Documentation ¶
Overview ¶
Package tlsx provides some convenient TLS functions.
Index ¶
- Variables
- func CertIsValid(cert *tls.Certificate, now time.Time) bool
- func WatchCert(ctx context.Context, reload <-chan struct{}, interval time.Duration, ...)
- func WatchCertFile(ctx context.Context, reload <-chan struct{}, interval time.Duration, ...)
- type CertManager
- func (m *CertManager) Add(name string, cert *tls.Certificate)
- func (m *CertManager) Adds(certm map[string]*tls.Certificate)
- func (m *CertManager) ClietConfig(c *tls.Config) *tls.Config
- func (m *CertManager) Del(name string)
- func (m *CertManager) Dels(names ...string)
- func (m *CertManager) Get(name string) *tls.Certificate
- func (m *CertManager) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (m *CertManager) GetClientCertificate(cri *tls.CertificateRequestInfo) (*tls.Certificate, error)
- func (m *CertManager) Gets() []*tls.Certificate
- func (m *CertManager) Len() int
- func (m *CertManager) Range(f func(name string, cert *tls.Certificate))
- func (m *CertManager) ServerConfig(c *tls.Config) *tls.Config
- type Getter
Constants ¶
This section is empty.
Variables ¶
var DefaultCertManager = NewCertManager()
DefaultCertManager is the default certificate manager.
var DefaultTLSConfig = new(tls.Config)
DefaultTLSConfig is the default tls config.
Functions ¶
func CertIsValid ¶
func CertIsValid(cert *tls.Certificate, now time.Time) bool
CertIsValid reports whether the certificate is valid.
if now is ZERO, use time.Now() instead.
func WatchCert ¶ added in v0.2.0
func WatchCert(ctx context.Context, reload <-chan struct{}, interval time.Duration, name string, getcert, getkey Getter, cb func(name string, cert *tls.Certificate))
WatchCert watches the change of the certificate, reloads and parses them as TLS X509 certificate, then calls the callback function with it.
func WatchCertFile ¶ added in v0.2.0
func WatchCertFile(ctx context.Context, reload <-chan struct{}, interval time.Duration, certfile, keyfile string, cb func(*tls.Certificate))
WatchCertFile watches the change of the certificate files, reloads and parses them as TLS X509 certificate, then calls the callback function with it.
Types ¶
type CertManager ¶
type CertManager struct {
// contains filtered or unexported fields
}
CertManager is used to manage a set of tls certificates, which is thread-safe.
func NewCertManager ¶
func NewCertManager() *CertManager
NewCertManager returns a new certificate manager.
func (*CertManager) Add ¶
func (m *CertManager) Add(name string, cert *tls.Certificate)
Add adds the tls certificate with the name.
If exists, override it.
func (*CertManager) Adds ¶
func (m *CertManager) Adds(certm map[string]*tls.Certificate)
Adds adds a set of certificates with the names.
If exists, override it.
func (*CertManager) ClietConfig ¶
func (m *CertManager) ClietConfig(c *tls.Config) *tls.Config
ClietConfig sets the client certificate get function of c and return itself.
If c is nil, clone DefaultTLSConfig and use it instead.
func (*CertManager) Del ¶
func (m *CertManager) Del(name string)
Del deletes the tls certificate by the name.
If not exist, do nothing.
func (*CertManager) Dels ¶
func (m *CertManager) Dels(names ...string)
Dels deletes a set of tls certificates by the names.
If not exist, ignore it.
func (*CertManager) Get ¶
func (m *CertManager) Get(name string) *tls.Certificate
Get returns the tls certificate by the name.
If not exist, return nil.
func (*CertManager) GetCertificate ¶
func (m *CertManager) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate ranges all the certificates and one by one tries to match the tls handshake information from the client until found, which is used to be assigned to tls.Config.GetCertificate.
func (*CertManager) GetClientCertificate ¶
func (m *CertManager) GetClientCertificate(cri *tls.CertificateRequestInfo) (*tls.Certificate, error)
GetClientCertificate ranges all the certificates and one by one tries to match the tls certificate request information from the server until found, which is used to be assigned to tls.Config.GetClientCertificate.
func (*CertManager) Gets ¶
func (m *CertManager) Gets() []*tls.Certificate
Gets returns the list of all the tls certificates.
func (*CertManager) Len ¶
func (m *CertManager) Len() int
Len returns the number of all the tls certificates.
func (*CertManager) Range ¶
func (m *CertManager) Range(f func(name string, cert *tls.Certificate))
Range ranges all the tls certificates.
If not need name, Gets should be used preferentially, because Gets is lockless and Range is locked.
func (*CertManager) ServerConfig ¶
func (m *CertManager) ServerConfig(c *tls.Config) *tls.Config
ServerConfig sets the server certificate get function of c and return itself.
If c is nil, clone DefaultTLSConfig and use it instead.