README
¶
localca
Package localca is a simple solution for using https or http2 in your local area network with go.
You need certificates. At least if you want to play with http2 or don't own or trust your wifi-router with your local web traffic.
But using certificates for devices in local networks has some problems:
- Generating, installing and managing certificates for multiple devices is not fun.
- There are many ways to talk to your device but only those listed in the certificate are accepted by browsers.
- With DHCP your local devices may change IPs.
With localca you can create a server that:
- serves a PEM encoded CA certificate on http, users need to import it only once into the browser certificates.
- automatically self-signs server certificates including the name or IP used to talk to the server.
Example
// read pem encoded key and ca certificate
key, err := localca.ReadKey(keyPEM)
if err != nil {
log.Fatal(err)
}
ca, err := localca.Read(nil, key, caPEM)
if err != nil {
log.Fatal(err)
}
// start a http server on port 8080 that serves the ca certificate
go http.ListenAndServe(":8080", ca)
// listen and sign new certificates on demand
ln, err := localca.Listen(":4443", ca, nil)
if err != nil {
log.Fatal(err)
}
// ready to serve
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "hello local http2 client")
})
srv := &http.Server{Addr: ":4443"}
err = srv.Serve(ln)
if err != nil {
log.Fatal(err)
}
Documentation at http://godoc.org/github.com/mb0/localca
Documentation
¶
Overview ¶
Package localca is a simple solution for using https or http2 in your local area network.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultConfig = Config{ CATmpl: x509.Certificate{ Subject: pkix.Name{ Organization: []string{"local ca"}, }, KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, BasicConstraintsValid: true, IsCA: true, MaxPathLenZero: true, }, CertTmpl: x509.Certificate{ Subject: pkix.Name{ Organization: []string{"local cert"}, }, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, }, Valid: 12 * 365 * 24 * time.Hour, }
DefaultConfig is a minimal default configuration. A shallow copy is used as default configuration for the New and Read.
Functions ¶
func FillNames ¶
func FillNames(t *x509.Certificate, names []string)
FillNames adds DNS names and IP addresses to the certificate template t
Types ¶
type CA ¶
type CA struct {
PEM string
// contains filtered or unexported fields
}
CA represents a self-signed certificate authority. It can be used to generate new server certificates.
func (*CA) CertFor ¶
func (ca *CA) CertFor(addr string) (cert *tls.Certificate, err error)
CertFor returns a server certificate for addr. It will auto-generate a new certificate if addr was not already included.
type Config ¶
type Config struct {
CATmpl x509.Certificate
CertTmpl x509.Certificate
Valid time.Duration // default duration for NotAfter
}
Config holds templates for generating a certificate authority and server certificates. The fields SerialNumber, SubjectKeyId and AuthorityKeyId are always regenerated. The fields NotBefore and NotAfter are generated if not specified
type Key ¶
type Key struct {
PEM string
*ecdsa.PrivateKey
}
Key represents the same ECDSA both PEM encoded and as structure.
func (Key) SubjectKeyID ¶
SubjectKeyID creates new subject key id used for certificates.
type Listener ¶
type Listener struct {
*net.TCPListener
*tls.Config
// contains filtered or unexported fields
}
Listener is a TCP TLS net.Listener that signs certificates for all requested DNS names and IPs. TCP keep-alive is set to 3 min, as is the default listener in net/http.
Source Files