aghtls

package
v0.107.72 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 19, 2026 License: GPL-3.0 Imports: 14 Imported by: 0

Documentation

Overview

Package aghtls contains utilities for work with TLS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CertificateHasIP added in v0.107.17

func CertificateHasIP(cert *x509.Certificate) (ok bool)

CertificateHasIP returns true if cert has at least a single IP address among its subjectAltNames.

func Init added in v0.107.65

func Init(ctx context.Context, l *slog.Logger)

Init populates the cipherSuites map with the name-to-ID mapping of cipher suites from crypto/tls. It must be called only once, and it must be called before any function that calls ParseCiphers.

TODO(a.garipov): Propose a similar API to crypto/tls.

func ParseCiphers added in v0.107.17

func ParseCiphers(cipherNames []string) (cipherIDs []uint16, err error)

ParseCiphers parses a slice of cipher suites from cipher names.

func SaferCipherSuites

func SaferCipherSuites() (safe []uint16)

SaferCipherSuites returns a set of default cipher suites with vulnerable and weak cipher suites removed.

func SystemRootCAs added in v0.107.17

func SystemRootCAs(ctx context.Context, l *slog.Logger) (roots *x509.CertPool)

SystemRootCAs tries to load root certificates from the operating system. It returns nil in case nothing is found so that Go' crypto/x509 can use its default algorithm to find system root CA list.

See https://github.com/AdguardTeam/AdGuardHome/issues/1311.

Types

type DefaultManager added in v0.107.72

type DefaultManager struct {
	// contains filtered or unexported fields
}

DefaultManager is the default implementation of the Manager interface.

TODO(e.burkov): Add tests.

func NewDefaultManager added in v0.107.72

func NewDefaultManager(c *DefaultManagerConfig) (mgr *DefaultManager)

NewDefaultManager returns a new properly initialized default manager.

func (*DefaultManager) Refresh added in v0.107.72

func (mgr *DefaultManager) Refresh(ctx context.Context) (err error)

Refresh implements the service.Refresher interface for *DefaultManager.

func (*DefaultManager) Set added in v0.107.72

func (mgr *DefaultManager) Set(ctx context.Context, certKey TLSPair) (err error)

Set implements the Manager interface for *DefaultManager.

func (*DefaultManager) Shutdown added in v0.107.72

func (mgr *DefaultManager) Shutdown(ctx context.Context) (err error)

Shutdown implements the service.Interface interface for *DefaultManager.

func (*DefaultManager) Start added in v0.107.72

func (mgr *DefaultManager) Start(ctx context.Context) (err error)

Start implements the service.Interface interface for *DefaultManager.

func (*DefaultManager) Updates added in v0.107.72

func (mgr *DefaultManager) Updates(ctx context.Context) (updates <-chan UpdateSignal)

Updates implements the Manager interface for *DefaultManager.

type DefaultManagerConfig added in v0.107.72

type DefaultManagerConfig struct {
	// Logger is used for logging the operation of the manager.  It must not be
	// nil.
	Logger *slog.Logger

	// Watcher is used to watch the TLS certificate and key files.  It must not
	// be nil.
	Watcher aghos.FSWatcher
}

DefaultManagerConfig is the configuration structure for NewDefaultManager.

type EmptyManager added in v0.107.72

type EmptyManager struct{}

EmptyManager is an empty implementation of the Manager interface.

func (EmptyManager) Refresh added in v0.107.72

func (EmptyManager) Refresh(_ context.Context) (err error)

Refresh implements the service.Refresher interface for EmptyManager. It always returns nil.

func (EmptyManager) Set added in v0.107.72

func (EmptyManager) Set(_ context.Context, _ TLSPair) (err error)

Set implements the Manager interface for EmptyManager. It always returns nil.

func (EmptyManager) Shutdown added in v0.107.72

func (EmptyManager) Shutdown(_ context.Context) (err error)

Shutdown implements the service.Interface interface for EmptyManager. It always returns nil.

func (EmptyManager) Start added in v0.107.72

func (EmptyManager) Start(_ context.Context) (err error)

Start implements the service.Interface interface for EmptyManager. It always returns nil.

func (EmptyManager) Updates added in v0.107.72

func (EmptyManager) Updates(_ context.Context) (updates <-chan UpdateSignal)

Updates implements the Manager interface for EmptyManager. It always returns a nil channel.

type Manager added in v0.107.72

type Manager interface {
	service.Interface
	service.Refresher

	// Set sets the TLS certificate and key.  certKey may have unset fields,
	// in which case the corresponding files will not be tracked.
	Set(ctx context.Context, certKey TLSPair) (err error)

	// Updates returns a channel that emits signals when the TLS certificate
	// and/or key have been updated.
	//
	// TODO(e.burkov):  Move reloading logic to the manager and get rid of this
	// method.
	Updates(ctx context.Context) (updates <-chan UpdateSignal)
}

Manager manages TLS certificates and keys updates.

type TLSPair added in v0.107.72

type TLSPair struct {
	// CertPath is the path to the certificate.  If empty, the certificate will
	// not be tracked.
	CertPath string

	// KeyPath is the path to the key.  If empty, the key will not be tracked.
	KeyPath string
}

TLSPair is a pair of paths to a certificate and a key.

type UpdateSignal added in v0.107.72

type UpdateSignal struct{}

UpdateSignal is the signal that the TLS certificate and key have been updated.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL