tlsca

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package tlsca manages a local certificate authority for TLS interception: it loads or generates a CA, then mints and caches short-lived per-host leaf certificates signed by that CA so the proxy can terminate client TLS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CA

type CA struct {
	// contains filtered or unexported fields
}

CA is a local certificate authority plus a cache of minted leaf certs.

func LoadOrCreate

func LoadOrCreate(dir string) (*CA, error)

LoadOrCreate loads the CA from dir if present, otherwise generates a new one and persists ca.crt + ca.key under dir.

func (*CA) CertPEM

func (c *CA) CertPEM() []byte

CertPEM returns the PEM-encoded CA certificate (for the user to trust).

func (*CA) LeafForHost

func (c *CA) LeafForHost(host string) (*tls.Certificate, error)

LeafForHost mints (or returns a cached) leaf certificate for host, signed by the CA. host may be a DNS name or an IP literal.

func (*CA) TLSConfig

func (c *CA) TLSConfig() *tls.Config

TLSConfig returns a *tls.Config that serves a per-host leaf chosen from the ClientHello's SNI. Suitable for tls.Server on a hijacked CONNECT conn.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL