tlsopts

package
v0.25.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2019 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultPeerCAWhitelist includes the production Storj network CAs
	DefaultPeerCAWhitelist = `` /* 529-byte string literal not displayed */

)

Variables

View Source
var (

	// Error is error for tlsopts
	Error = errs.Class("tlsopts error")
)

Functions

This section is empty.

Types

type Config

type Config struct {
	RevocationDBURL     string `` /* 144-byte string literal not displayed */
	PeerCAWhitelistPath string `` /* 144-byte string literal not displayed */
	UsePeerCAWhitelist  bool   `devDefault:"false" releaseDefault:"true" help:"if true, uses peer ca whitelist checking"`
	PeerIDVersions      string `default:"latest" help:"identity version(s) the server will be allowed to talk to"`
	Extensions          extensions.Config
}

Config holds tls configuration parameters

type ExtensionMap

type ExtensionMap map[string]pkix.Extension

ExtensionMap maps `pkix.Extension`s to their respective asn1 object ID string.

func NewExtensionsMap

func NewExtensionsMap(chain ...*x509.Certificate) ExtensionMap

NewExtensionsMap builds an `ExtensionsMap` from the extensions in the passed certificate(s).

func (ExtensionMap) HandleExtensions

func (extensionMap ExtensionMap) HandleExtensions(handlerFuncMap extensions.HandlerFuncMap, chain [][]*x509.Certificate) error

HandleExtensions calls each `extensions.HandlerFunc` with its respective extension and the certificate chain where its object ID string matches the extension's.

type Options

type Options struct {
	Config            Config
	Ident             *identity.FullIdentity
	RevDB             extensions.RevocationDB
	PeerCAWhitelist   []*x509.Certificate
	VerificationFuncs *VerificationFuncs
	Cert              *tls.Certificate
}

Options holds config, identity, and peer verification function data for use with tls.

func NewOptions

func NewOptions(i *identity.FullIdentity, c Config, revocationDB extensions.RevocationDB) (*Options, error)

NewOptions is a constructor for `tls options` given an identity, config, and revocation DB. A caller may pass a nil revocation DB if the revocation extension is disabled.

func (*Options) ClientTLSConfig

func (opts *Options) ClientTLSConfig(id storj.NodeID) *tls.Config

ClientTLSConfig returns a TSLConfig for use as a client in handshaking with a peer.

func (*Options) ClientTLSConfigPrefix added in v0.23.4

func (opts *Options) ClientTLSConfigPrefix(idPrefix string) *tls.Config

ClientTLSConfigPrefix returns a TSLConfig for use as a client in handshaking with a peer. The peer node id is validated to match the given prefix

func (*Options) DialOption

func (opts *Options) DialOption(id storj.NodeID) (grpc.DialOption, error)

DialOption returns a grpc `DialOption` for making outgoing connections to the node with this peer identity.

func (*Options) DialUnverifiedIDOption

func (opts *Options) DialUnverifiedIDOption() grpc.DialOption

DialUnverifiedIDOption returns a grpc `DialUnverifiedIDOption`

func (*Options) ExtensionOptions

func (opts *Options) ExtensionOptions() *extensions.Options

ExtensionOptions converts options for use in extension handling.

func (*Options) ServerOption

func (opts *Options) ServerOption() grpc.ServerOption

ServerOption returns a grpc `ServerOption` for incoming connections to the node with this full identity.

func (*Options) ServerTLSConfig

func (opts *Options) ServerTLSConfig() *tls.Config

ServerTLSConfig returns a TSLConfig for use as a server in handshaking with a peer.

func (*Options) UnverifiedClientTLSConfig added in v0.22.0

func (opts *Options) UnverifiedClientTLSConfig() *tls.Config

UnverifiedClientTLSConfig returns a TLSConfig for use as a client in handshaking with an unknown peer.

type VerificationFuncs

type VerificationFuncs struct {
	// contains filtered or unexported fields
}

VerificationFuncs keeps track of of client and server peer certificate verification functions for use in tls handshakes.

func (*VerificationFuncs) Add

func (vf *VerificationFuncs) Add(verificationFuncs ...peertls.PeerCertVerificationFunc)

Add adds verification functions so the client and server lists.

func (*VerificationFuncs) Client

Client returns the client verification functions.

func (*VerificationFuncs) ClientAdd

func (vf *VerificationFuncs) ClientAdd(verificationFuncs ...peertls.PeerCertVerificationFunc)

ClientAdd adds verification functions so the client list.

func (*VerificationFuncs) Server

Server returns the server verification functions.

func (*VerificationFuncs) ServerAdd

func (vf *VerificationFuncs) ServerAdd(verificationFuncs ...peertls.PeerCertVerificationFunc)

ServerAdd adds verification functions so the server list.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL