tlsutil

package

v0.0.0-...-1679dbc Latest Latest Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 7 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tikv/pd

Links

Open Source Insights

Documentation ¶

Index ¶

func NewCert(certfile, keyfile string, ...) (*tls.Certificate, error)
func NewCertPool(caFiles []string) (*x509.CertPool, error)
type TLSConfig
- func (s TLSConfig) GetOneAllowedCN() (string, error)
- func (s TLSConfig) ToTLSConfig() (*tls.Config, error)
type TLSInfo
- func (info TLSInfo) ClientConfig() (*tls.Config, error)
- func (info TLSInfo) Empty() bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCert ¶

func NewCert(certfile, keyfile string, parseFunc func([]byte, []byte) (tls.Certificate, error)) (*tls.Certificate, error)

NewCert generates TLS cert by using the given cert,key and parse function.

func NewCertPool ¶

func NewCertPool(caFiles []string) (*x509.CertPool, error)

NewCertPool creates x509 certPool with provided CA files.

Types ¶

type TLSConfig ¶

type TLSConfig struct {
	// CAPath is the path of file that contains list of trusted SSL CAs. if set, following four settings shouldn't be empty
	CAPath string `toml:"cacert-path" json:"cacert-path"`
	// CertPath is the path of file that contains X509 certificate in PEM format.
	CertPath string `toml:"cert-path" json:"cert-path"`
	// KeyPath is the path of file that contains X509 key in PEM format.
	KeyPath string `toml:"key-path" json:"key-path"`
	// CertAllowedCN is a CN which must be provided by a client
	CertAllowedCN []string `toml:"cert-allowed-cn" json:"cert-allowed-cn"`

	SSLCABytes   []byte
	SSLCertBytes []byte
	SSLKEYBytes  []byte
}

TLSConfig is the configuration for supporting tls.

func (TLSConfig) GetOneAllowedCN ¶

func (s TLSConfig) GetOneAllowedCN() (string, error)

GetOneAllowedCN only gets the first one CN.

func (TLSConfig) ToTLSConfig ¶

func (s TLSConfig) ToTLSConfig() (*tls.Config, error)

ToTLSConfig generates tls config.

type TLSInfo ¶

type TLSInfo struct {
	CertFile           string
	KeyFile            string
	CAFile             string // TODO: deprecate this in v4
	TrustedCAFile      string
	ClientCertAuth     bool
	CRLFile            string
	InsecureSkipVerify bool

	SkipClientSANVerify bool

	// ServerName ensures the cert matches the given host in case of discovery / virtual hosting
	ServerName string

	// HandshakeFailure is optionally called when a connection fails to handshake. The
	// connection will be closed immediately afterwards.
	HandshakeFailure func(*tls.Conn, error)

	// CipherSuites is a list of supported cipher suites.
	// If empty, Go auto-populates it by default.
	// Note that cipher suites are prioritized in the given order.
	CipherSuites []uint16

	// AllowedCN is a CN which must be provided by a client.
	AllowedCN string
	// contains filtered or unexported fields
}

TLSInfo stores tls configuration to connect to etcd.

func (TLSInfo) ClientConfig ¶

func (info TLSInfo) ClientConfig() (*tls.Config, error)

ClientConfig generates a tls.Config object for use by an HTTP client.

func (TLSInfo) Empty ¶

func (info TLSInfo) Empty() bool

Empty returns if the TLSInfo is unset.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL