Documentation
¶
Index ¶
- Constants
- func BfeTlsRuleConfCheck(conf *BfeTlsRuleConf) error
- func CheckTlsConf(certConf map[string]*bfe_tls.Certificate, ruleMap TlsRuleMap) error
- func CheckValidProto(protoConf string) error
- func ClientCALoad(tlsRuleMap TlsRuleMap, clientCADir string) (map[string]*x509.CertPool, error)
- func ClientCRLLoad(clientCAMap map[string]*x509.CertPool, clientCRLDir string) (map[string]*bfe_tls.CRLPool, error)
- func GetClientCACertificate(clientCADir string, clientCAName string) (*x509.CertPool, error)
- func MatchCertNames(certNames []string, host string) bool
- func MatchHostnames(pattern, host string) bool
- func TlsRuleConfCheck(conf *TlsRuleConf) error
- type BfeTlsRuleConf
- type NextProtosParams
- type TlsRuleConf
- type TlsRuleMap
Constants ¶
View Source
const ( HTTP11 = "http/1.1" // https (http/1.1 over tls) protocol HTTP2 = "h2" // http2 protocol SPDY31 = "spdy/3.1" // spdy/3.1 protocol STREAM = "stream" )
application level protocols over tls
View Source
const ( PROTO_OPTIONAL = 0 // proto is negotiatory, may be disabled if needed PROTO_NEGOTISTORY = 1 // proto is negotiatory, must not be disabled PROTO_MANDATORY = 2 // proto is mandatory )
negotiation level for protocols
View Source
const ( ProxyProtocolDisabled = 0 ProxyProtocolV1Enabled = 1 ProxyProtocolV2Enabled = 2 )
Variables ¶
This section is empty.
Functions ¶
func BfeTlsRuleConfCheck ¶
func BfeTlsRuleConfCheck(conf *BfeTlsRuleConf) error
func CheckTlsConf ¶
func CheckTlsConf(certConf map[string]*bfe_tls.Certificate, ruleMap TlsRuleMap) error
CheckTlsConf check integrity of tls rule conf and cert conf.
func CheckValidProto ¶
func ClientCALoad ¶
ClientCALoad load client CA certificates.
func ClientCRLLoad ¶
func GetClientCACertificate ¶
func MatchCertNames ¶
MatchCertNames check whether host matches names in cert.
func MatchHostnames ¶
MatchHostnames check whether host matches pattern.
func TlsRuleConfCheck ¶
func TlsRuleConfCheck(conf *TlsRuleConf) error
Types ¶
type BfeTlsRuleConf ¶
type BfeTlsRuleConf struct {
Version string // version of config
Config TlsRuleMap
DefaultNextProtos []string
DefaultChacha20 bool
DefaultDynamicRecord bool
}
func TlsRuleConfLoad ¶
func TlsRuleConfLoad(filename string) (BfeTlsRuleConf, error)
TlsRuleConfLoad load config of rule from file.
type NextProtosParams ¶
type NextProtosParams struct {
Level int // protocol negotiation level
Mcs int // max concurrent stream per conn
Isw int // initial stream window for server
Rate int // presence rate while level is PROTO_OPTIONAL
PP int // proxy protocol to backend, 0: disable, 1: enable v1 pp, 2: enable v2 pp
}
func GetDefaultNextProtosParams ¶
func GetDefaultNextProtosParams() NextProtosParams
func ParseNextProto ¶
func ParseNextProto(protoConf string) (proto string, params NextProtosParams, err error)
type TlsRuleConf ¶
type TlsRuleConf struct {
VipConf []string // list of vips for product
SniConf []string // list of hostnames for product (optional)
CertName string // name of certificate
NextProtos []string // next protos over TLS
Grade string // tls grade for product
ClientAuth bool // require tls client auth
ClientCAName string // client CA certificate name
Chacha20 bool // enable chacha20-poly1305 cipher suites
DynamicRecord bool // enable dynamic record size
}
type TlsRuleMap ¶
type TlsRuleMap map[string]*TlsRuleConf // product -> pointer to tls rule conf
Source Files
Click to show internal directories.
Click to hide internal directories.