Documentation
¶
Index ¶
- Constants
- func NewState(c protocol.Context) any
- func Protocol() protocol.Payload
- type BuffConn
- func (conn BuffConn) Close() error
- func (conn BuffConn) LocalAddr() net.Addr
- func (conn BuffConn) NeedsMoreData() bool
- func (conn BuffConn) OutboundData() []byte
- func (conn *BuffConn) Read(p []byte) (int, error)
- func (conn BuffConn) RemoteAddr() net.Addr
- func (conn BuffConn) SetDeadline(t time.Time) error
- func (conn *BuffConn) SetExpectedWriterByteCount(total int, initialReceived int)
- func (conn BuffConn) SetReadDeadline(t time.Time) error
- func (conn BuffConn) SetWriteDeadline(t time.Time) error
- func (conn *BuffConn) UpdateData(data []byte)
- func (conn BuffConn) Write(p []byte) (int, error)
- type Flag
- type Payload
- func (p *Payload) Decode(raw []byte) error
- func (p *Payload) Encode() ([]byte, error)
- func (p *Payload) Handle(ctx protocol.Context) protocol.Payload
- func (p *Payload) HasInner() protocol.Payload
- func (p *Payload) ModifyRADIUSResponse(r *radius.Packet, q *radius.Packet) error
- func (p *Payload) Offerable() bool
- func (p *Payload) String() string
- func (p *Payload) Type() protocol.Type
- type Settings
- type State
- type TLSConfig
Constants ¶
View Source
const TypeTLS protocol.Type = 13
Variables ¶
This section is empty.
Functions ¶
Types ¶
type BuffConn ¶
type BuffConn struct {
// contains filtered or unexported fields
}
func NewBuffConn ¶
func (BuffConn) NeedsMoreData ¶
func (BuffConn) OutboundData ¶
func (BuffConn) RemoteAddr ¶
func (*BuffConn) SetExpectedWriterByteCount ¶ added in v0.1.1
func (*BuffConn) UpdateData ¶
type Payload ¶
type Payload struct {
Flags Flag
Length uint32
Data []byte
Inner protocol.Payload
// contains filtered or unexported fields
}
func (*Payload) ModifyRADIUSResponse ¶
type Settings ¶
type Settings struct {
Config *tls.Config
// VerifyPeerCertificate mirrors tls.Config.VerifyPeerCertificate while adding
// protocol.Context. Note that Go does not invoke this callback on resumed
// connections.
VerifyPeerCertificate func(ctx protocol.Context, rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
// VerifyConnection mirrors tls.Config.VerifyConnection while adding
// protocol.Context. Prefer this hook for production-critical validation that
// must also run on resumed connections.
VerifyConnection func(ctx protocol.Context, cs tls.ConnectionState) error
// HandshakeSuccessful runs after the TLS handshake has completed and the EAP
// layer is ready to decide whether the authenticated client should proceed.
HandshakeSuccessful func(ctx protocol.Context, certs []*x509.Certificate) protocol.Status
}
Settings defines the reusable TLS extension points for EAP-TLS/PEAP consumers.
Consumers that only need native Go TLS client-certificate enforcement can keep Config.ClientAuth at tls.RequireAndVerifyClientCert and leave the hooks nil.
Consumers that need identity-aware inspection or application-specific policy decisions during the handshake can instead require certificate presence (typically tls.RequireAnyClientCert) and perform their own validation in VerifyConnection. That hook runs for all connections, including resumptions.
type State ¶
type State struct {
RemainingChunks [][]byte
HandshakeDone bool
FinalStatus protocol.Status
ClientHello *tls.ClientHelloInfo
MPPEKey []byte
TotalPayloadSize int
IncludeLengthInNextFragment bool
TLS *tls.Conn
Conn *BuffConn
Context context.Context
ContextCancel context.CancelFunc
HandshakeCtx protocol.Context
Logger protocol.Logger
// contains filtered or unexported fields
}
func (*State) FinalStatusValue ¶ added in v0.1.4
func (*State) HandshakeDoneValue ¶ added in v0.1.4
func (*State) SetFinalStatus ¶ added in v0.1.4
func (*State) SetHandshakeDone ¶ added in v0.1.4
Source Files
Click to show internal directories.
Click to hide internal directories.