tlsconfig

package module

v0.6.1 Latest Latest Go to latest Published: Sep 3, 2022 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jxskiss/ssl-cert-server

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewConfig(sslCertServerHost string, opts Options) *tls.Config
type Client
- func NewClient(sslCertServerHost string, opts Options) *Client
- func (c *Client) GetTLSCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (c *Client) RequestCertificate(ctx context.Context, req *GetCertificateRequest) (resp *GetCertificateResponse, err error)
type GetCertificateRequest
type GetCertificateResponse
type Options

Constants ¶

View Source

const ALPNProto = "acme-tls/1"

ALPNProto is the ALPN protocol name used by a CA server when validating tls-alpn-01 challenges.

Variables ¶

This section is empty.

Functions ¶

func NewConfig ¶

func NewConfig(sslCertServerHost string, opts Options) *tls.Config

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func NewClient ¶

func NewClient(sslCertServerHost string, opts Options) *Client

func (*Client) GetTLSCertificate ¶

func (c *Client) GetTLSCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

func (*Client) RequestCertificate ¶

func (c *Client) RequestCertificate(ctx context.Context, req *GetCertificateRequest) (resp *GetCertificateResponse, err error)

type GetCertificateRequest ¶

type GetCertificateRequest = proto.GetCertificateRequest

type GetCertificateResponse ¶

type GetCertificateResponse = proto.GetCertificateResponse

type Options ¶

type Options struct {
	// AllowDomains optionally specifies which host names are allowed to
	// respond to. If not specified, any valid domain will trigger
	// certificate request towards the backend ssl cert server, and the
	// backend server take responsibility to check host policy.
	//
	// It's recommended to set this option, it helps to reduce influence
	// of unwelcome requests, such as DDOS, etc.
	AllowDomains []string

	// AllowDomainRegex optionally validates host names using regular expressions.
	//
	// If AllowDomains and AllowDomainRegex are both configured,
	// a domain name will be allowed if it matches either one.
	AllowDomainRegex []string

	// PreloadDomains optionally specifies host names to preload certificates
	// when initializing the TLS config. It helps to accelerate the
	// connecting speed of the first requests after the server started.
	// It's recommended to set this option for production deployment to
	// optimize end-user experience.
	//
	// As you may guess, this option will slow down the server startup
	// time, you may enable the following PreloadAsync option to preload
	// the certificates asynchronously in background.
	PreloadDomains []string
	PreloadAsync   bool

	// DisableStapling optionally disables OCSP stapling.
	//
	// Deprecated: this option has been renamed to DisableOCSPStapling.
	DisableStapling bool

	// DisableOCSPStapling optionally disables OCSP stapling.
	DisableOCSPStapling bool

	// ErrorLog specifies an optional function to log error messages.
	// If nil, error messages will be logged using the default logger from
	// "log" package.
	ErrorLog func(format string, args ...interface{})
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
example
proto

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL