libp2ptls

package

v0.33.2 Latest Latest Go to latest Published: Mar 28, 2024 License: MIT Imports: 24 Imported by: 110

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/libp2p/go-libp2p

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GenerateSignedExtension(sk ic.PrivKey, pubKey crypto.PublicKey) (pkix.Extension, error)
func PubKeyFromCertChain(chain []*x509.Certificate) (ic.PubKey, error)
type Identity
- func NewIdentity(privKey ic.PrivKey, opts ...IdentityOption) (*Identity, error)
- func (i *Identity) ConfigForPeer(remote peer.ID) (*tls.Config, <-chan ic.PubKey)
type IdentityConfig
type IdentityOption
- func WithCertTemplate(template *x509.Certificate) IdentityOption
type Transport
- func New(id protocol.ID, key ci.PrivKey, muxers []tptu.StreamMuxer) (*Transport, error)

Constants ¶

View Source

const ID = "/tls/1.0.0"

ID is the protocol ID (used when negotiating with multistream)

Variables ¶

This section is empty.

Functions ¶

func GenerateSignedExtension ¶ added in v0.22.0

func GenerateSignedExtension(sk ic.PrivKey, pubKey crypto.PublicKey) (pkix.Extension, error)

GenerateSignedExtension uses the provided private key to sign the public key, and returns the signature within a pkix.Extension. This extension is included in a certificate to cryptographically tie it to the libp2p private key.

func PubKeyFromCertChain ¶

func PubKeyFromCertChain(chain []*x509.Certificate) (ic.PubKey, error)

PubKeyFromCertChain verifies the certificate chain and extract the remote's public key.

Types ¶

type Identity ¶

type Identity struct {
	// contains filtered or unexported fields
}

Identity is used to secure connections

func NewIdentity ¶

func NewIdentity(privKey ic.PrivKey, opts ...IdentityOption) (*Identity, error)

NewIdentity creates a new identity

func (*Identity) ConfigForPeer ¶

func (i *Identity) ConfigForPeer(remote peer.ID) (*tls.Config, <-chan ic.PubKey)

ConfigForPeer creates a new single-use tls.Config that verifies the peer's certificate chain and returns the peer's public key via the channel. If the peer ID is empty, the returned config will accept any peer.

It should be used to create a new tls.Config before securing either an incoming or outgoing connection.

type IdentityConfig ¶ added in v0.22.0

type IdentityConfig struct {
	CertTemplate *x509.Certificate
}

IdentityConfig is used to configure an Identity

type IdentityOption ¶ added in v0.22.0

type IdentityOption func(r *IdentityConfig)

IdentityOption transforms an IdentityConfig to apply optional settings.

func WithCertTemplate ¶ added in v0.22.0

func WithCertTemplate(template *x509.Certificate) IdentityOption

WithCertTemplate specifies the template to use when generating a new certificate.

type Transport ¶

type Transport struct {
	// contains filtered or unexported fields
}

Transport constructs secure communication sessions for a peer.

func New ¶

func New(id protocol.ID, key ci.PrivKey, muxers []tptu.StreamMuxer) (*Transport, error)

New creates a TLS encrypted transport

func (*Transport) ID ¶ added in v0.24.0

func (t *Transport) ID() protocol.ID

func (*Transport) SecureInbound ¶

func (t *Transport) SecureInbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error)

SecureInbound runs the TLS handshake as a server. If p is empty, connections from any peer are accepted.

func (*Transport) SecureOutbound ¶

func (t *Transport) SecureOutbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error)

SecureOutbound runs the TLS handshake as a client. Note that SecureOutbound will not return an error if the server doesn't accept the certificate. This is due to the fact that in TLS 1.3, the client sends its certificate and the ClientFinished in the same flight, and can send application data immediately afterwards. If the handshake fails, the server will close the connection. The client will notice this after 1 RTT when calling Read.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
tlsdiag

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL