tlsx

package module

v0.2.0 Latest Latest Go to latest Published: Oct 27, 2023 License: Apache-2.0 Imports: 12 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/xgfone/go-tlsx

Links

Open Source Insights

README ¶

Go TLS Certificate Manager

Provide some certificate assistant functions, such as certificate manager, requiring Go 1.21+.

Documentation ¶

Overview ¶

Package tlsx provides some convenient TLS functions.

Index ¶

Variables
func CertIsValid(cert *tls.Certificate, now time.Time) bool
func WatchCert(ctx context.Context, reload <-chan struct{}, interval time.Duration, ...)
func WatchCertFile(ctx context.Context, reload <-chan struct{}, interval time.Duration, ...)
type CertManager
- func NewCertManager() *CertManager
type Getter

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultCertManager = NewCertManager()

DefaultCertManager is the default certificate manager.

View Source

var DefaultTLSConfig = new(tls.Config)

DefaultTLSConfig is the default tls config.

Functions ¶

func CertIsValid ¶

func CertIsValid(cert *tls.Certificate, now time.Time) bool

CertIsValid reports whether the certificate is valid.

if now is ZERO, use time.Now() instead.

func WatchCert ¶ added in v0.2.0

func WatchCert(ctx context.Context, reload <-chan struct{}, interval time.Duration,
	name string, getcert, getkey Getter, cb func(name string, cert *tls.Certificate))

WatchCert watches the change of the certificate, reloads and parses them as TLS X509 certificate, then calls the callback function with it.

func WatchCertFile ¶ added in v0.2.0

func WatchCertFile(ctx context.Context, reload <-chan struct{}, interval time.Duration,
	certfile, keyfile string, cb func(*tls.Certificate))

WatchCertFile watches the change of the certificate files, reloads and parses them as TLS X509 certificate, then calls the callback function with it.

Types ¶

type CertManager ¶

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager is used to manage a set of tls certificates, which is thread-safe.

func NewCertManager ¶

func NewCertManager() *CertManager

NewCertManager returns a new certificate manager.

func (*CertManager) Add ¶

func (m *CertManager) Add(name string, cert *tls.Certificate)

Add adds the tls certificate with the name.

If exists, override it.

func (*CertManager) Adds ¶

func (m *CertManager) Adds(certm map[string]*tls.Certificate)

Adds adds a set of certificates with the names.

If exists, override it.

func (*CertManager) ClietConfig ¶

func (m *CertManager) ClietConfig(c *tls.Config) *tls.Config

ClietConfig sets the client certificate get function of c and return itself.

If c is nil, clone DefaultTLSConfig and use it instead.

func (*CertManager) Del ¶

func (m *CertManager) Del(name string)

Del deletes the tls certificate by the name.

If not exist, do nothing.

func (*CertManager) Dels ¶

func (m *CertManager) Dels(names ...string)

Dels deletes a set of tls certificates by the names.

If not exist, ignore it.

func (*CertManager) Get ¶

func (m *CertManager) Get(name string) *tls.Certificate

Get returns the tls certificate by the name.

If not exist, return nil.

func (*CertManager) GetCertificate ¶

func (m *CertManager) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate ranges all the certificates and one by one tries to match the tls handshake information from the client until found, which is used to be assigned to tls.Config.GetCertificate.

func (*CertManager) GetClientCertificate ¶

func (m *CertManager) GetClientCertificate(cri *tls.CertificateRequestInfo) (*tls.Certificate, error)

GetClientCertificate ranges all the certificates and one by one tries to match the tls certificate request information from the server until found, which is used to be assigned to tls.Config.GetClientCertificate.

func (*CertManager) Gets ¶

func (m *CertManager) Gets() []*tls.Certificate

Gets returns the list of all the tls certificates.

func (*CertManager) Len ¶

func (m *CertManager) Len() int

Len returns the number of all the tls certificates.

func (*CertManager) Range ¶

func (m *CertManager) Range(f func(name string, cert *tls.Certificate))

Range ranges all the tls certificates.

If not need name, Gets should be used preferentially, because Gets is lockless and Range is locked.

func (*CertManager) ServerConfig ¶

func (m *CertManager) ServerConfig(c *tls.Config) *tls.Config

ServerConfig sets the server certificate get function of c and return itself.

If c is nil, clone DefaultTLSConfig and use it instead.

type Getter ¶ added in v0.2.0

type Getter func() (data []byte, changed bool, err error)

Getter is used to get the changed data. Return (nil, false, nil) if not changed.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL