tls

package
v0.2010.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 2, 2020 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package tls implements helpful wrappers for dealing with TLS certificates.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExportPEM

func ExportPEM(cert *tls.Certificate) ([]byte, []byte, error)

ExportPEM saves a TLS certificate and private key into PEM blobs.

func Generate

func Generate(commonName string) (*tls.Certificate, error)

Generate generates a new TLS certificate.

func ImportCertificatePEM

func ImportCertificatePEM(certPEM []byte) (*tls.Certificate, error)

ImportCertificatePEM loads a TLS certificate from an in-memory PEM blob.

func ImportPEM

func ImportPEM(certPEM, keyPEM []byte) (*tls.Certificate, error)

ImportPEM loads a TLS certificate and private key from in-memory PEM blobs.

func Load

func Load(certPath, keyPath string) (*tls.Certificate, error)

Load loads a TLS certificate and private key.

func LoadCertificate

func LoadCertificate(certPath string) (*tls.Certificate, error)

LoadCertificate loads a TLS certificate.

func LoadOrGenerate

func LoadOrGenerate(certPath, keyPath, commonName string) (*tls.Certificate, error)

LoadOrGenerate loads a TLS certificate and private key, or generates one iff they do not exist.

func Save

func Save(certPath, keyPath string, cert *tls.Certificate) error

Save saves a TLS certificate and private key.

func VerifyCertificate

func VerifyCertificate(rawCerts [][]byte, opts VerifyOptions) error

VerifyCertificate verifies a TLS certificate as required by Oasis Core. Instead of using CAs, public key pinning is used and certificates must follow the template.

Types

type VerifyOptions

type VerifyOptions struct {
	// CommonName is the expected certificate common name.
	CommonName string

	// Keys is the set of public keys that are allowed to sign the certificate.
	Keys map[signature.PublicKey]bool

	// AllowUnknownKeys specifies whether any key will be allowed iff Keys is nil.
	AllowUnknownKeys bool

	// AllowNoCertificate specifies whether connections presenting no certificates will be allowed.
	AllowNoCertificate bool
}

VerifyOptions are the certificate verification options.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL