cert

package

v0.5.1 Latest Latest Go to latest Published: Aug 29, 2023 License: MIT Imports: 15 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

src.agwa.name/go-listener.git

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cert provides helper functions for working with TLS certificates.

Index ¶

func LoadCertificate(filename string) (*tls.Certificate, error)
type GetCertificateFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LoadCertificate ¶

func LoadCertificate(filename string) (*tls.Certificate, error)

Load a tls.Certificate from the given PEM-encoded file. The file must contain the following blocks:

Exactly one PRIVATE KEY, containing the private key in PKCS#8 format.
At least one CERTIFICATE, comprising the certificate chain, leaf certificate first and root certificate omitted.
Up to one OCSP RESPONSE, containing a stapled OCSP response.
Any number of SIGNED CERTIFICATE TIMESTAMP, containing stapled SCTs.

Types ¶

type GetCertificateFunc ¶

type GetCertificateFunc func(*tls.ClientHelloInfo) (*tls.Certificate, error)

A function that returns a tls.Certificate based on the given tls.ClientHelloInfo

func GetCertificateAutomatically ¶

func GetCertificateAutomatically(hostnames []string) GetCertificateFunc

Returns a GetCertificateFunc that automatically obtains certificates using ACME for the given hostnames. The environment variables $AUTOCERT_ACME_SERVER, $AUTOCERT_EMAIL, and $AUTOCERT_CACHE_DIR can be used to customize the ACME client. See the go-listener README for details.

func GetCertificateDefaultServerName ¶

func GetCertificateDefaultServerName(defaultServerName string, getCertificate GetCertificateFunc) GetCertificateFunc

Wraps a GetCertificateFunc with logic that sets tls.ClientHelloInfo.ServerName to defaultServerName if it is empty (e.g. because the client does not support SNI).

func GetCertificateFromDirectory ¶

func GetCertificateFromDirectory(path string) GetCertificateFunc

Return a GetCertificateFunc that gets the certificate from a file named SERVER_NAME.pem in the given directory, where SERVER_NAME is the SNI hostname provided by the client. File are reloaded automatically when they change, allowing zero-downtime certificate rotation. See the documentation of LoadCertificate for the required format of the files.

If no certificate file exists for SERVER_NAME, or if the client does not provide an SNI hostname, then the GetCertificateFunc returns an error, causing the TLS connection to be terminated. If you need to support clients that don't provide SNI, wrap the GetCertificateFunc with GetCertificateDefaultServerName to specify a default SNI hostname.

func GetCertificateFromFile ¶

func GetCertificateFromFile(path string) GetCertificateFunc

Return a GetCertificateFunc that gets the certificate from the given file. The file is reloaded automatically when it changes, allowing zero-downtime certificate rotation. See the documentation of LoadCertificate for the required format of the file.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL