Package authority provides an in-process TLS certificate authority, useful for creating and distributing TLS certificates for mutually authenticated HTTPS networking within Bigmachine.



    View Source
    const DriftMargin = time.Minute

      DriftMargin is the amount of acceptable clock drift during certificate issuing and verification.


      This section is empty.


      This section is empty.


      type T

      type T struct {
      	// contains filtered or unexported fields
        A T is a TLS certificate authority which can issue client and server

        certificates and provide configuration for HTTPS clients.

        func New

        func New(filename string) (*T, error)

          New creates a new certificate authority, reading the PEM-encoded certificate and private key from the provided path. If the path does not exist, newCA instead creates a new certificate authority and stores it at the provided path. If path is empty, the authority is ephemeral.

          func (*T) Cert

          func (c *T) Cert() *x509.Certificate

            Cert returns the authority's x509 certificate.

            func (*T) HTTPSConfig

            func (c *T) HTTPSConfig() (client, server *tls.Config, err error)

              HTTPSConfig returns a tls configs based on newly issued TLS certificates from this CA.

              func (*T) Issue

              func (c *T) Issue(cn string, ttl time.Duration, ips []net.IP, dnss []string) ([]byte, *rsa.PrivateKey, error)

                Issue issues a new certificate out of this CA with the provided common name, ttl, ips, and DNSes.

                Source Files