Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MakeClient ¶
func MakeClient(c *RedisConfig, clk clock.Clock, stats prometheus.Registerer) (*rocsp.RWClient, error)
MakeClient produces a read-write ROCSP client from a config.
func MakeReadClient ¶
func MakeReadClient(c *RedisConfig, clk clock.Clock, stats prometheus.Registerer) (*rocsp.ROClient, error)
MakeReadClient produces a read-only ROCSP client from a config.
Types ¶
type RedisConfig ¶
type RedisConfig struct {
// PasswordFile is a file containing the password for the Redis user.
cmd.PasswordConfig
// TLS contains the configuration to speak TLS with Redis.
TLS cmd.TLSConfig
// Username is a Redis username.
Username string `validate:"required"`
// ShardAddrs is a map of shard names to IP address:port pairs. The go-redis
// `Ring` client will shard reads and writes across the provided Redis
// Servers based on a consistent hashing algorithm.
ShardAddrs map[string]string `validate:"min=1,dive,hostname_port"`
// Timeout is a per-request timeout applied to all Redis requests.
Timeout config.Duration `validate:"-"`
// Enables read-only commands on replicas.
ReadOnly bool
// Allows routing read-only commands to the closest primary or replica.
// It automatically enables ReadOnly.
RouteByLatency bool
// Allows routing read-only commands to a random primary or replica.
// It automatically enables ReadOnly.
RouteRandomly bool
// PoolFIFO uses FIFO mode for each node connection pool GET/PUT (default LIFO).
PoolFIFO bool
// Maximum number of retries before giving up.
// Default is to not retry failed commands.
MaxRetries int `validate:"min=0"`
// Minimum backoff between each retry.
// Default is 8 milliseconds; -1 disables backoff.
MinRetryBackoff config.Duration `validate:"-"`
// Maximum backoff between each retry.
// Default is 512 milliseconds; -1 disables backoff.
MaxRetryBackoff config.Duration `validate:"-"`
// Dial timeout for establishing new connections.
// Default is 5 seconds.
DialTimeout config.Duration `validate:"-"`
// Timeout for socket reads. If reached, commands will fail
// with a timeout instead of blocking. Use value -1 for no timeout and 0 for default.
// Default is 3 seconds.
ReadTimeout config.Duration `validate:"-"`
// Timeout for socket writes. If reached, commands will fail
// with a timeout instead of blocking.
// Default is ReadTimeout.
WriteTimeout config.Duration `validate:"-"`
// Maximum number of socket connections.
// Default is 5 connections per every CPU as reported by runtime.NumCPU.
// If this is set to an explicit value, that's not multiplied by NumCPU.
// PoolSize applies per cluster node and not for the whole cluster.
// https://pkg.go.dev/github.com/go-redis/redis#ClusterOptions
PoolSize int `validate:"min=0"`
// Minimum number of idle connections which is useful when establishing
// new connection is slow.
MinIdleConns int `validate:"min=0"`
// Connection age at which client retires (closes) the connection.
// Default is to not close aged connections.
MaxConnAge config.Duration `validate:"-"`
// Amount of time client waits for connection if all connections
// are busy before returning an error.
// Default is ReadTimeout + 1 second.
PoolTimeout config.Duration `validate:"-"`
// Amount of time after which client closes idle connections.
// Should be less than server's timeout.
// Default is 5 minutes. -1 disables idle timeout check.
IdleTimeout config.Duration `validate:"-"`
// Frequency of idle checks made by idle connections reaper.
// Default is 1 minute. -1 disables idle connections reaper,
// but idle connections are still discarded by the client
// if IdleTimeout is set.
// Deprecated: This field has been deprecated and will be removed.
IdleCheckFrequency config.Duration `validate:"-"`
}
RedisConfig contains the configuration needed to act as a Redis client.
TODO(#7081): Deprecate this in favor of bredis.Config once we can support SRV lookups in rocsp.
type ShortIDIssuer ¶
type ShortIDIssuer struct {
*issuance.Certificate
// contains filtered or unexported fields
}
A ShortIDIssuer combines an issuance.Certificate with some fields necessary to process OCSP responses: the subject name and the shortID.
func FindIssuerByID ¶
func FindIssuerByID(longID int64, issuers []ShortIDIssuer) (*ShortIDIssuer, error)
FindIssuerByID returns the issuer that matches the given IssuerNameID.
func FindIssuerByName ¶
func FindIssuerByName(resp *ocsp.Response, issuers []ShortIDIssuer) (*ShortIDIssuer, error)
FindIssuerByName returns the issuer with a Subject matching the *ocsp.Response.
func LoadIssuers ¶
func LoadIssuers(input map[string]int) ([]ShortIDIssuer, error)
LoadIssuers takes a map where the keys are filenames and the values are the corresponding short issuer ID. It loads issuer certificates from the given files and produces a []ShortIDIssuer.
func (*ShortIDIssuer) ShortID ¶
func (si *ShortIDIssuer) ShortID() byte
ShortID returns the short ID of an issuer. The short ID is a single byte that is unique for that issuer.
Source Files
Click to show internal directories.
Click to hide internal directories.