Documentation
¶
Index ¶
- func GenCertPair(org string, tlsExtraIPs, tlsExtraDomains []string, tlsDisableAutofill bool, ...) ([]byte, []byte, error)
- func GetCertBytesFromPath(certPath, keyPath string) (certBytes, keyBytes []byte, err error)
- func IsOutdated(cert *x509.Certificate, tlsExtraIPs, tlsExtraDomains []string, ...) (bool, error)
- func LoadCert(certPath, keyPath string) (tls.Certificate, *x509.Certificate, error)
- func LoadCertFromBytes(certBytes, keyBytes []byte) (tls.Certificate, *x509.Certificate, error)
- func TLSConfFromCert(certData tls.Certificate) *tls.Config
- func WriteCertPair(certFile, keyFile string, certBytes, keyBytes []byte) error
- type TLSReloader
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenCertPair ¶
func GenCertPair(org string, tlsExtraIPs, tlsExtraDomains []string, tlsDisableAutofill bool, certValidity time.Duration) ( []byte, []byte, error)
GenCertPair generates a key/cert pair and returns the pair in byte form.
The auto-generated certificates should *not* be used in production for public access as they're self-signed and don't necessarily contain all of the desired hostnames for the service. For production/public use, consider a real PKI.
This function is adapted from https://github.com/btcsuite/btcd and https://github.com/btcsuite/btcd/btcutil
func GetCertBytesFromPath ¶ added in v1.2.0
GetCertBytesFromPath reads the TLS certificate and key files at the given certPath and keyPath and returns the file bytes.
func IsOutdated ¶ added in v1.0.1
func IsOutdated(cert *x509.Certificate, tlsExtraIPs, tlsExtraDomains []string, tlsDisableAutofill bool) (bool, error)
IsOutdated returns whether the given certificate is outdated w.r.t. the IPs and domains given. The certificate is considered up to date if it was created with _exactly_ the IPs and domains given.
func LoadCert ¶
func LoadCert(certPath, keyPath string) (tls.Certificate, *x509.Certificate, error)
LoadCert loads a certificate and its corresponding private key from the PEM files indicated and returns the certificate in the two formats it is most commonly used.
func LoadCertFromBytes ¶ added in v1.2.0
func LoadCertFromBytes(certBytes, keyBytes []byte) (tls.Certificate, *x509.Certificate, error)
LoadCertFromBytes loads a certificate and its corresponding private key from the PEM bytes indicated and returns the certificate in the two formats it is most commonly used.
func TLSConfFromCert ¶
func TLSConfFromCert(certData tls.Certificate) *tls.Config
TLSConfFromCert returns the default TLS configuration used for a server, using the given certificate as identity.
func WriteCertPair ¶ added in v1.2.0
WriteCertPair writes certificate and key data to disk if a path is provided.
Types ¶
type TLSReloader ¶ added in v1.2.0
type TLSReloader struct {
// contains filtered or unexported fields
}
TLSReloader updates the TLS certificate without restarting the server.
func NewTLSReloader ¶ added in v1.2.0
func NewTLSReloader(certBytes, keyBytes []byte) (*TLSReloader, error)
NewTLSReloader is used to create a new TLS Reloader that will be used to update the TLS certificate without restarting the server.
func (*TLSReloader) AttemptReload ¶ added in v1.2.0
func (t *TLSReloader) AttemptReload(certBytes, keyBytes []byte) error
AttemptReload will make an attempt to update the TLS certificate and key used by the server.
func (*TLSReloader) GetCertificateFunc ¶ added in v1.2.0
func (t *TLSReloader) GetCertificateFunc() func(*tls.ClientHelloInfo) ( *tls.Certificate, error)
GetCertificateFunc is used in the server's TLS configuration to determine the correct TLS certificate to server on a request.
Source Files