Documentation ¶
Index ¶
- func GenCertPair(org, certFile, keyFile string, tlsExtraIPs, tlsExtraDomains []string, ...) error
- func IsOutdated(cert *x509.Certificate, tlsExtraIPs, tlsExtraDomains []string, ...) (bool, error)
- func LoadCert(certPath, keyPath string) (tls.Certificate, *x509.Certificate, error)
- func TLSConfFromCert(certData tls.Certificate) *tls.Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenCertPair ¶
func GenCertPair(org, certFile, keyFile string, tlsExtraIPs, tlsExtraDomains []string, tlsDisableAutofill bool, certValidity time.Duration) error
GenCertPair generates a key/cert pair to the paths provided. The auto-generated certificates should *not* be used in production for public access as they're self-signed and don't necessarily contain all of the desired hostnames for the service. For production/public use, consider a real PKI.
This function is adapted from https://github.com/brsuite/brond and https://github.com/brsuite/brond/bronutil
func IsOutdated ¶
func IsOutdated(cert *x509.Certificate, tlsExtraIPs, tlsExtraDomains []string, tlsDisableAutofill bool) (bool, error)
IsOutdated returns whether the given certificate is outdated w.r.t. the IPs and domains given. The certificate is considered up to date if it was created with _exactly_ the IPs and domains given.
func LoadCert ¶
func LoadCert(certPath, keyPath string) (tls.Certificate, *x509.Certificate, error)
LoadCert loads a certificate and its corresponding private key from the PEM files indicated and returns the certificate in the two formats it is most commonly used.
func TLSConfFromCert ¶
func TLSConfFromCert(certData tls.Certificate) *tls.Config
TLSConfFromCert returns the default TLS configuration used for a server, using the given certificate as identity.
Types ¶
This section is empty.