ca

package

v2.0.5 Latest Latest Go to latest Published: Jun 22, 2021 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/9seconds/httransform

Links

Open Source Insights

Documentation ¶

Overview ¶

Lifecycle management of generated TLS certificates.

This CA is required to generate TLS certificate for hostnames on the fly. It uses self-signed certificate + its primary key (or, if you want, you can provide your own certificates) to generate ad-hoc TLS certificates for the given hosts.

The certificates are generated in determenistic way derived from your CA private key so please keep it is secret.

How to generate your own pair ¶

To generate your own set of CA certificate and private key, please use the following command line:

openssl req -x509 -newkey rsa:1024 -keyout private-key.pem -out ca.crt -days 3650 -nodes

file ca.crt will contain CA certificate; private-key.pem - CA private key.

Index ¶

Constants
Variables
type CA
- func NewCA(ctx context.Context, eventStream events.Stream, certCA []byte, ...) (*CA, error)
- func (c *CA) Get(host string) (*tls.Config, error)

Constants ¶

View Source

const (
	// CACacheSize defines a size of LFU cache to use. Each hostname
	// corresponds to a certain entry in this cache and each hostname is
	// responsible for a single generated certificate.
	//
	// It may sound scary but scales well on practice. Usually you do
	// not need to alter this parameter. Please remember we talk about
	// LFU cache.
	CACacheSize = 1024

	// CACacheTTL defines TTL for each generated TLS certificate.
	// Actually, this parameter can be up to 3 months but it will be
	// better to regenerate it more frequently.
	CACacheTTL = 7 * 24 * time.Hour
)

View Source

const RSAKeyLength = 2048

RSAKeyLength defines a bit length of generated RSA key. This is a good default for fake certificates, you usually do not need anything more than that.

Variables ¶

View Source

var ErrContextClosed = &errors.Error{
	Message: "context is closed",
}

ErrContextClosed is returned if we ask for the certificate but corresponding context was already closed and whole CA should be terminated.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	// contains filtered or unexported fields
}

CA defines an authority which generates TLS certificates for given hostnames.

func NewCA ¶

func NewCA(ctx context.Context,
	eventStream events.Stream,
	certCA []byte,
	privateKey []byte) (*CA, error)

NewCA generates CA instance.

func (*CA) Get ¶

func (c *CA) Get(host string) (*tls.Config, error)

Get returns tls.Config instance for the given hostname.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL