Documentation
¶
Index ¶
- Variables
- func AddOrUpdateDHParam(name string, dh []byte) (string, error)
- func CheckCACert(caBytes []byte) ([]*x509.Certificate, error)
- func ConfigureCACert(name string, ca []byte, sslCert *ingress.SSLCert) error
- func ConfigureCACertWithCertAndKey(name string, ca []byte, sslCert *ingress.SSLCert) error
- func ConfigureCRL(name string, crl []byte, sslCert *ingress.SSLCert) error
- func CreateCACert(ca []byte) (*ingress.SSLCert, error)
- func CreateSSLCert(cert, key []byte, uid string) (*ingress.SSLCert, error)
- func GetFakeSSLCert() *ingress.SSLCert
- func IsValidHostname(hostname string, commonNames []string) bool
- func StoreSSLCertOnDisk(name string, sslCert *ingress.SSLCert) (string, error)
- type TLSListener
Constants ¶
This section is empty.
Variables ¶
var FakeSSLCertificateUID = "00000000-0000-0000-0000-000000000000"
FakeSSLCertificateUID defines the default UID to use for the fake SSL certificate generated by the ingress controller
Functions ¶
func AddOrUpdateDHParam ¶
AddOrUpdateDHParam creates a dh parameters file with the specified name
func CheckCACert ¶
func CheckCACert(caBytes []byte) ([]*x509.Certificate, error)
CheckCACert validates a byte array containing one or more CA certificate/s
func ConfigureCACert ¶
ConfigureCACert is similar to ConfigureCACertWithCertAndKey but it creates a separate file for CA cert and writes only ca into it and then sets relevant fields in sslCert
func ConfigureCACertWithCertAndKey ¶
ConfigureCACertWithCertAndKey appends ca into existing PEM file consisting of cert and key and sets relevant fields in sslCert object
func ConfigureCRL ¶
ConfigureCRL creates a CRL file and append it into the SSLCert
func CreateCACert ¶
CreateCACert is similar to CreateSSLCert but it creates instance of SSLCert only based on given ca after parsing and validating it
func CreateSSLCert ¶
CreateSSLCert validates cert and key, extracts common names and returns corresponding SSLCert object
func GetFakeSSLCert ¶
GetFakeSSLCert creates a Self Signed Certificate Based in the code https://golang.org/src/crypto/tls/generate_cert.go
func IsValidHostname ¶
IsValidHostname checks if a hostname is valid in a list of common names
Types ¶
type TLSListener ¶
type TLSListener struct {
// contains filtered or unexported fields
}
TLSListener implements a dynamic certificate loader
func NewTLSListener ¶
func NewTLSListener(certificate, key string) *TLSListener
NewTLSListener watches changes to th certificate and key paths and reloads it whenever it changes
func (*TLSListener) GetCertificate ¶
func (tl *TLSListener) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate implements the tls.Config.GetCertificate interface
func (*TLSListener) TLSConfig ¶
func (tl *TLSListener) TLSConfig() *tls.Config
TLSConfig instanciates a TLS configuration, always providing an up to date certificate
Source Files