Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // CRLFilename is the fully qualified path to the currently in use crl file. CRLFilename = filepath.Join(mtlsLatestSymlink, crlBasename) // CABundleFilename is the fully qualified path to the currently in use CA bundle. CABundleFilename = filepath.Join(mtlsLatestSymlink, caBundleBasename) )
Functions ¶
func CABundleHasCRLs ¶
CABundleHasCRLs returns true if any of the certificates in caBundleFilename specify a CRL distribution point. Returns an error if the CA Bundle could not be parsed.
func InitMTLSDirectory ¶
InitMTLSDirectory creates an initial directory for HAProxy to use to complete startup and serve non-mTLS traffic while CRLs are being downloaded in the background. Returns an error if any of the filesystem operations fail.
func ManageCRLs ¶
func ManageCRLs(caBundleFilename string, caUpdateChannel <-chan struct{}, updateCallback func(bool))
ManageCRLs spins off a goroutine that ensures that any CRLs specified in caBundleFilename are downloaded and kept up-to-date. It will automatically refresh expired CRLs and download missing CRLs when it receives a message on caUpdateChannel (indicating the CA bundle has been updated), or when any existing CRL expires. Whenever either the CA bundle or the CRL file has changed, updateCallback is called, with a boolean indicating whether crl-file needs to be specified in the HAProxy config.
Types ¶
This section is empty.