README
¶
A library to automatically detect a change in on-disk TLS certificates, and switch to a new certificate without interrupting existing connections. It will generate an in-memory self-signed certificate if none is found on-disk, which makes HTTPS just as easy and robust as HTTP. Used by Galene, https://galene.org -- Juliusz Chroboczek
Documentation
¶
Overview ¶
Package cert provides facilities for automatically updating in-memory TLS certificates whenever the corresponding files change on disk. It will generate an in-memory self-signed certificate if none is found on disk.
It is used as follows:
certificate := cert.New("cert.pem", "key.pem")
s := http.Server{
Addr: ":8443",
TLSConfig: &tls.Config{
GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
return certificate.Get()
},
},
}
err := s.ListenAndServeTLS("", "")
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
type Certificate struct {
// contains filtered or unexported fields
}
Type Certificate represents a TLS certificate loaded from on-disk files whose value will change transparently to the application when the on-disk files are modified.
func New ¶
func New(certFile, keyFile string) *Certificate
New creates a new dynamic certificate. The parameters keyFile and certFile are like those of tls.LoadX509KeyPair.
func (*Certificate) Get ¶
func (cert *Certificate) Get() (*tls.Certificate, error)
Get returns the tls.Certificate corresponding to cert. If both the key file and the cert file indicated by cert exist and are readable, Get returns a certificate built from these files. If neither exists, it returns an autogenerated self-signed certificate. In other situations, it returns an error. Get caches its results, and is therefore fast enough to be called on each HTTPS request.
Source Files