pinned

package
v0.0.0-...-b359386 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 15, 2020 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package pinned provides a dial function that checks TLS server certificates against local pins.

Index

Constants

This section is empty.

Variables

View Source 
var ErrPinFailure = errors.New("pinned: the peer leaf certificate did not match the provided pin")

ErrPinFailure is returned by Config.Dial if the TLS handshake succeeded but the peer certificate did not match the pin.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// Hash specifies the hash function to use to check the Pin, it defaults to
	// sha256.New.
	Hash func() hash.Hash

	// Pin defines the expected digest of the peer's leaf certificate.
	Pin []byte

	// Config is used as the base TLS configuration, if set.
	Config *tls.Config
}

A Config structure provides pinning and TLS connection information used to dial a server. A Config may be reused, the pinned package will not modify it.

func (*Config) Dial 

func (c *Config) Dial(network, addr string) (net.Conn, error)

Dial establishes a TLS connection to addr and checks the peer leaf certificate against the configured pin. The underlying type of the returned net.Conn is a Conn.

type Conn 

type Conn struct {
	// Conn is the actual TLS connection.
	*tls.Conn

	// Wire is the network connection underlying the TLS connection.
	Wire net.Conn
}

A Conn represents a secured connection. It implements the net.Conn interface.

func (Conn) CloseWrite 

func (c Conn) CloseWrite() error

CloseWrite shuts down the writing side of the connection.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.