Documentation
¶
Index ¶
- Variables
- func SanitizeHost(host string) (string, error)
- func WithRenewBefore(b time.Duration) func(r *Renewer) error
- func WithRenewJitter(j time.Duration) func(r *Renewer) error
- type RenewFunc
- type Renewer
- func (r *Renewer) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (r *Renewer) GetClientCertificate(hello *tls.CertificateRequestInfo) (*tls.Certificate, error)
- func (r *Renewer) GetConfig() *tls.Config
- func (r *Renewer) GetConfigForClient(hello *tls.ClientHelloInfo) (*tls.Config, error)
- func (r *Renewer) Run()
- func (r *Renewer) RunContext(ctx context.Context)
- func (r *Renewer) Stop() bool
- type ServerCredentials
- type ServerRenewFunc
Constants ¶
This section is empty.
Variables ¶
var MinCertDuration = time.Minute
MinCertDuration is the minimum validity of a certificate.
var SanitizeName = x509util.SanitizeName
SanitizeName converts the given domain to its ASCII form.
Functions ¶
func SanitizeHost ¶
SanitizeHost returns the ASCII form of the host part in a host:port address.
func WithRenewBefore ¶
WithRenewBefore modifies a tls renewer by setting the renewBefore attribute.
Types ¶
type RenewFunc ¶
type RenewFunc func() (*tls.Certificate, *tls.Config, error)
RenewFunc defines the type of the functions used to get a new tls certificate.
type Renewer ¶
Renewer automatically renews a tls certificate using a RenewFunc.
func NewRenewer ¶
func NewRenewer(cert *tls.Certificate, config *tls.Config, fn RenewFunc, opts ...renewerOptions) (*Renewer, error)
NewRenewer creates a TLS renewer for the given cert. It will use the given RenewFunc to get a new certificate when required.
func (*Renewer) GetCertificate ¶
func (r *Renewer) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate returns the current server certificate.
This method is set in the tls.Config GetCertificate property.
func (*Renewer) GetClientCertificate ¶
func (r *Renewer) GetClientCertificate(hello *tls.CertificateRequestInfo) (*tls.Certificate, error)
GetClientCertificate returns the current client certificate.
This method is set in the tls.Config GetClientCertificate property.
func (*Renewer) GetConfigForClient ¶
GetConfigForClient returns the tls.Config used per request.
This method is set in the tls.Config GetConfigForClient property.
func (*Renewer) Run ¶
func (r *Renewer) Run()
Run starts the certificate renewer for the given certificate.
func (*Renewer) RunContext ¶
RunContext starts the certificate renewer for the given certificate.
type ServerCredentials ¶
type ServerCredentials struct {
RenewFunc ServerRenewFunc
// contains filtered or unexported fields
}
ServerCredentials is a type that manages the credentials of a server.
func NewServerCredentials ¶
func NewServerCredentials(fn ServerRenewFunc) (*ServerCredentials, error)
NewServerCredentials returns a new ServerCredentials that will get certificates from the given function.
func NewServerCredentialsFromFile ¶ added in v0.11.0
func NewServerCredentialsFromFile(certFile, keyFile string) (*ServerCredentials, error)
NewServerCredentialsFromFile returns a ServerCredentials that renews the certificate from a file on disk.
func (*ServerCredentials) GetCertificate ¶
func (c *ServerCredentials) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate returns the certificate for the SNI in the hello message.
func (*ServerCredentials) GetConfigForClient ¶
func (c *ServerCredentials) GetConfigForClient(hello *tls.ClientHelloInfo) (*tls.Config, error)
GetConfigForClient returns the tls.Config used per request.
func (*ServerCredentials) TLSConfig ¶ added in v0.11.0
func (c *ServerCredentials) TLSConfig() *tls.Config
TLSConfig returns a *tls.Config with GetCertificate and GetConfigForClient set.
type ServerRenewFunc ¶
type ServerRenewFunc func(hello *tls.ClientHelloInfo) (*tls.Certificate, *tls.Config, error)
ServerRenewFunc defines the type of the functions used to get a new tls certificate.
Source Files