tscert

package module
v0.0.0-...-d3f8340 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 8, 2024 License: BSD-3-Clause Imports: 16 Imported by: 19

README

tscert

This is a stripped down version of the tailscale.com/client/tailscale Go package but with minimal dependencies and supporting older versions of Go.

It's meant for use by Caddy, so they don't need to depend on Go 1.17 yet. Also, it has the nice side effect of not polluting their go.sum file because tailscale.com is a somewhat large module.

Docs

See https://pkg.go.dev/github.com/tailscale/tscert

Documentation

Overview

Package tscert fetches HTTPS certs from the local machine's Tailscale daemon (tailscaled).

Index

Constants

This section is empty.

Variables

View Source 
var (
	// TailscaledSocket is the tailscaled Unix socket. It's used by the TailscaledDialer.
	TailscaledSocket = paths.DefaultTailscaledSocket()

	// TailscaledSocketSetExplicitly reports whether the user explicitly set TailscaledSocket.
	TailscaledSocketSetExplicitly bool

	// TailscaledDialer is the DialContext func that connects to the local machine's
	// tailscaled or equivalent.
	TailscaledDialer = DialLocalAPI

	// TailscaledTransport is the RoundTripper that sends LocalAPI requests
	// to the local machine's tailscaled or equivalent.
	// If nil, a default RoundTripper is used that uses TailscaledDialer.
	TailscaledTransport http.RoundTripper
)

Functions

func CertPair 

func CertPair(ctx context.Context, domain string) (certPEM, keyPEM []byte, err error)

CertPair returns a cert and private key for the provided DNS domain.

It returns a cached certificate from disk if it's still valid.

func DialLocalAPI 

func DialLocalAPI(ctx context.Context, network, addr string) (net.Conn, error)

DialLocalAPI connects to the LocalAPI server of the tailscaled instance on the machine.

func DoLocalRequest 

func DoLocalRequest(req *http.Request) (*http.Response, error)

DoLocalRequest makes an HTTP request to the local machine's Tailscale daemon.

URLs are of the form http://local-tailscaled.sock/localapi/v0/whois?ip=1.2.3.4.

The hostname must be "local-tailscaled.sock", even though it doesn't actually do any DNS lookup. The actual means of connecting to and authenticating to the local Tailscale daemon vary by platform.

DoLocalRequest may mutate the request to add Authorization headers.

func ExpandSNIName 

func ExpandSNIName(ctx context.Context, name string) (fqdn string, ok bool)

ExpandSNIName expands bare label name into the the most likely actual TLS cert name.

func GetCertificate 

func GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate fetches a TLS certificate for the TLS ClientHello in hi.

It returns a cached certificate from disk if it's still valid.

It's the right signature to use as the value of tls.Config.GetCertificate.

func GetCertificateWithContext 

func GetCertificateWithContext(ctx context.Context, hi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificateWithContext fetches a TLS certificate for the TLS ClientHello in hi.

It returns a cached certificate from disk if it's still valid.

Use GetCertificate instead if a value for tls.Config.GetCertificate is needed.

func IsAccessDeniedError 

func IsAccessDeniedError(err error) bool

IsAccessDeniedError reports whether err is or wraps an AccessDeniedError.

Types

type AccessDeniedError 

type AccessDeniedError struct {
	// contains filtered or unexported fields
}

AccessDeniedError is an error due to permissions.

func (*AccessDeniedError) Error 

func (e *AccessDeniedError) Error() string

func (*AccessDeniedError) Unwrap 

func (e *AccessDeniedError) Unwrap() error

type Status 

type Status struct {
	// Version is the daemon's long version (see version.Long).
	Version string

	// BackendState is an ipn.State string value:
	//  "NoState", "NeedsLogin", "NeedsMachineAuth", "Stopped",
	//  "Starting", "Running".
	BackendState string

	// Health contains health check problems.
	// Empty means everything is good. (or at least that no known
	// problems are detected)
	Health []string

	// TailscaleIPs are the Tailscale IP(s) assigned to this node
	TailscaleIPs []string

	// MagicDNSSuffix is the network's MagicDNS suffix for nodes
	// in the network such as "userfoo.tailscale.net".
	// There are no surrounding dots.
	// MagicDNSSuffix should be populated regardless of whether a domain
	// has MagicDNS enabled.
	MagicDNSSuffix string

	// CertDomains are the set of DNS names for which the control
	// plane server will assist with provisioning TLS
	// certificates. See SetDNSRequest for dns-01 ACME challenges
	// for e.g. LetsEncrypt. These names are FQDNs without
	// trailing periods, and without any "_acme-challenge." prefix.
	CertDomains []string
}

Status is a stripped down version of tailscale.com/ipn/ipnstate.Status for the tscert package.

func GetStatus 

func GetStatus(ctx context.Context) (*Status, error)

GetStatus returns a stripped down status from tailscaled. For a full version, use tailscale.com/client/tailscale.Status.

Source Files

View all Source files

Directories

Path Synopsis
internal
paths
Package paths returns platform and user-specific default paths to Tailscale files and directories.
 Package paths returns platform and user-specific default paths to Tailscale files and directories.
safesocket
Package safesocket creates either a Unix socket, if possible, or otherwise a localhost TCP connection.
 Package safesocket creates either a Unix socket, if possible, or otherwise a localhost TCP connection.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.