auth

package

v1.1.1 Latest Latest Go to latest Published: Dec 15, 2021 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/optable/match-cli

Documentation ¶

Index ¶

func ParseCertificatePEM(certificatePEM string) (*x509.Certificate, error)
type EphemerealCertificate
- func NewEphemerealCertificate(privateKey *ecdsa.PrivateKey) (*EphemerealCertificate, error)
- func (c *EphemerealCertificate) GetTLSCertificate() (tls.Certificate, error)
type PeerCertificateVerifier
- func NewVerifyPinnedCertificate(pinnedCert *x509.Certificate) PeerCertificateVerifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ParseCertificatePEM ¶

func ParseCertificatePEM(certificatePEM string) (*x509.Certificate, error)

Types ¶

type EphemerealCertificate ¶

type EphemerealCertificate struct {
	CertificatePem []byte
	PrivateKeyPem  []byte
}

func NewEphemerealCertificate ¶

func NewEphemerealCertificate(privateKey *ecdsa.PrivateKey) (*EphemerealCertificate, error)

func (*EphemerealCertificate) GetTLSCertificate ¶

func (c *EphemerealCertificate) GetTLSCertificate() (tls.Certificate, error)

type PeerCertificateVerifier ¶

type PeerCertificateVerifier func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

func NewVerifyPinnedCertificate ¶ added in v1.0.1

func NewVerifyPinnedCertificate(pinnedCert *x509.Certificate) PeerCertificateVerifier

NewVerifyPinnedCertificate verifies the peer certificates on the TLS handshake for one that stricly matches a previously shared pinned certificate. We use it to verify ephemereal certificates exchanged through a side channel.

Source Files ¶

View all Source files

tls.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL