Documentation ¶
Overview ¶
Package localca is a simple solution for using https or http2 in your local area network.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultConfig = Config{ CATmpl: x509.Certificate{ Subject: pkix.Name{ Organization: []string{"local ca"}, }, KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, BasicConstraintsValid: true, IsCA: true, MaxPathLenZero: true, }, CertTmpl: x509.Certificate{ Subject: pkix.Name{ Organization: []string{"local cert"}, }, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, }, Valid: 12 * 365 * 24 * time.Hour, }
DefaultConfig is a minimal default configuration. A shallow copy is used as default configuration for the New and Read.
Functions ¶
func FillNames ¶
func FillNames(t *x509.Certificate, names []string)
FillNames adds DNS names and IP addresses to the certificate template t
Types ¶
type CA ¶
type CA struct { PEM string // contains filtered or unexported fields }
CA represents a self-signed certificate authority. It can be used to generate new server certificates.
func (*CA) CertFor ¶
func (ca *CA) CertFor(addr string) (cert *tls.Certificate, err error)
CertFor returns a server certificate for addr. It will auto-generate a new certificate if addr was not already included.
type Config ¶
type Config struct { CATmpl x509.Certificate CertTmpl x509.Certificate Valid time.Duration // default duration for NotAfter }
Config holds templates for generating a certificate authority and server certificates. The fields SerialNumber, SubjectKeyId and AuthorityKeyId are always regenerated. The fields NotBefore and NotAfter are generated if not specified
type Key ¶
type Key struct { PEM string *ecdsa.PrivateKey }
Key represents the same ECDSA both PEM encoded and as structure.
func (Key) SubjectKeyID ¶
SubjectKeyID creates new subject key id used for certificates.
type Listener ¶
type Listener struct { *net.TCPListener *tls.Config // contains filtered or unexported fields }
Listener is a TCP TLS net.Listener that signs certificates for all requested DNS names and IPs. TCP keep-alive is set to 3 min, as is the default listener in net/http.