mtls

package
v0.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 3, 2020 License: Apache-2.0 Imports: 24 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrorNoCertConfigure = errors.New("no certificate config")

ErrorNoCertConfigure represents config has no certificate

Functions

func ClearSecretManager

func ClearSecretManager()

func GetSdsClient

func GetSdsClient(cfg *auth.SdsSecretConfig) types.SdsClient

func GetTLSConn

func GetTLSConn(c net.Conn, b []byte) (net.Conn, error)

GetTLSConn return TLSConn

func NewProvider

func NewProvider(cfg *v2.TLSConfig) (types.TLSProvider, error)

NewProvider returns a types.Provider. we support sds provider and static provider.

func NewTLSClientContextManager

func NewTLSClientContextManager(cfg *v2.TLSConfig) (types.TLSClientContextManager, error)

NewTLSClientContextManager returns a types.TLSContextManager used in TLS Client

func NewTLSServerContextManager

func NewTLSServerContextManager(cfg *v2.Listener) (types.TLSContextManager, error)

NewTLSServerContextManager returns a types.TLSContextManager used in TLS Server A Server Manager can contains multiple certificates in provider

func Register

func Register(name string, factory ConfigHooksFactory) error

Register registers an extension.

func RegisterSdsCallback

func RegisterSdsCallback(f func(*v2.TLSConfig))

Types

type ConfigHooks

type ConfigHooks interface {
	// GetClientAuth sets the tls.Config's ClientAuth fields
	GetClientAuth(cfg *v2.TLSConfig) tls.ClientAuthType
	// GetCertificate returns the tls.Certificate by index.
	// By default the index is the cert/key file path or cert/key pem string
	GetCertificate(certIndex, keyIndex string) (tls.Certificate, error)
	// GetX509Pool returns the x509.CertPool, which is a set of certificates.
	// By default the index is the ca certificate file path or certificate pem string
	GetX509Pool(caIndex string) (*x509.CertPool, error)
	// ServerHandshakeVerify returns a function that used to set "VerifyPeerCertificate" defined in tls.Config.
	// If it is returns nil, the normal certificate verification will be used.
	// Notice that we set tls.Config.InsecureSkipVerify to make sure the "VerifyPeerCertificate" is called,
	// so the ServerHandshakeVerify should verify the trusted ca if necessary.
	// If the TLSConfig.RequireClientCert is false, the ServerHandshakeVerify will be ignored
	ServerHandshakeVerify(cfg *tls.Config) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
	// ClientHandshakeVerify returns a function that used to set "VerifyPeerCertificate" defined in tls.Config.
	// If it is returns nil, the normal certificate verification will be used.
	// Notice that we set tls.Config.InsecureSkipVerify to make sure the "VerifyPeerCertificate" is called,
	// so the ClientHandshakeVerify should verify the trusted ca if necessary.
	// If TLSConfig.InsecureSkip is true, the ClientHandshakeVerify will be ignored.
	ClientHandshakeVerify(cfg *tls.Config) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
	// GenerateHashValue creates a hash value based on the tls.Config
	GenerateHashValue(cfg *tls.Config) *types.HashValue
}

ConfigHooks is a set of functions used to make a tls config

func DefaultConfigHooks

func DefaultConfigHooks() ConfigHooks

DefaultConfigHooks returns the default config hooks implement

type ConfigHooksFactory

type ConfigHooksFactory interface {
	CreateConfigHooks(config map[string]interface{}) ConfigHooks
}

ConfigHooksFactory creates ConfigHooks by config

type Conn

type Conn struct {
	net.Conn
	// contains filtered or unexported fields
}

Conn is a generic stream-oriented network connection. It implements the net.Conn interface.

func (*Conn) Peek

func (c *Conn) Peek() ([]byte, error)

Peek returns 1 byte from connection, without draining any buffered data.

func (*Conn) Read

func (c *Conn) Read(b []byte) (int, error)

Read reads data from the connection.

type TLSConn

type TLSConn struct {
	*tls.Conn
}

TLSConn represents a secured connection. It implements the net.Conn interface.

func (*TLSConn) ConnectionState

func (c *TLSConn) ConnectionState() gotls.ConnectionState

ConnectionState records basic TLS details about the connection.

func (*TLSConn) GetRawConn

func (c *TLSConn) GetRawConn() net.Conn

GetRawConn returns network connection.

func (*TLSConn) GetTLSInfo

func (c *TLSConn) GetTLSInfo(buf types.IoBuffer) int

GetTLSInfo returns TLSInfo

func (*TLSConn) Read added in v0.11.0

func (c *TLSConn) Read(b []byte) (int, error)

func (*TLSConn) SetALPN

func (c *TLSConn) SetALPN(alpn string)

SetALPN sets ALPN

func (*TLSConn) WriteTo

func (c *TLSConn) WriteTo(v *net.Buffers) (int64, error)

WriteTo writes data

type TLSStats added in v0.14.0

type TLSStats struct {
	TLSConnpoolChanged gometrics.Counter
}

func NewStats added in v0.14.0

func NewStats(name string) *TLSStats

Directories

Path Synopsis
Package certtool used for generate certificate for test/examples By default, use CreateTemplate, GeneratePrivateKey, and SignCertificate, the certificates created in same process have same root ca
Package certtool used for generate certificate for test/examples By default, use CreateTemplate, GeneratePrivateKey, and SignCertificate, the certificates created in same process have same root ca
crypto
tls
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL