sstls

package
v0.0.1-beta.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 22, 2024 License: BSD-3-Clause Imports: 18 Imported by: 3

README

Self-Signed TLS

TLS listener with a self-signed certificate.

Documentation

Overview

Package sstls - TLS listener with a self-signed certificate

Index

Constants

This section is empty.

Variables

View Source
var (
	// DefaultSelfSignedCertLifespan is the amount of time self-signed
	// certificates.
	DefaultSelfSignedCertLifespan = time.Until(time.Now().AddDate(10, 0, 0))
	// SelfSignedSubject is the subject name we use for self-signed
	// certificates.
	SelfSignedSubject = "sstls"
	// CertFileDir is the base name of the cert cache file.
	CertCacheDir = "sstls"
	// CertCacheFile is the file we stick in CertCacheDir.
	CertCacheFile = "cert.txtar"
)

Functions

func DefaultCertFile

func DefaultCertFile() string

DefaultCertFile returns a path for the default cert file. It tries the system-specific user-specific cache, and failing that $HOME/ and then current directory.

func GenerateSelfSignedCertificate

func GenerateSelfSignedCertificate(subject string, dnsNames []string, ipAddresses []net.IP, lifespan time.Duration) (certPEM, keyPEM []byte, cert tls.Certificate, err error)

GenerateSelfSignedCertificate generates a bare-bones self-signed certificate with the given subject, DNS and IP Address SANs, and lifespan. The certificate's Leaf will be set. The certificate is also returned in PEM form.

func GetCertificate

func GetCertificate(
	subject string,
	dnsNames []string,
	ipAddresses []net.IP,
	lifespan time.Duration,
	certFile string,
) (tls.Certificate, error)

GetCertificate gets a cert from the given file or generates if it doesn't exist. If certFile is the empty string, a certificate will be generated and not stored. The other arguments are the same as for GenerateSelfSignedCertificate.

func LoadCachedCertificate

func LoadCachedCertificate(certFile string) (tls.Certificate, error)

LoadCachedCertificate loads the certificate from the named file, which should have been created with SaveCertificate.

func PubkeyFingerprint

func PubkeyFingerprint(cert *x509.Certificate) (string, error)

PubkeyFingerprint returns the SHA256 hash of the public key fingerprint for the cert. This is used for curl's --pinnedpubkey.

func PubkeyFingerprintTLS

func PubkeyFingerprintTLS(cert tls.Certificate) (string, error)

PubkeyFingerprintTLS is like PubkeyFingerprint, but uses the public key of the leaf x509 certificate in cert. If the certificate's Leaf isn't set, an error is returned.

func SaveCertificate

func SaveCertificate(certFile string, certPEM, keyPEM []byte) error

SaveCertificate saves PEM to the given file. Directories will be created as needed with 0755 permissions.

Types

type Listener

type Listener struct {
	// Wrapped net.Listener, which returns TLS'd conns.
	net.Listener

	// Base64-encoded SHA256 hash of the generated self-signed
	// certificate's public key, suitable for passing to curl's
	// --pinnedpubkey.
	Fingerprint string
}

Listener listens for TLS connections and handshakes with a self-signed certificate.

func Listen

func Listen(
	net string,
	address string,
	subject string,
	lifespan time.Duration,
	certFile string,
) (Listener, error)

Listen listens on the given network and address using the given cert. If it does not exist it is created with the given subject and lifespan. It will have no SANs. The certFile is used to read a previously-generated certificate; it may be the empty string to always generate a new certificate.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL