Documentation ¶
Index ¶
- Constants
- func BfeTlsRuleConfCheck(conf *BfeTlsRuleConf) error
- func CheckTlsConf(certConf map[string]*bfe_tls.Certificate, ruleMap TlsRuleMap) error
- func CheckValidProto(protoConf string) error
- func ClientCALoad(tlsRuleMap TlsRuleMap, clientCADir string) (map[string]*x509.CertPool, error)
- func ClientCRLLoad(clientCAMap map[string]*x509.CertPool, clientCRLDir string) (map[string]*bfe_tls.CRLPool, error)
- func GetClientCACertificate(clientCADir string, clientCAName string) (*x509.CertPool, error)
- func MatchCertNames(certNames []string, host string) bool
- func MatchHostnames(pattern, host string) bool
- func TlsRuleConfCheck(conf *TlsRuleConf) error
- type BfeTlsRuleConf
- type NextProtosParams
- type TlsRuleConf
- type TlsRuleMap
Constants ¶
View Source
const ( HTTP11 = "http/1.1" // https (http/1.1 over tls) protocol HTTP2 = "h2" // http2 protocol SPDY31 = "spdy/3.1" // spdy/3.1 protocol STREAM = "stream" )
application level protocols over tls
View Source
const ( PROTO_OPTIONAL = 0 // proto is negotiatory, may be disabled if needed PROTO_NEGOTISTORY = 1 // proto is negotiatory, must not be disabled PROTO_MANDATORY = 2 // proto is mandatory )
negotiation level for protocols
View Source
const ( ProxyProtocolDisabled = 0 ProxyProtocolV1Enabled = 1 ProxyProtocolV2Enabled = 2 )
Variables ¶
This section is empty.
Functions ¶
func BfeTlsRuleConfCheck ¶
func BfeTlsRuleConfCheck(conf *BfeTlsRuleConf) error
func CheckTlsConf ¶
func CheckTlsConf(certConf map[string]*bfe_tls.Certificate, ruleMap TlsRuleMap) error
CheckTlsConf check integrity of tls rule conf and cert conf.
func CheckValidProto ¶
func ClientCALoad ¶
ClientCALoad load client CA certificates.
func ClientCRLLoad ¶
func GetClientCACertificate ¶
func MatchCertNames ¶
MatchCertNames check whether host matches names in cert.
func MatchHostnames ¶
MatchHostnames check whether host matches pattern.
func TlsRuleConfCheck ¶
func TlsRuleConfCheck(conf *TlsRuleConf) error
Types ¶
type BfeTlsRuleConf ¶
type BfeTlsRuleConf struct { Version string // version of config Config TlsRuleMap DefaultNextProtos []string DefaultChacha20 bool DefaultDynamicRecord bool }
func TlsRuleConfLoad ¶
func TlsRuleConfLoad(filename string) (BfeTlsRuleConf, error)
TlsRuleConfLoad load config of rule from file.
type NextProtosParams ¶
type NextProtosParams struct { Level int // protocol negotiation level Mcs int // max concurrent stream per conn Isw int // initial stream window for server Rate int // presence rate while level is PROTO_OPTIONAL PP int // proxy protocol to backend, 0: disable, 1: enable v1 pp, 2: enable v2 pp }
func GetDefaultNextProtosParams ¶
func GetDefaultNextProtosParams() NextProtosParams
func ParseNextProto ¶
func ParseNextProto(protoConf string) (proto string, params NextProtosParams, err error)
type TlsRuleConf ¶
type TlsRuleConf struct { VipConf []string // list of vips for product SniConf []string // list of hostnames for product (optional) CertName string // name of certificate NextProtos []string // next protos over TLS Grade string // tls grade for product ClientAuth bool // require tls client auth ClientCAName string // client CA certificate name Chacha20 bool // enable chacha20-poly1305 cipher suites DynamicRecord bool // enable dynamic record size }
type TlsRuleMap ¶
type TlsRuleMap map[string]*TlsRuleConf // product -> pointer to tls rule conf
Click to show internal directories.
Click to hide internal directories.