalties)
	Run(ctx context.Context)

	// GetCertPool returns the latest CA bundle that was read. The controller
	// tries to reload the certificates periodically.
	GetCertPool(ctx context.Context) (*x509.CertPool, error)
}

func NewDynamicClientCertificate ¶

func NewDynamicClientCertificate(ctx context.Context, log logr.Logger, newCertPool NewCertPool) DynamicRootCAs

Dynamic client cert: use file/ secret watch and acceptable server CAs to determine if certificate is still valid and fetch a new version of the cerificate if required. A certificate that is about to expire will cause the connection to be closed.

type NewCertPool ¶

type NewCertPool func(ctx context.Context, existing *x509.CertPool) (*x509.CertPool, error)

Source Files ¶

View all Source files

dynamic_rootca.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL