Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

kenginetls

package

Go to main page

Versions in this module

v1

v1.0.4

Sep 29, 2024

Changes in this version

+ var ErrPermissionDenied = errors.New("certificate not allowed by permission module")

+ var SupportedCurves = map[string]tls.CurveID

+ var SupportedProtocols = map[string]uint16

+ func AllMatchingCertificates(san string) []certmagic.Certificate

+ func CipherSuiteID(name string) uint16

+ func CipherSuiteNameSupported(name string) bool

+ func DefaultIssuers(userEmail string) []certmagic.Issuer

+ func DefaultIssuersProvisioned(ctx kengine.Context) ([]certmagic.Issuer, error)

+ func ParseKenginefileNestedMatcherSet(d *kenginefile.Dispenser) (kengine.ModuleMap, error)

+ func ProtocolName(id uint16) string

+ func SupportedCipherSuites() []*tls.CipherSuite

+ type ACMEIssuer struct

+ ACMETimeout kengine.Duration

+ AccountKey string

+ CA string

+ CertificateLifetime kengine.Duration

+ Challenges *ChallengesConfig

+ Email string

+ ExternalAccount *acme.EAB

+ PreferredChains *ChainPreference

+ TestCA string

+ TrustedRootsPEMFiles []string

+ func (ACMEIssuer) KengineModule() kengine.ModuleInfo

+ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer

+ func (iss *ACMEIssuer) GetRenewalInfo(ctx context.Context, cert certmagic.Certificate) (acme.RenewalInfo, error)

+ func (iss *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error)

+ func (iss *ACMEIssuer) IssuerKey() string

+ func (iss *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error

+ func (iss *ACMEIssuer) Provision(ctx kengine.Context) error

+ func (iss *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error

+ func (iss *ACMEIssuer) SetConfig(cfg *certmagic.Config)

+ func (iss *ACMEIssuer) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ type AutomateLoader []string

+ func (AutomateLoader) KengineModule() kengine.ModuleInfo

+ type AutomationConfig struct

+ OCSPCheckInterval kengine.Duration

+ OnDemand *OnDemandConfig

+ Policies []*AutomationPolicy

+ RenewCheckInterval kengine.Duration

+ StorageCleanInterval kengine.Duration

+ type AutomationPolicy struct

+ DisableOCSPStapling bool

+ Issuers []certmagic.Issuer

+ IssuersRaw []json.RawMessage

+ KeyType string

+ Managers []certmagic.Manager

+ ManagersRaw []json.RawMessage

+ MustStaple bool

+ OCSPOverrides map[string]string

+ OnDemand bool

+ RenewalWindowRatio float64

+ ReusePrivateKeys bool

+ StorageRaw json.RawMessage

+ SubjectsRaw []string

+ func (ap *AutomationPolicy) AllInternalSubjects() bool

+ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error

+ func (ap *AutomationPolicy) Subjects() []string

+ type CA interface

+ CertPool func() *x509.CertPool

+ type CertCacheOptions struct

+ Capacity int

+ type CertKeyFilePair struct

+ Certificate string

+ Format string

+ Key string

+ Tags []string

+ type CertKeyPEMPair struct

+ CertificatePEM string

+ KeyPEM string

+ Tags []string

+ type Certificate struct

+ Tags []string

+ type CertificateLoader interface

+ LoadCertificates func() ([]Certificate, error)

+ type ChainPreference struct

+ AnyCommonName []string

+ RootCommonName []string

+ Smallest *bool

+ func ParseKenginefilePreferredChainsOptions(d *kenginefile.Dispenser) (*ChainPreference, error)

+ type ChallengesConfig struct

+ BindHost string

+ DNS *DNSChallengeConfig

+ HTTP *HTTPChallengeConfig

+ TLSALPN *TLSALPNChallengeConfig

+ type ClientAuthentication struct

+ CARaw json.RawMessage

+ Mode string

+ TrustedCACertPEMFiles []string

+ TrustedCACerts []string

+ TrustedLeafCerts []string

+ VerifiersRaw []json.RawMessage

+ func (ca *ClientAuthentication) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) error

+ func (clientauth ClientAuthentication) Active() bool

+ type ClientCertificateVerifier interface

+ VerifyClientCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

+ type ConfigSetter interface

+ SetConfig func(cfg *certmagic.Config)

+ type ConnectionMatcher interface

+ Match func(*tls.ClientHelloInfo) bool

+ type ConnectionPolicies []*ConnectionPolicy

+ func (cp ConnectionPolicies) Provision(ctx kengine.Context) error

+ func (cp ConnectionPolicies) TLSConfig(_ kengine.Context) *tls.Config

+ type ConnectionPolicy struct

+ ALPN []string

+ CertSelection *CustomCertSelectionPolicy

+ CipherSuites []string

+ ClientAuthentication *ClientAuthentication

+ Curves []string

+ DefaultSNI string

+ Drop bool

+ FallbackSNI string

+ InsecureSecretsLog string

+ MatchersRaw kengine.ModuleMap

+ ProtocolMax string

+ ProtocolMin string

+ TLSConfig *tls.Config

+ func (cp *ConnectionPolicy) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (p ConnectionPolicy) SettingsEmpty() bool

+ type CustomCertSelectionPolicy struct

+ AllTags []string

+ AnyTag []string

+ PublicKeyAlgorithm PublicKeyAlgorithm

+ SerialNumber []bigInt

+ SubjectOrganization []string

+ func (p *CustomCertSelectionPolicy) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (p CustomCertSelectionPolicy) SelectCertificate(hello *tls.ClientHelloInfo, choices []certmagic.Certificate) (certmagic.Certificate, error)

+ type DNSChallengeConfig struct

+ OverrideDomain string

+ PropagationDelay kengine.Duration

+ PropagationTimeout kengine.Duration

+ ProviderRaw json.RawMessage

+ Resolvers []string

+ TTL kengine.Duration

+ type FileCAPool struct

+ TrustedCACertPEMFiles []string

+ func (FileCAPool) KengineModule() kengine.ModuleInfo

+ func (f *FileCAPool) Provision(ctx kengine.Context) error

+ func (f FileCAPool) CertPool() *x509.CertPool

+ func (fcap *FileCAPool) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ type FileLoader []CertKeyFilePair

+ func (FileLoader) KengineModule() kengine.ModuleInfo

+ func (fl FileLoader) LoadCertificates() ([]Certificate, error)

+ func (fl FileLoader) Provision(ctx kengine.Context) error

+ type FolderLoader []string

+ func (FolderLoader) KengineModule() kengine.ModuleInfo

+ func (fl FolderLoader) LoadCertificates() ([]Certificate, error)

+ func (fl FolderLoader) Provision(ctx kengine.Context) error

+ type HTTPCertGetter struct

+ URL string

+ func (hcg *HTTPCertGetter) Provision(ctx kengine.Context) error

+ func (hcg *HTTPCertGetter) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (hcg HTTPCertGetter) GetCertificate(ctx context.Context, hello *tls.ClientHelloInfo) (*tls.Certificate, error)

+ func (hcg HTTPCertGetter) KengineModule() kengine.ModuleInfo

+ type HTTPCertPool struct

+ Endpoints []string

+ TLS *TLSConfig

+ func (HTTPCertPool) KengineModule() kengine.ModuleInfo

+ func (hcp *HTTPCertPool) Provision(ctx kengine.Context) error

+ func (hcp *HTTPCertPool) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (hcp HTTPCertPool) CertPool() *x509.CertPool

+ func (hcp HTTPCertPool) Validate() (err error)

+ type HTTPChallengeConfig struct

+ AlternatePort int

+ Disabled bool

+ type InlineCAPool struct

+ TrustedCACerts []string

+ func (icp *InlineCAPool) Provision(ctx kengine.Context) error

+ func (icp *InlineCAPool) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (icp InlineCAPool) CertPool() *x509.CertPool

+ func (icp InlineCAPool) KengineModule() kengine.ModuleInfo

+ type InternalIssuer struct

+ CA string

+ Lifetime kengine.Duration

+ SignWithRoot bool

+ func (InternalIssuer) KengineModule() kengine.ModuleInfo

+ func (iss *InternalIssuer) Provision(ctx kengine.Context) error

+ func (iss *InternalIssuer) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error)

+ func (iss InternalIssuer) IssuerKey() string

+ type LeafCertClientAuth struct

+ LeafCertificateLoadersRaw []json.RawMessage

+ func (LeafCertClientAuth) KengineModule() kengine.ModuleInfo

+ func (l *LeafCertClientAuth) Provision(ctx kengine.Context) error

+ func (l LeafCertClientAuth) VerifyClientCertificate(rawCerts [][]byte, _ [][]*x509.Certificate) error

+ type LeafCertificateLoader interface

+ LoadLeafCertificates func() ([]*x509.Certificate, error)

+ type LeafFileLoader struct

+ Files []string

+ func (LeafFileLoader) KengineModule() kengine.ModuleInfo

+ func (fl *LeafFileLoader) Provision(ctx kengine.Context) error

+ func (fl LeafFileLoader) LoadLeafCertificates() ([]*x509.Certificate, error)

+ type LeafFolderLoader struct

+ Folders []string

+ func (LeafFolderLoader) KengineModule() kengine.ModuleInfo

+ func (fl *LeafFolderLoader) Provision(ctx kengine.Context) error

+ func (fl LeafFolderLoader) LoadLeafCertificates() ([]*x509.Certificate, error)

+ type LeafPEMLoader struct

+ Certificates []string

+ func (LeafPEMLoader) KengineModule() kengine.ModuleInfo

+ func (pl *LeafPEMLoader) Provision(ctx kengine.Context) error

+ func (pl LeafPEMLoader) LoadLeafCertificates() ([]*x509.Certificate, error)

+ type LeafStorageLoader struct

+ Certificates []string

+ StorageRaw json.RawMessage

+ func (LeafStorageLoader) KengineModule() kengine.ModuleInfo

+ func (sl *LeafStorageLoader) Provision(ctx kengine.Context) error

+ func (sl LeafStorageLoader) LoadLeafCertificates() ([]*x509.Certificate, error)

+ type MatchLocalIP struct

+ Ranges []string

+ func (MatchLocalIP) KengineModule() kengine.ModuleInfo

+ func (m *MatchLocalIP) Provision(ctx kengine.Context) error

+ func (m *MatchLocalIP) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (m MatchLocalIP) Match(hello *tls.ClientHelloInfo) bool

+ type MatchRegexp struct

+ Name string

+ Pattern string

+ func (mre *MatchRegexp) Match(input string, repl *kengine.Replacer) bool

+ func (mre *MatchRegexp) Provision(kengine.Context) error

+ func (mre *MatchRegexp) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (mre *MatchRegexp) Validate() error

+ type MatchRemoteIP struct

+ NotRanges []string

+ Ranges []string

+ func (MatchRemoteIP) KengineModule() kengine.ModuleInfo

+ func (m *MatchRemoteIP) Provision(ctx kengine.Context) error

+ func (m *MatchRemoteIP) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (m MatchRemoteIP) Match(hello *tls.ClientHelloInfo) bool

+ type MatchServerName []string

+ func (MatchServerName) KengineModule() kengine.ModuleInfo

+ func (m *MatchServerName) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool

+ type MatchServerNameRE struct

+ func (MatchServerNameRE) KengineModule() kengine.ModuleInfo

+ func (m MatchServerNameRE) Match(hello *tls.ClientHelloInfo) bool

+ type OnDemandConfig struct

+ Ask string

+ PermissionRaw json.RawMessage

+ RateLimit *RateLimit

+ type OnDemandPermission interface

+ CertificateAllowed func(ctx context.Context, name string) error

+ type PEMLoader []CertKeyPEMPair

+ func (PEMLoader) KengineModule() kengine.ModuleInfo

+ func (pl PEMLoader) LoadCertificates() ([]Certificate, error)

+ func (pl PEMLoader) Provision(ctx kengine.Context) error

+ type PKIIntermediateCAPool struct

+ Authority []string

+ func (PKIIntermediateCAPool) KengineModule() kengine.ModuleInfo

+ func (p *PKIIntermediateCAPool) Provision(ctx kengine.Context) error

+ func (p PKIIntermediateCAPool) CertPool() *x509.CertPool

+ func (pic *PKIIntermediateCAPool) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ type PKIRootCAPool struct

+ Authority []string

+ func (PKIRootCAPool) KengineModule() kengine.ModuleInfo

+ func (p *PKIRootCAPool) Provision(ctx kengine.Context) error

+ func (p PKIRootCAPool) CertPool() *x509.CertPool

+ func (pkir *PKIRootCAPool) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ type PermissionByHTTP struct

+ Endpoint string

+ func (PermissionByHTTP) KengineModule() kengine.ModuleInfo

+ func (p *PermissionByHTTP) Provision(ctx kengine.Context) error

+ func (p *PermissionByHTTP) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (p PermissionByHTTP) CertificateAllowed(ctx context.Context, name string) error

+ type PublicKeyAlgorithm x509.PublicKeyAlgorithm

+ func (a *PublicKeyAlgorithm) UnmarshalJSON(b []byte) error

+ type RateLimit struct

+ Burst int

+ Interval kengine.Duration

+ type STEKProvider interface

+ Initialize func(config *SessionTicketService) ([][32]byte, error)

+ Next func(doneChan <-chan struct{}) (keysChan <-chan [][32]byte)

+ type SessionTicketService struct

+ DisableRotation bool

+ Disabled bool

+ KeySource json.RawMessage

+ MaxKeys int

+ RotationInterval kengine.Duration

+ func (s SessionTicketService) RotateSTEKs(keys [][32]byte) ([][32]byte, error)

+ type StorageLoader struct

+ Pairs []CertKeyFilePair

+ func (StorageLoader) KengineModule() kengine.ModuleInfo

+ func (sl *StorageLoader) Provision(ctx kengine.Context) error

+ func (sl StorageLoader) LoadCertificates() ([]Certificate, error)

+ type StoragePool struct

+ PEMKeys []string

+ StorageRaw json.RawMessage

+ func (StoragePool) KengineModule() kengine.ModuleInfo

+ func (ca *StoragePool) Provision(ctx kengine.Context) error

+ func (p StoragePool) CertPool() *x509.CertPool

+ func (sp *StoragePool) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ type TLS struct

+ Automation *AutomationConfig

+ Cache *CertCacheOptions

+ CertificatesRaw kengine.ModuleMap

+ DisableOCSPStapling bool

+ DisableStorageCheck bool

+ SessionTickets *SessionTicketService

+ func (TLS) KengineModule() kengine.ModuleInfo

+ func (t *TLS) AddAutomationPolicy(ap *AutomationPolicy) error

+ func (t *TLS) Cleanup() error

+ func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool

+ func (t *TLS) HasCertificateForSubject(subject string) bool

+ func (t *TLS) Manage(names []string) error

+ func (t *TLS) Provision(ctx kengine.Context) error

+ func (t *TLS) Start() error

+ func (t *TLS) Stop() error

+ func (t *TLS) Validate() error

+ type TLSALPNChallengeConfig struct

+ AlternatePort int

+ Disabled bool

+ type TLSConfig struct

+ CARaw json.RawMessage

+ HandshakeTimeout kengine.Duration

+ InsecureSkipVerify bool

+ Renegotiation string

+ ServerName string

+ type Tailscale struct

+ func (Tailscale) KengineModule() kengine.ModuleInfo

+ func (Tailscale) UnmarshalKenginefile(d *kenginefile.Dispenser) error

+ func (ts *Tailscale) Provision(ctx kengine.Context) error

+ func (ts Tailscale) GetCertificate(ctx context.Context, hello *tls.ClientHelloInfo) (*tls.Certificate, error)

+ type ZeroSSLIssuer struct

+ APIKey string

+ AlternateHTTPPort int

+ CNAMEValidation *DNSChallengeConfig

+ ListenHost string

+ ValidityDays int

+ func (*ZeroSSLIssuer) KengineModule() kengine.ModuleInfo

+ func (iss *ZeroSSLIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error)

+ func (iss *ZeroSSLIssuer) IssuerKey() string

+ func (iss *ZeroSSLIssuer) Provision(ctx kengine.Context) error

+ func (iss *ZeroSSLIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error

+ func (iss *ZeroSSLIssuer) UnmarshalKenginefile(d *kenginefile.Dispenser) error

Other modules containing this package

github.com/khulnasoft/kengine/v2