Documentation
¶
Overview ¶
Package certificate provides functions for creating and storing TLS certificates.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Create ¶
func Create(options CreateOptions) (tls.Certificate, error)
Create creates a new TLS certificate.
Types ¶
type CreateOptions ¶
type CreateOptions struct {
// Subject Alternate Name values.
// Should contain the DNS names that this certificate is valid for.
// E.g. example.com, *.example.com
DNSNames []string
// Subject Alternate Name values.
// Should contain the IP addresses that the certificate is valid for.
IPAddresses []net.IP
// Subject specifies the certificate Subject.
//
// Subject.CommonName can contain the DNS name that this certificate
// is valid for. Server certificates should specify both a Subject
// and a Subject Alternate Name.
Subject pkix.Name
// Duration specifies the amount of time that the certificate is valid for.
Duration time.Duration
// Ed25519 specifies whether to generate an Ed25519 key pair.
// If false, an ECDSA key will be generated instead.
// Ed25519 is not as widely supported as ECDSA.
Ed25519 bool
}
CreateOptions configures the creation of a TLS certificate.
type Store ¶ added in v0.1.15
type Store struct {
// CreateCertificate, if not nil, is called to create a new certificate
// to replace a missing or expired certificate. If CreateCertificate
// is nil, a certificate with a duration of 1 year will be created.
// The provided scope is suitable for use in a certificate's DNSNames.
CreateCertificate func(scope string) (tls.Certificate, error)
// contains filtered or unexported fields
}
A Store represents a certificate store. It generates certificates as needed and automatically rotates expired certificates. The zero value for Store is an empty store ready to use.
Certificate scopes must be registered with Register before calling Get or Load. This prevents the Store from creating or loading unnecessary certificates.
Store is safe for concurrent use by multiple goroutines.
func (*Store) Add ¶ added in v0.1.15
func (s *Store) Add(scope string, cert tls.Certificate) error
Add adds a certificate with the given scope to the certificate store. If a certificate for the given scope already exists, Add will overwrite it.
func (*Store) Entries ¶ added in v0.1.15
func (s *Store) Entries() map[string]tls.Certificate
Entries returns a map of scopes to certificates.
func (*Store) Get ¶ added in v0.1.15
func (s *Store) Get(hostname string) (*tls.Certificate, error)
Get retrieves a certificate for the given hostname. If no matching scope has been registered, Get returns an error. Get generates new certificates as needed and rotates expired certificates.
Get is suitable for use in a gemini.Server's GetCertificate field.
func (*Store) Load ¶ added in v0.1.15
Load loads certificates from the provided path. New certificates will be written to this path. The path should lead to a directory containing certificates and private keys named "scope.crt" and "scope.key" respectively, where "scope" is the scope of the certificate. Certificates with scopes that have not been registered will be ignored.
Source Files