tlsopts

package

v0.26.3 Latest Latest Go to latest Published: Nov 25, 2019 License: AGPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/storj/storj

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Config
type ExtensionMap
- func NewExtensionsMap(chain ...*x509.Certificate) ExtensionMap
- func (extensionMap ExtensionMap) HandleExtensions(handlerFuncMap extensions.HandlerFuncMap, chain [][]*x509.Certificate) error
type Options
- func NewOptions(i *identity.FullIdentity, c Config, revocationDB extensions.RevocationDB) (*Options, error)
type VerificationFuncs

Constants ¶

View Source

const (
	// DefaultPeerCAWhitelist includes the production Storj network CAs
	DefaultPeerCAWhitelist = `` /* 529-byte string literal not displayed */

)

Variables ¶

View Source

var (

	// Error is error for tlsopts
	Error = errs.Class("tlsopts error")
)

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	RevocationDBURL     string `` /* 144-byte string literal not displayed */
	PeerCAWhitelistPath string `` /* 144-byte string literal not displayed */
	UsePeerCAWhitelist  bool   `devDefault:"false" releaseDefault:"true" help:"if true, uses peer ca whitelist checking"`
	PeerIDVersions      string `default:"latest" help:"identity version(s) the server will be allowed to talk to"`
	Extensions          extensions.Config
}

Config holds tls configuration parameters

type ExtensionMap ¶

type ExtensionMap map[string]pkix.Extension

ExtensionMap maps `pkix.Extension`s to their respective asn1 object ID string.

func NewExtensionsMap ¶

func NewExtensionsMap(chain ...*x509.Certificate) ExtensionMap

NewExtensionsMap builds an `ExtensionsMap` from the extensions in the passed certificate(s).

func (ExtensionMap) HandleExtensions ¶

func (extensionMap ExtensionMap) HandleExtensions(handlerFuncMap extensions.HandlerFuncMap, chain [][]*x509.Certificate) error

HandleExtensions calls each `extensions.HandlerFunc` with its respective extension and the certificate chain where its object ID string matches the extension's.

type Options ¶

type Options struct {
	Config            Config
	Ident             *identity.FullIdentity
	RevDB             extensions.RevocationDB
	PeerCAWhitelist   []*x509.Certificate
	VerificationFuncs *VerificationFuncs
	Cert              *tls.Certificate
}

Options holds config, identity, and peer verification function data for use with tls.

func NewOptions ¶

func NewOptions(i *identity.FullIdentity, c Config, revocationDB extensions.RevocationDB) (*Options, error)

NewOptions is a constructor for `tls options` given an identity, config, and revocation DB. A caller may pass a nil revocation DB if the revocation extension is disabled.

func (*Options) ClientTLSConfig ¶

func (opts *Options) ClientTLSConfig(id storj.NodeID) *tls.Config

ClientTLSConfig returns a TSLConfig for use as a client in handshaking with a peer.

func (*Options) ClientTLSConfigPrefix ¶ added in v0.23.4

func (opts *Options) ClientTLSConfigPrefix(idPrefix string) *tls.Config

ClientTLSConfigPrefix returns a TSLConfig for use as a client in handshaking with a peer. The peer node id is validated to match the given prefix

func (*Options) DialOption ¶

func (opts *Options) DialOption(id storj.NodeID) (grpc.DialOption, error)

DialOption returns a grpc `DialOption` for making outgoing connections to the node with this peer identity.

func (*Options) DialUnverifiedIDOption ¶

func (opts *Options) DialUnverifiedIDOption() grpc.DialOption

DialUnverifiedIDOption returns a grpc `DialUnverifiedIDOption`

func (*Options) ExtensionOptions ¶

func (opts *Options) ExtensionOptions() *extensions.Options

ExtensionOptions converts options for use in extension handling.

func (*Options) ServerOption ¶

func (opts *Options) ServerOption() grpc.ServerOption

ServerOption returns a grpc `ServerOption` for incoming connections to the node with this full identity.

func (*Options) ServerTLSConfig ¶

func (opts *Options) ServerTLSConfig() *tls.Config

ServerTLSConfig returns a TSLConfig for use as a server in handshaking with a peer.

func (*Options) UnverifiedClientTLSConfig ¶ added in v0.22.0

func (opts *Options) UnverifiedClientTLSConfig() *tls.Config

UnverifiedClientTLSConfig returns a TLSConfig for use as a client in handshaking with an unknown peer.

type VerificationFuncs ¶

type VerificationFuncs struct {
	// contains filtered or unexported fields
}

VerificationFuncs keeps track of of client and server peer certificate verification functions for use in tls handshakes.

func (*VerificationFuncs) Add ¶

func (vf *VerificationFuncs) Add(verificationFuncs ...peertls.PeerCertVerificationFunc)

Add adds verification functions so the client and server lists.

func (*VerificationFuncs) Client ¶

func (vf *VerificationFuncs) Client() []peertls.PeerCertVerificationFunc

Client returns the client verification functions.

func (*VerificationFuncs) ClientAdd ¶

func (vf *VerificationFuncs) ClientAdd(verificationFuncs ...peertls.PeerCertVerificationFunc)

ClientAdd adds verification functions so the client list.

func (*VerificationFuncs) Server ¶

func (vf *VerificationFuncs) Server() []peertls.PeerCertVerificationFunc

Server returns the server verification functions.

func (*VerificationFuncs) ServerAdd ¶

func (vf *VerificationFuncs) ServerAdd(verificationFuncs ...peertls.PeerCertVerificationFunc)

ServerAdd adds verification functions so the server list.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL