tlsopts

package

v0.0.0-...-e701f2d Latest Latest Go to latest Published: Jul 2, 2024 License: MIT Imports: 13 Imported by: 30

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/storj/common

Links

Open Source Insights

Documentation ¶

Overview ¶

Package tlsopts handles TLS server options.

Index ¶

Constants
Variables
type Config
type ExtensionMap
- func NewExtensionsMap(chain ...*x509.Certificate) ExtensionMap
- func (extensionMap ExtensionMap) HandleExtensions(handlerFuncMap extensions.HandlerFuncMap, chain [][]*x509.Certificate) error
type Options
- func NewOptions(i *identity.FullIdentity, c Config, revocationDB extensions.RevocationDB) (*Options, error)
type VerificationFuncs

Constants ¶

View Source

const (
	// DefaultPeerCAWhitelist includes the production Storj network CAs.
	DefaultPeerCAWhitelist = `` /* 529-byte string literal not displayed */

)

View Source

const StorjApplicationProtocol = "storj"

StorjApplicationProtocol defines storj's application protocol.

Variables ¶

View Source

var (

	// Error is error for tlsopts.
	Error = errs.Class("tlsopts")
)

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	RevocationDBURL     string `` /* 144-byte string literal not displayed */
	PeerCAWhitelistPath string `` /* 144-byte string literal not displayed */
	UsePeerCAWhitelist  bool   `devDefault:"false" releaseDefault:"true" help:"if true, uses peer ca whitelist checking"`
	PeerIDVersions      string `default:"latest" help:"identity version(s) the server will be allowed to talk to"`
	Extensions          extensions.Config
}

Config holds tls configuration parameters.

type ExtensionMap ¶

type ExtensionMap map[string]pkix.Extension

ExtensionMap maps `pkix.Extension`s to their respective asn1 object ID string.

func NewExtensionsMap ¶

func NewExtensionsMap(chain ...*x509.Certificate) ExtensionMap

NewExtensionsMap builds an `ExtensionsMap` from the extensions in the passed certificate(s).

func (ExtensionMap) HandleExtensions ¶

func (extensionMap ExtensionMap) HandleExtensions(handlerFuncMap extensions.HandlerFuncMap, chain [][]*x509.Certificate) error

HandleExtensions calls each `extensions.HandlerFunc` with its respective extension and the certificate chain where its object ID string matches the extension's.

type Options ¶

type Options struct {
	Config            Config
	Ident             *identity.FullIdentity
	RevDB             extensions.RevocationDB
	PeerCAWhitelist   []*x509.Certificate
	VerificationFuncs *VerificationFuncs
	Cert              *tls.Certificate
}

Options holds config, identity, and peer verification function data for use with tls.

func NewOptions ¶

func NewOptions(i *identity.FullIdentity, c Config, revocationDB extensions.RevocationDB) (*Options, error)

NewOptions is a constructor for `tls options` given an identity, config, and revocation DB. A caller may pass a nil revocation DB if the revocation extension is disabled.

func (*Options) ClientTLSConfig ¶

func (opts *Options) ClientTLSConfig(id storj.NodeID) *tls.Config

ClientTLSConfig returns a TSLConfig for use as a client in handshaking with a peer.

func (*Options) ExtensionOptions ¶

func (opts *Options) ExtensionOptions() *extensions.Options

ExtensionOptions converts options for use in extension handling.

func (*Options) ServerTLSConfig ¶

func (opts *Options) ServerTLSConfig() *tls.Config

ServerTLSConfig returns a TSLConfig for use as a server in handshaking with a peer.

func (*Options) UnverifiedClientTLSConfig ¶

func (opts *Options) UnverifiedClientTLSConfig() *tls.Config

UnverifiedClientTLSConfig returns a TLSConfig for use as a client in handshaking with an unknown peer.

type VerificationFuncs ¶

type VerificationFuncs struct {
	// contains filtered or unexported fields
}

VerificationFuncs keeps track of of client and server peer certificate verification functions for use in tls handshakes.

func (*VerificationFuncs) Add ¶

func (vf *VerificationFuncs) Add(verificationFuncs ...peertls.PeerCertVerificationFunc)

Add adds verification functions so the client and server lists.

func (*VerificationFuncs) Client ¶

func (vf *VerificationFuncs) Client() []peertls.PeerCertVerificationFunc

Client returns the client verification functions.

func (*VerificationFuncs) ClientAdd ¶

func (vf *VerificationFuncs) ClientAdd(verificationFuncs ...peertls.PeerCertVerificationFunc)

ClientAdd adds verification functions so the client list.

func (*VerificationFuncs) Server ¶

func (vf *VerificationFuncs) Server() []peertls.PeerCertVerificationFunc

Server returns the server verification functions.

func (*VerificationFuncs) ServerAdd ¶

func (vf *VerificationFuncs) ServerAdd(verificationFuncs ...peertls.PeerCertVerificationFunc)

ServerAdd adds verification functions so the server list.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL