import "github.com/etcd-io/etcd/pkg/transport"
Package transport implements various HTTP transport utilities based on Go net package.
Package transport provides network utility functions, complementing the more common ones in the net package.
doc.go keepalive_listener.go limit_listen.go listener.go listener_tls.go timeout_conn.go timeout_dialer.go timeout_listener.go timeout_transport.go tls.go transport.go unix_listener.go
IsClosedConnError returns true if the error is from closing listener, cmux. copied from golang.org/x/net/http2/http2.go
LimitListener returns a Listener that accepts at most n simultaneous connections from the provided Listener.
NewKeepAliveListener returns a listener that listens on the given address. Be careful when wrap around KeepAliveListener with another Listener if TLSInfo is not nil. Some pkgs (like go/http) might expect Listener to return TLSConn type to start TLS handshake. http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/overview.html
NewListener creates a new listner.
NewTLSListener handshakes TLS connections and performs optional CRL checking.
func NewTimeoutListener(addr string, scheme string, tlsinfo *TLSInfo, rdtimeoutd, wtimeoutd time.Duration) (net.Listener, error)
NewTimeoutListener returns a listener that listens on the given address. If read/write on the accepted connection blocks longer than its time limit, it will return timeout error.
func NewTimeoutTransport(info TLSInfo, dialtimeoutd, rdtimeoutd, wtimeoutd time.Duration) (*http.Transport, error)
NewTimeoutTransport returns a transport created using the given TLS info. If read/write on the created connection blocks longer than its time limit, it will return timeout error. If read/write timeout is set, transport will not be able to reuse connection.
ValidateSecureEndpoints scans the given endpoints against tls info, returning only those endpoints that could be validated as secure.
type TLSInfo struct {
CertFile string
KeyFile string
TrustedCAFile string
ClientCertAuth bool
CRLFile string
InsecureSkipVerify bool
SkipClientSANVerify bool
// ServerName ensures the cert matches the given host in case of discovery / virtual hosting
ServerName string
// HandshakeFailure is optionally called when a connection fails to handshake. The
// connection will be closed immediately afterwards.
HandshakeFailure func(*tls.Conn, error)
// CipherSuites is a list of supported cipher suites.
// If empty, Go auto-populates it by default.
// Note that cipher suites are prioritized in the given order.
CipherSuites []uint16
// AllowedCN is a CN which must be provided by a client.
AllowedCN string
// AllowedHostname is an IP address or hostname that must match the TLS
// certificate provided by a client.
AllowedHostname string
// Logger logs TLS errors.
// If nil, all logs are discarded.
Logger *zap.Logger
// EmptyCN indicates that the cert must have empty CN.
// If true, ClientConfig() will return an error for a cert with non empty CN.
EmptyCN bool
// contains filtered or unexported fields
}func SelfCert(lg *zap.Logger, dirpath string, hosts []string, additionalUsages ...x509.ExtKeyUsage) (info TLSInfo, err error)
ClientConfig generates a tls.Config object for use by an HTTP client.
ServerConfig generates a tls.Config object for use by an HTTP server.
Package transport imports 21 packages (graph). Updated 2019-08-17. Refresh now. Tools for package owners.