Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type InMemoryCertDatabase ¶
type InMemoryCertDatabase struct {
//Function to generate certificates for the database.
GenerateCertificate func(host string) (certPem []byte, keyPem []byte, err error)
//On Change notifier function. Notified code should not call back into
//the Cert Database. This function should also be thread safe as it could
//be called from multiple threads at the same time.
CertificateDatabaseChange func(host string, certPem []byte, keyPem []byte)
//More of a guideline then a rule, but the number of certs before the
//database should start dropping old ones. If not set, default number is
//used. If less then 0, no certs are ever dropped.
MaxNumberOfCerts int
//Number of certs to drop when the MaxNumberOfCerts threshold has been
//exceeded. If not set, the default value is used.
NumberOfCertsToDrop int
// contains filtered or unexported fields
}
InMemoryCertDatabase is an implementation of an in memory database of TLS Certificates. The implementation supports auto certificate removal to prevent memory exhaustion. The implementation also provides a hook to allow consuming code to serialize the certificates to a backing store and a hook to change how certificates are generated.
func NewInMemoryCertDatabase ¶
func NewInMemoryCertDatabase(GenerateCertificate func(host string) (certPem []byte, keyPem []byte, err error)) (database *InMemoryCertDatabase)
Creates a new cert database.
func (*InMemoryCertDatabase) AddCert ¶
func (database *InMemoryCertDatabase) AddCert(host string, certPem []byte, keyPem []byte) (err error)
Adds a new cert to the database. Does not trigger the database change event.
func (*InMemoryCertDatabase) ClearDatabase ¶
func (database *InMemoryCertDatabase) ClearDatabase()
Clears all certs from the database. Does not trigger any database change events.
func (*InMemoryCertDatabase) GetCert ¶
func (database *InMemoryCertDatabase) GetCert(host string) (cert *tls.Certificate, err error)
Gets a cert from the database, creating it if it does not exist.
type TLSCertGen ¶
type TLSCertGen struct {
//Cert used to sign other ceritifcates. If left blank, all certs are self
//signed. This root CA of the cert should be installed in the clients accessing the proxy
//to avoid cert error messages.
RootAuthorityCert *x509.Certificate
//Private key of the root cert
RootAuthorityPrivateKey interface{}
//Prefix to stick before the organization field of the generated certs which
//automatically gets set to the requested host
OrganizationPrefix string
//Enables TurboCertGen mode. In TurboCertGen mode, all generated certificates share
//the same public and private key. The only computation involved in this mode
//is the dynamic creation of the certificate and its signing by the root CA.
TurboCertGen bool
SharedRsaKey *rsa.PrivateKey
}
func (*TLSCertGen) GenerateCertificate ¶
func (certGen *TLSCertGen) GenerateCertificate(host string) (certPem []byte, keyPem []byte, err error)
func (*TLSCertGen) GetCertificate ¶
func (certGen *TLSCertGen) GetCertificate(hello *tls.ClientHelloInfo) (cert *tls.Certificate, err error)
Source Files
Click to show internal directories.
Click to hide internal directories.