mirror of
https://github.com/nabbar/golib.git
synced 2025-12-24 11:51:02 +08:00
942068222c
Global Repos / Workflow - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - UPDATE workflow: split old workflow into multiple files - UPDATE .gitignore: added cluster.old.tar.gz and build artifacts - UPDATE .golangci.yml: enhanced linter rules and disabled deprecated linters [archive] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - FIX extract: recursive decompression for nested archives (e.g., .tar.gz handling) - FIX extract: ZIP archive support now properly uses ReaderAt interface with seek reset - ADD extract: proper symlink and hard link handling in archives - UPDATE tar/writer: improved error handling and file mode preservation - UPDATE zip/writer: enhanced validation and error messages - UPDATE compress/interface: added support for additional compression formats - UPDATE helper/compressor: fixed typo in error handling [artifact] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE artifact: improved error handling and context management - UPDATE client/interface: enhanced API with better type safety and context propagation - UPDATE client/model: refactored for better maintainability - UPDATE github: removed unused error codes, improved model validation - UPDATE gitlab: enhanced API pagination and error handling - UPDATE jfrog: improved artifactory API compatibility - UPDATE s3aws: enhanced S3 bucket operations and error messages [atomic] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE cast: improved type conversion with better error handling - UPDATE interface: enhanced atomic operations with generics support - UPDATE synmap: fixed race conditions in concurrent access patterns - UPDATE value: improved atomic value operations with better memory ordering [aws] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE bucket: enhanced ACL and CORS configuration with validation - UPDATE configAws/models: improved credential handling and region configuration - UPDATE configCustom/interface: added support for custom endpoints - UPDATE http/request: improved retry logic and timeout handling - UPDATE interface: enhanced AWS client with context propagation - UPDATE model: refactored for AWS SDK v2 compatibility - UPDATE multipart/interface: improved chunk handling for large uploads - UPDATE pusher: optimized hash calculation and upload progress tracking - UPDATE resolver: enhanced endpoint resolution with custom DNS - DELETE test files: removed bucket_test.go, group_test.go, object_test.go, policy_test.go, role_test.go, user_test.go [cache] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - ADD context: context-aware cache lifecycle management - UPDATE interface: complete rewrite with Go generics for type-safe key-value operations - ADD item package: generic cache item with expiration tracking (interface and model) - UPDATE model: refactored to use generics (Cache[K comparable, V any]) - REFACTOR: split item.go into modelAny.go for better code organization [certificates] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE auth/encode: improved PEM encoding with better error messages - UPDATE auth/interface: enhanced authentication certificate handling - UPDATE ca: improved CA certificate generation and validation - UPDATE certs: enhanced certificate configuration with SAN support - UPDATE cipher: improved cipher suite selection and validation - UPDATE curves: enhanced elliptic curve handling with additional curves - ADD deprecated.go: marked deprecated TLS versions and cipher suites - UPDATE interface: enhanced certificate interface with context support - UPDATE model: improved certificate model with better validation - UPDATE rootca: enhanced root CA pool management - UPDATE tlsversion: added TLS 1.3 support with proper validation - UPDATE tools: improved certificate utility functions [cobra] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE completion: improved shell completion generation (bash, zsh, fish, powershell) - UPDATE configure: enhanced configuration file handling - UPDATE printError: improved error formatting with color support - UPDATE interface: enhanced cobra interface with context support - UPDATE model: improved cobra model with better validation [config] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE components: improved component lifecycle management - UPDATE const/const: improved constant definitions - UPDATE context: enhanced context handling with better propagation - UPDATE errors: improved error definitions - UPDATE events: enhanced event management - UPDATE manage: improved configuration management with validation - UPDATE model: refactored config model - UPDATE shell: enhanced shell integration for interactive configuration - UPDATE types: improved component and componentList types [console] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - ADD buff.go: BuffPrintf function for colored output to io.Writer (moved from ioutils/multiplexer) - DELETE color.go: removed legacy color file (consolidated functionality) - UPDATE error: improved error definitions with better messages - ADD interface: console interface for abstraction - ADD model: console model for state management - UPDATE padding: enhanced string padding with Unicode support - UPDATE prompt: improved interactive prompt handling [context] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - DELETE config.go: removed deprecated configuration (replaced by Config[T] interface) - UPDATE context: improved context handling with better cancellation support - UPDATE gin/interface: enhanced Gin context integration with type safety - ADD helper: context helper functions for common operations - ADD interface: generic Config[T comparable] interface for type-safe context storage - ADD map: MapManage[T] interface for concurrent-safe map operations - ADD model: thread-safe context model implementation with sync.Map [database] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE gorm/config: improved database configuration - UPDATE gorm/driver: enhanced database driver with better connection pooling - UPDATE gorm/driver_darwin: macOS-specific database optimizations - UPDATE gorm/interface: improved GORM interface with context support - UPDATE gorm/model: refactored model for better maintainability - UPDATE gorm/monitor: enhanced monitoring for database connections - UPDATE kvtypes: improved types for key-value store (compare, driver, item, table) [duration] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE big: enhanced big.Duration for large time spans with arithmetic operations - UPDATE encode: improved marshaling for JSON, YAML, TOML, Text, CBOR - UPDATE format: enhanced human-readable formatting (ns, μs, ms, s, m, h, d, w) - UPDATE interface: improved duration interface with arithmetic methods - UPDATE model: refactored Duration type - UPDATE operation: enhanced arithmetic operations (Add, Sub, Mul, Div) - UPDATE parse: improved parsing with multiple format support - UPDATE truncate: enhanced truncation for rounding durations [encoding] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE aes: improved AES encryption with reader/writer interfaces - UPDATE hexa: enhanced hexadecimal encoding with better error handling - UPDATE mux: improved multiplexer/demultiplexer for stream handling - UPDATE randRead: enhanced random data generation - UPDATE sha256 package: SHA-256 hashing with reader/writer interfaces [errors] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - ADD pool package: thread-safe error pool for collecting multiple errors with concurrent access - UPDATE code: improved error code definition and lookup - UPDATE errors: enhanced error creation with better stack trace - UPDATE interface: improved error interface with more methods - UPDATE mode: enhanced error mode handling (production vs development) - UPDATE return: improved error return handling with context - UPDATE trace: enhanced error tracing with file and line information [file] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE bandwidth: improved bandwidth tracking with concurrency tests - UPDATE perm: enhanced file permission handling with Unix/Windows support - UPDATE perm/encode: improved marshaling for JSON, YAML, TOML - UPDATE perm/format: enhanced permission formatting (e.g., "rwxr-xr-x") - UPDATE perm/parse: improved parsing of permission strings and octal values - UPDATE progress: enhanced progress tracking for file I/O operations - UPDATE progress/io*: improved reader, writer, seeker, closer interfaces with progress callbacks [ftpclient] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE config: improved FTP configuration with TLS support - UPDATE errors: enhanced error definitions - UPDATE interface: improved FTP client interface - UPDATE model: refactored FTP client model [httpcli] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE cli: improved HTTP client with retry logic and timeout handling - UPDATE dns-mapper: enhanced DNS mapping for custom resolution - UPDATE dns-mapper/config: improved DNS mapper configuration - UPDATE dns-mapper/errors: enhanced error handling - UPDATE dns-mapper/interface: improved DNS mapper interface - UPDATE dns-mapper/transport: enhanced HTTP transport with DNS override - UPDATE errors: improved error definitions - UPDATE options: enhanced client options with context support [httpserver] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE config: improved server configuration with TLS and middleware support - UPDATE handler: enhanced request handler with better error handling - UPDATE interface: improved server interface with context support and monitoring integration - UPDATE model: refactored server model with better validation - UPDATE monitor: enhanced monitoring integration with status tracking - UPDATE pool: improved server pool management (config, interface, list, model) - UPDATE run: enhanced server runtime with graceful shutdown - UPDATE server: improved core server implementation with better lifecycle - ADD testhelpers/certs.go: certificate generation utilities for testing - UPDATE types: improved const, fields, and handler types [ioutils] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE bufferReadCloser: improved buffered reader/writer with closer - UPDATE fileDescriptor: enhanced file descriptor limit management (platform-specific for Linux/macOS/Windows) - UPDATE ioprogress: improved progress tracking for I/O operations - UPDATE iowrapper: enhanced I/O wrapper with custom interfaces - UPDATE mapCloser: improved map of closers for resource management - UPDATE maxstdio: enhanced C implementation for max stdio file descriptor retrieval - DELETE multiplexer/model.go: removed legacy multiplexer (functionality moved to console/buff.go and retro/) - UPDATE nopwritecloser: improved no-op write closer - UPDATE tools: enhanced I/O utility functions [ldap] - UPDATE ldap: improved LDAP client with better connection handling and search operations [logger] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE config: improved default values, file options, and syslog configuration - UPDATE entry/interface: enhanced log entry with context support - UPDATE fields: improved field handling with JSON cloning - UPDATE gorm/interface: enhanced GORM logger with trace ID support - UPDATE hashicorp/interface: improved HashiCorp logger integration - FIX hookfile/system: use os.OpenRoot for secure file operations (prevents path traversal) - FIX hookfile/system: fixed import path from libsrv "golib/server" to "golib/runner" - ADD hookfile: IsRunning() method to track file hook state - UPDATE hookstderr/interface: enhanced stderr hook with better buffering - UPDATE hookstdout/interface: enhanced stdout hook with better buffering - UPDATE hooksyslog: improved syslog integration with channel and priority handling - ADD hookwriter package: generic io.Writer hook for custom output destinations - UPDATE interface: enhanced logger interface with context propagation - UPDATE level: improved log level handling and comparison - UPDATE log: enhanced logging with better formatting - UPDATE manage: improved logger lifecycle management - UPDATE model: refactored logger model for better maintainability [mail] - UPDATE sender: improved mail sender with better MIME handling - UPDATE interface: enhanced interface with monitoring support - UPDATE monitor: added monitoring integration for mail operations [monitor] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - ADD status package: new subpackage for status management with Status type (KO, Warn, OK) - ADD status/encode: marshaling support for JSON, YAML, TOML, Text, CBOR - ADD status/format: human-readable status formatting - ADD status/interface: Status type with Parse and String methods - UPDATE encode: improved encoding with better error handling - UPDATE error: enhanced error definitions - UPDATE info: improved system info collection (CPU, mem, disk, network) - UPDATE interface: enhanced monitor interface with status support and better component integration - UPDATE metrics: improved metrics collection and export - UPDATE middleware: enhanced monitoring middleware for HTTP - UPDATE pool/interface: enhanced pool interface with better monitoring integration - UPDATE pool/metrics: improved metrics collection in pool - UPDATE pool/model: refactored pool model for better maintainability - UPDATE pool/pool: enhanced pool implementation with better lifecycle - UPDATE server: enhanced server monitoring with status tracking - UPDATE types/monitor: improved monitor type definitions [nats] - UPDATE client: improved NATS client with better subscription handling - UPDATE config: enhanced NATS configuration with cluster support - UPDATE monitor: added monitoring integration for NATS operations - UPDATE server: improved NATS server integration with monitoring [network] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE bytes: improved byte size handling for network operations - UPDATE number: enhanced number utilities for network data - UPDATE protocol/encode: improved protocol encoding - ADD protocol/format: protocol formatting utilities - UPDATE protocol/interface: enhanced protocol interface - UPDATE protocol/model: refactored protocol model [password] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE password: improved password utilities with strength validation and secure generation [pidcontroller] - UPDATE interface: improved PID controller interface - UPDATE model: enhanced PID controller model with better tuning parameters [pprof] - UPDATE tools: improved pprof utilities for profiling integration [prometheus] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE bloom/bloom: improved bloom filter with better concurrency handling - UPDATE bloom/collection: enhanced bloom filter collection operations - UPDATE interface: enhanced prometheus interface with better type safety - UPDATE metrics/interface: enhanced metrics interface with better registration - UPDATE metrics/model: refactored metrics model for better maintainability - UPDATE model: refactored prometheus model with better validation - UPDATE pool: enhanced metric pool with concurrent access - UPDATE pool/interface: enhanced pool interface - UPDATE pool/model: refactored pool model - UPDATE route: improved routing for metric endpoints - UPDATE types: enhanced type definitions for metrics - UPDATE webmetrics: improved existing metrics (requestBody, requestIPTotal, requestLatency, requestSlow, requestTotal, requestURITotal, responseBody) - ADD webmetrics/activeConnections: gauge for tracking concurrent HTTP connections - ADD webmetrics/requestErrors: counter for HTTP request errors - ADD webmetrics/responseSizeByEndpoint: histogram for response size distribution by endpoint - ADD webmetrics/statusCodeTotal: counter for HTTP status codes [request] - UPDATE interface: enhanced request interface with better type safety - UPDATE model: refactored request model for better maintainability - UPDATE options: improved request options with better validation - UPDATE url: enhanced URL handling with better parsing [retro] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE encoding: improved encoding utilities with better format support - UPDATE format: enhanced formatting functions for retro compatibility - UPDATE model: refactored retro model with better validation - UPDATE utils: improved utility functions for version handling - UPDATE version: enhanced version utilities for retro compatibility [router] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE auth/interface: enhanced authentication interface with better validation - UPDATE auth/model: improved authentication model - UPDATE authheader/interface: enhanced authentication header interface - UPDATE default: improved default router configuration - UPDATE error: enhanced error definitions for router - UPDATE header/config: improved header configuration - UPDATE header/interface: enhanced header interface - UPDATE header/model: refactored header model - UPDATE interface: improved router interface with better type safety - UPDATE middleware: improved router middleware with better error handling - UPDATE model: refactored router model for better maintainability - UPDATE router: enhanced core router implementation - UPDATE tools: enhanced router utilities for route registration [runner] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE package: move package for lifecycle management of long-running services (moved from server/runner) - ADD interface: Runner interface with Start, Stop, Restart, IsRunning, and Uptime methods - ADD startStop package: service lifecycle with blocking start and graceful stop (interface, model, comprehensive tests) - ADD ticker package: periodic task execution at regular intervals (interface, model, comprehensive tests) - ADD tests: concurrency, construction, errors, lifecycle, and uptime tests for both startStop and ticker - ADD tools: RecoveryCaller for panic recovery in goroutines [semaphore] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - FIX bar/bar: Dec method now properly decrements (was calling Inc64, now calls Dec64 with negative value) - UPDATE bar: improved progress bar with better MPB integration - UPDATE bar/context: enhanced context handling for cancellation - UPDATE bar/interface: added methods for Total() and better progress tracking - UPDATE bar/model: improved model with atomic operations - UPDATE bar tests: enhanced bar_operations_test, edge_cases_test, integration_test, and semaphore_test - UPDATE context: enhanced context propagation - UPDATE interface: improved semaphore interface with weighted operations - UPDATE model: refactored model for better thread safety - UPDATE progress: enhanced progress tracking with multiple bars - UPDATE sem/interface: added IsRunning() method for state tracking - UPDATE sem/ulimit: improved ulimit handling for file descriptors - UPDATE sem/weighted: enhanced weighted semaphore operations - UPDATE types: improved type definitions for bar, progress, and semaphore [server] - REFACTOR: moved runner subpackage to root-level runner package - DELETE: empty package after moved runner subpackage [shell] - UPDATE goprompt: improved interactive prompt handling with better input validation [size] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - ADD arithmetic.go: NEW file with arithmetic operations (Add, Sub, Mul, Div with overflow detection) - UPDATE encode: improved marshaling for JSON, YAML, TOML, Text, CBOR - UPDATE format: enhanced human-readable formatting (B, KB, MB, GB, TB, PB, EB) - UPDATE interface: added arithmetic methods (Mul, MulErr, Div, DivErr, Add, AddErr, Sub, SubErr) - UPDATE model: refactored Size type with better validation - UPDATE parse: improved parsing with unit detection (IEC and SI standards) [smtp] - UPDATE client: improved SMTP client with better error handling - UPDATE config: enhanced configuration with validation - UPDATE config/error: improved error definitions - UPDATE config/interface: enhanced interface with context support - UPDATE config/model: refactored model for better maintainability - UPDATE interface: improved SMTP interface with monitoring support - UPDATE monitor: added monitoring integration for SMTP operations - DELETE network/network.go: removed legacy network handling (consolidated into client) - UPDATE tlsmode/tls: enhanced TLS mode handling (None, TLS, StartTLS) - UPDATE types/interface: improved type interface [socket] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - ADD client/interface_darwin: macOS-specific socket client options - UPDATE client/interface_linux: platform-specific socket options for Linux - UPDATE client/interface_other: platform-specific socket options for other platforms - UPDATE client/tcp/error: improved TCP client error handling - UPDATE client/tcp/interface: enhanced TCP client interface - UPDATE client/tcp/model: improved TCP client model - UPDATE client/udp/error: improved UDP client error handling - UPDATE client/udp/interface: enhanced UDP client interface - UPDATE client/udp/model: improved UDP client model - UPDATE client/unix/error: improved Unix socket client error handling - UPDATE client/unix/ignore: enhanced ignore functionality - UPDATE client/unix/interface: enhanced Unix socket client interface - UPDATE client/unix/model: improved Unix socket client model - UPDATE client/unixgram/error: improved Unix datagram client error handling - UPDATE client/unixgram/ignore: enhanced ignore functionality - UPDATE client/unixgram/interface: enhanced Unix datagram client interface - UPDATE client/unixgram/model: improved Unix datagram client model - UPDATE config/client: improved client configuration - UPDATE config/server: improved server configuration - DELETE delim: moved legacy delimiter to I/O package - UPDATE interface: improved socket interface - UPDATE io: enhanced I/O operations - DELETE multi: moved legacy multi to I/O package - ADD server/interface_darwin: macOS-specific socket server options - UPDATE server/interface_linux: platform-specific server options for Linux - UPDATE server/interface_other: platform-specific server options for other platforms - UPDATE server/tcp/error: improved TCP server error handling - UPDATE server/tcp/interface: enhanced TCP server interface - UPDATE server/tcp/listener: improved TCP server listener - UPDATE server/tcp/model: improved TCP server model - UPDATE server/udp/error: improved UDP server error handling - UPDATE server/udp/interface: enhanced UDP server interface - UPDATE server/udp/listener: improved UDP server listener - UPDATE server/udp/model: improved UDP server model - UPDATE server/unix/error: improved Unix socket server error handling - UPDATE server/unix/ignore: enhanced ignore functionality - UPDATE server/unix/interface: enhanced Unix socket server interface - UPDATE server/unix/listener: improved Unix socket server listener - UPDATE server/unix/model: improved Unix socket server model - UPDATE server/unixgram/error: improved Unix datagram server error handling - UPDATE server/unixgram/ignore: enhanced ignore functionality - UPDATE server/unixgram/interface: enhanced Unix datagram server interface - UPDATE server/unixgram/listener: improved Unix datagram server listener - UPDATE server/unixgram/model: improved Unix datagram server model [static] - UPDATE interface: improved static interface with monitoring support - UPDATE model: refactored static model - UPDATE monitor: added monitoring integration for static file operations [status] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE cache: improved status cache with better synchronization - UPDATE config: improved status configuration - UPDATE control/encode: improved control encoding - UPDATE control/interface: enhanced control interface with status tracking - UPDATE control/model: refactored control model - UPDATE encode: improved status encoding - UPDATE error: enhanced error definitions for status - UPDATE info: improved status info handling - UPDATE interface: enhanced status interface - UPDATE listmandatory/interface: improved list mandatory interface - UPDATE listmandatory/model: refactored list mandatory model - UPDATE mandatory/interface: enhanced mandatory interface - UPDATE mandatory/model: refactored mandatory model - UPDATE model: refactored status model - UPDATE pool: improved status pool - UPDATE route: enhanced status route handling [test] - DELETE: all manual tests are or will be replaced by proper automated test suites in respective packages [version] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE error: improved error definitions for version - UPDATE license: enhanced license handling - UPDATE version: improved version utilities [viper] - ADD/UPDATE documentation: comprehensive documentation with monitoring patterns - ADD/UPDATE tests: enhanced benchmark, config, encoding, example, integration, lifecycle, metrics, security, transitions - UPDATE interface: enhanced viper interface with context support - UPDATE model: refactored viper model for better maintainability
472 lines
25 KiB
Go
472 lines
25 KiB
Go
/*
|
|
* MIT License
|
|
*
|
|
* Copyright (c) 2020 Nicolas JUHEL
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
* copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
* SOFTWARE.
|
|
*
|
|
*
|
|
*/
|
|
|
|
// Package certificates provides comprehensive TLS/SSL certificate management for secure communications.
|
|
//
|
|
// This package offers a complete solution for configuring TLS connections including certificate management,
|
|
// cipher suite selection, elliptic curve configuration, TLS version control, and client authentication.
|
|
//
|
|
// Key Features:
|
|
// - Certificate management with support for files and in-memory certificates
|
|
// - Root CA and Client CA management for certificate verification
|
|
// - TLS version control (minimum/maximum version selection)
|
|
// - Cipher suite configuration with support for TLS 1.2 and 1.3
|
|
// - Elliptic curve configuration for ECDHE cipher suites
|
|
// - Client authentication modes (NoClientCert, RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, RequireAndVerifyClientCert)
|
|
// - Dynamic record sizing and session ticket controls
|
|
// - Thread-safe operations for concurrent access
|
|
// - Multiple encoding formats (JSON, YAML, TOML, CBOR)
|
|
//
|
|
// Subpackages:
|
|
// - auth: Client authentication mode types and parsing
|
|
// - ca: Certificate Authority management and parsing
|
|
// - certs: Certificate pair management (private key + certificate)
|
|
// - cipher: TLS cipher suite selection and management
|
|
// - curves: Elliptic curve configuration for ECDHE
|
|
// - tlsversion: TLS version management and parsing
|
|
//
|
|
// Example:
|
|
//
|
|
// cfg := certificates.New()
|
|
// cfg.SetVersionMin(tlsversion.VersionTLS12)
|
|
// cfg.SetVersionMax(tlsversion.VersionTLS13)
|
|
// cfg.AddRootCAFile("/path/to/ca.pem")
|
|
// cfg.AddCertificatePairFile("/path/to/key.pem", "/path/to/cert.pem")
|
|
// tlsConfig := cfg.TLS("example.com")
|
|
package certificates
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"io"
|
|
"net/http"
|
|
|
|
tlsaut "github.com/nabbar/golib/certificates/auth"
|
|
tlscas "github.com/nabbar/golib/certificates/ca"
|
|
tlscrt "github.com/nabbar/golib/certificates/certs"
|
|
tlscpr "github.com/nabbar/golib/certificates/cipher"
|
|
tlscrv "github.com/nabbar/golib/certificates/curves"
|
|
tlsvrs "github.com/nabbar/golib/certificates/tlsversion"
|
|
)
|
|
|
|
// FctHttpClient is a function type that creates an HTTP client with TLS configuration.
|
|
// It receives a TLS configuration and a server name, and returns a configured *http.Client.
|
|
type FctHttpClient func(def TLSConfig, servername string) *http.Client
|
|
|
|
// FctTLSDefault is a function type that returns a default TLS configuration.
|
|
// It is useful for factory patterns or lazy initialization.
|
|
type FctTLSDefault func() TLSConfig
|
|
|
|
// FctRootCA is a function type that returns a list of root CA certificate paths or PEM strings.
|
|
type FctRootCA func() []string
|
|
|
|
// FctRootCACert is a function type that returns a parsed root CA certificate.
|
|
type FctRootCACert func() tlscas.Cert
|
|
|
|
// TLSConfig is the main interface for configuring TLS connections.
|
|
// It provides methods for managing certificates, cipher suites, TLS versions, and other TLS parameters.
|
|
// All operations are thread-safe and can be called concurrently from multiple goroutines.
|
|
type TLSConfig interface {
|
|
// RegisterRand sets the source of randomness for the TLS connection.
|
|
// It can be used to rotate the randomness source for example.
|
|
//
|
|
// The rand parameter should implement the io.Reader interface.
|
|
// The TLS connection will use this reader to generate randomness.
|
|
// If the reader is nil, the TLS connection will use the default source of randomness.
|
|
//
|
|
// The TLS connection will use this reader to generate randomness
|
|
// for the lifetime of the connection. To rotate the randomness source,
|
|
// call RegisterRand with a new reader.
|
|
//
|
|
RegisterRand(rand io.Reader)
|
|
|
|
// AddRootCA adds a root CA to the TLS configuration.
|
|
// It returns true if the root CA was added successfully, false otherwise.
|
|
//
|
|
// The root CA is added to the TLS configuration's root CA pool.
|
|
// The root CA pool is used to verify the identity of the server.
|
|
//
|
|
// The root CA parameter should be a parsed certificate.
|
|
// To parse a certificate from a PEM file, use the tlscas.Parse function.
|
|
//
|
|
// The AddRootCA function does not check if the root CA is already in the pool.
|
|
// If you want to avoid adding the same root CA twice, you should check the pool before adding the root CA.
|
|
AddRootCA(rootCA tlscas.Cert) bool
|
|
// AddRootCAString adds a root CA to the TLS configuration from a string.
|
|
// It returns true if the root CA was added successfully, false otherwise.
|
|
//
|
|
// The root CA is added to the TLS configuration's root CA pool.
|
|
// The root CA pool is used to verify the identity of the server.
|
|
//
|
|
// The rootCA parameter should be a PEM encoded certificate.
|
|
// To parse a certificate from a PEM file, use the tlscas.Parse function.
|
|
//
|
|
// The AddRootCAString function does not check if the root CA is already in the pool.
|
|
// If you want to avoid adding the same root CA twice, you should check the pool before adding the root CA.
|
|
AddRootCAString(rootCA string) bool
|
|
// AddRootCAFile adds a root CA to the TLS configuration from a PEM file.
|
|
//
|
|
// The root CA is added to the TLS configuration's root CA pool.
|
|
// The root CA pool is used to verify the identity of the server.
|
|
//
|
|
// The pemFile parameter should be the path to a PEM file containing the root CA.
|
|
//
|
|
// The AddRootCAFile function does not check if the root CA is already in the pool.
|
|
// If you want to avoid adding the same root CA twice, you should check the pool before adding the root CA.
|
|
//
|
|
// The AddRootCAFile function returns an error if the PEM file cannot be read or if the root CA in the PEM file is invalid.
|
|
AddRootCAFile(pemFile string) error
|
|
// GetRootCA returns the root CA pool as a slice of Cert.
|
|
// The root CA pool is used to verify the identity of the server.
|
|
// The returned slice is a copy of the root CA pool and does not reference the original pool.
|
|
// Modifying the returned slice does not affect the original pool.
|
|
// The returned slice is ordered by the order the root CAs were added to the pool.
|
|
GetRootCA() []tlscas.Cert
|
|
// GetRootCAPool returns the root CA pool as a *x509.CertPool.
|
|
// The root CA pool is used to verify the identity of the server.
|
|
// The returned *x509.CertPool is a copy of the root CA pool and does not reference the original pool.
|
|
// Modifying the returned *x509.CertPool does not affect the original pool.
|
|
// The returned *x509.CertPool is ordered by the order the root CAs were added to the pool.
|
|
GetRootCAPool() *x509.CertPool
|
|
|
|
// AddClientCAString adds a client CA to the TLS configuration from a PEM encoded string.
|
|
//
|
|
// The client CA is added to the TLS configuration's client CA pool.
|
|
// The client CA pool is used to verify the identity of the client.
|
|
//
|
|
// The ca parameter should be a PEM encoded certificate.
|
|
// To parse a certificate from a PEM file, use the tlscas.Parse function.
|
|
//
|
|
// The AddClientCAString function does not check if the client CA is already in the pool.
|
|
// If you want to avoid adding the same client CA twice, you should check the pool before adding the client CA.
|
|
//
|
|
// The AddClientCAString function returns true if the client CA is successfully added and false otherwise.
|
|
AddClientCAString(ca string) bool
|
|
// AddClientCAFile adds a client CA to the TLS configuration from a PEM file.
|
|
//
|
|
// The client CA is added to the TLS configuration's client CA pool.
|
|
// The client CA pool is used to verify the identity of the client.
|
|
//
|
|
// The pemFile parameter should be the path to a PEM file containing the client CA.
|
|
//
|
|
// The AddClientCAFile function does not check if the client CA is already in the pool.
|
|
// If you want to avoid adding the same client CA twice, you should check the pool before adding the client CA.
|
|
//
|
|
// The AddClientCAFile function returns an error if the PEM file cannot be read or if the client CA in the PEM file is invalid.
|
|
AddClientCAFile(pemFile string) error
|
|
// GetClientCA returns the client CA pool as a slice of tlscas.Cert.
|
|
//
|
|
// The client CA pool is used to verify the identity of the client.
|
|
//
|
|
// The returned slice is ordered by the order the client CAs were added to the pool.
|
|
// Modifying the returned slice does not affect the original pool.
|
|
GetClientCA() []tlscas.Cert
|
|
// GetClientCAPool returns the client CA pool as a *x509.CertPool.
|
|
//
|
|
// The client CA pool is used to verify the identity of the client.
|
|
//
|
|
// The returned *x509.CertPool is ordered by the order the client CAs were added to the pool.
|
|
// Modifying the returned *x509.CertPool does not affect the original pool.
|
|
GetClientCAPool() *x509.CertPool
|
|
// SetClientAuth sets the client authentication requirements for the TLS connection.
|
|
//
|
|
// The a parameter should be a tlsaut.ClientAuth containing the client authentication requirements.
|
|
// The client authentication requirements are used to verify the identity of the client.
|
|
//
|
|
// The SetClientAuth function does not check if the client authentication requirements are already set.
|
|
// If you want to avoid setting the same client authentication requirements twice, you should check the current client authentication requirements before setting the new ones.
|
|
SetClientAuth(a tlsaut.ClientAuth)
|
|
|
|
// AddCertificatePairString adds a certificate pair to the TLS configuration from a string.
|
|
//
|
|
// The key parameter should be a PEM encoded private key.
|
|
// The crt parameter should be a PEM encoded certificate.
|
|
//
|
|
// The AddCertificatePairString function does not check if the certificate pair is already in the pool.
|
|
// If you want to avoid adding the same certificate pair twice, you should check the pool before adding the certificate pair.
|
|
//
|
|
// The AddCertificatePairString function returns an error if the PEM encoded string cannot be parsed into a valid certificate pair.
|
|
//
|
|
// The returned error is of type tlscrt.ParseError.
|
|
//
|
|
// The AddCertificatePairString function is used to add a new certificate pair to the TLS configuration.
|
|
// It is used to rotate the certificate pair for example.
|
|
//
|
|
// The AddCertificatePairString function does not affect the currently active certificate pair.
|
|
// The currently active certificate pair is only replaced when the TLS connection is re-established.
|
|
//
|
|
// The AddCertificatePairString function is thread-safe.
|
|
// Multiple goroutines can call the AddCertificatePairString function at the same time without affecting the correctness of the TLS configuration.
|
|
AddCertificatePairString(key, crt string) error
|
|
// AddCertificatePairFile adds a certificate pair to the TLS configuration from a PEM file.
|
|
//
|
|
// The keyFile parameter should be the path to a PEM file containing the private key.
|
|
// The crtFile parameter should be the path to a PEM file containing the certificate.
|
|
//
|
|
// The AddCertificatePairFile function does not check if the certificate pair is already in the pool.
|
|
// If you want to avoid adding the same certificate pair twice, you should check the pool before adding the certificate pair.
|
|
//
|
|
// The AddCertificatePairFile function returns an error if the PEM file cannot be read or if the private key and the certificate in the PEM file are invalid.
|
|
//
|
|
// The returned error is of type tlscrt.ParseError.
|
|
//
|
|
// The AddCertificatePairFile function is used to add a new certificate pair to the TLS configuration.
|
|
// It is used to rotate the certificate pair for example.
|
|
//
|
|
// The AddCertificatePairFile function does not affect the currently active certificate pair.
|
|
// The currently active certificate pair is only replaced when the TLS connection is re-established.
|
|
//
|
|
// The AddCertificatePairFile function is thread-safe.
|
|
// Multiple goroutines can call the AddCertificatePairFile function at the same time without affecting the correctness of the TLS configuration.
|
|
AddCertificatePairFile(keyFile, crtFile string) error
|
|
// LenCertificatePair returns the number of certificate pairs in the TLS configuration.
|
|
//
|
|
// The function is thread-safe.
|
|
// Multiple goroutines can call the LenCertificatePair function at the same time without affecting the correctness of the TLS configuration.
|
|
//
|
|
// The returned value is the number of certificate pairs in the TLS configuration.
|
|
// The returned value does not include the currently active certificate pair.
|
|
// The returned value is zero if the TLS configuration does not contain any certificate pairs.
|
|
LenCertificatePair() int
|
|
// CleanCertificatePair removes all the certificate pairs from the TLS configuration.
|
|
//
|
|
// The CleanCertificatePair function does not affect the currently active certificate pair.
|
|
// The currently active certificate pair is only replaced when the TLS connection is re-established.
|
|
//
|
|
// The CleanCertificatePair function is thread-safe.
|
|
// Multiple goroutines can call the CleanCertificatePair function at the same time without affecting the correctness of the TLS configuration.
|
|
CleanCertificatePair()
|
|
// GetCertificatePair returns all the certificate pairs in the TLS configuration.
|
|
//
|
|
// The returned value is a slice of tls.Certificate.
|
|
// The slice contains all the certificate pairs in the TLS configuration.
|
|
// The slice does not include the currently active certificate pair.
|
|
// The slice is empty if the TLS configuration does not contain any certificate pairs.
|
|
GetCertificatePair() []tls.Certificate
|
|
|
|
// SetVersionMin sets the minimum version of TLS supported by the TLS configuration.
|
|
//
|
|
// The minimum version of TLS is the lowest version of TLS that the TLS configuration will support.
|
|
// The TLS configuration will not support any versions of TLS that are lower than the minimum version.
|
|
// The TLS configuration will support all versions of TLS that are equal to or higher than the minimum version.
|
|
//
|
|
// The SetVersionMin function is thread-safe.
|
|
// Multiple goroutines can call the SetVersionMin function at the same time without affecting the correctness of the TLS configuration.
|
|
SetVersionMin(v tlsvrs.Version)
|
|
// GetVersionMin returns the minimum version of TLS supported by the TLS configuration.
|
|
//
|
|
// The returned value is the minimum version of TLS supported by the TLS configuration.
|
|
// The returned value is zero if the TLS configuration does not contain any version of TLS.
|
|
// The returned value is the minimum version of TLS supported by the TLS configuration if the TLS configuration contains multiple versions of TLS.
|
|
// The returned value does not include the version of TLS that is currently active.
|
|
// The returned value is not affected by the version of TLS that is currently active.
|
|
// The returned value is thread-safe.
|
|
// Multiple goroutines can call the GetVersionMin function at the same time without affecting the correctness of the TLS configuration.
|
|
GetVersionMin() tlsvrs.Version
|
|
// SetVersionMax sets the maximum version of TLS supported by the TLS configuration.
|
|
//
|
|
// The function sets the maximum version of TLS supported by the TLS configuration to the specified version.
|
|
//
|
|
// The specified version is the maximum version of TLS supported by the TLS configuration.
|
|
// The specified version must be a valid version of TLS.
|
|
// The specified version must not be less than the minimum version of TLS supported by the TLS configuration.
|
|
//
|
|
// The SetVersionMax function does not affect the currently active version of TLS.
|
|
// The currently active version of TLS is only replaced when the TLS connection is re-established.
|
|
//
|
|
// The SetVersionMax function is thread-safe.
|
|
// Multiple goroutines can call the SetVersionMax function at the same time without affecting the correctness of the TLS configuration.
|
|
SetVersionMax(v tlsvrs.Version)
|
|
// GetVersionMax returns the maximum version of TLS supported by the TLS configuration.
|
|
//
|
|
// The returned value is the maximum version of TLS supported by the TLS configuration.
|
|
// The returned value is zero if the TLS configuration does not contain any version of TLS.
|
|
// The returned value is the maximum version of TLS supported by the TLS configuration if the TLS configuration contains multiple versions of TLS.
|
|
// The returned value does not include the version of TLS that is currently active.
|
|
// The returned value is not affected by the version of TLS that is currently active.
|
|
// The returned value is thread-safe.
|
|
// Multiple goroutines can call the GetVersionMax function at the same time without affecting the correctness of the TLS configuration.
|
|
GetVersionMax() tlsvrs.Version
|
|
|
|
// SetCipherList sets the list of ciphers in the TLS configuration.
|
|
//
|
|
// The ciphers to set are specified as a slice of tlscpr.Cipher.
|
|
//
|
|
// The SetCipherList function replaces the current list of ciphers in the TLS configuration.
|
|
// If you want to add ciphers to the current list, you should use the AddCiphers function.
|
|
//
|
|
// The SetCipherList function is thread-safe.
|
|
// Multiple goroutines can call the SetCipherList function at the same time without affecting the correctness of the TLS configuration.
|
|
SetCipherList(c []tlscpr.Cipher)
|
|
// AddCiphers adds one or more ciphers to the TLS configuration.
|
|
//
|
|
// The ciphers to add are specified as a variable number of arguments.
|
|
// Each argument should be of type tlscpr.Cipher.
|
|
//
|
|
// The AddCiphers function does not check if the ciphers are already in the pool.
|
|
// If you want to avoid adding the same ciphers twice, you should check the pool before adding the ciphers.
|
|
//
|
|
// The AddCiphers function is thread-safe.
|
|
// Multiple goroutines can call the AddCiphers function at the same time without affecting the correctness of the TLS configuration.
|
|
AddCiphers(c ...tlscpr.Cipher)
|
|
// GetCiphers returns the list of ciphers in the TLS configuration.
|
|
//
|
|
// The returned value is a slice of tlscpr.Cipher.
|
|
// The slice contains all the ciphers in the TLS configuration.
|
|
// The slice is empty if the TLS configuration does not contain any ciphers.
|
|
// The returned value is ordered by the order the ciphers were added to the configuration.
|
|
// Modifying the returned slice does not affect the original configuration.
|
|
GetCiphers() []tlscpr.Cipher
|
|
|
|
// SetCurveList sets the list of curves in the TLS configuration.
|
|
//
|
|
// The list of curves is specified as a slice of tlscrv.Curves.
|
|
//
|
|
// The SetCurveList function replaces the current list of curves in the TLS configuration.
|
|
// If you want to add curves to the current list, you should use the AddCurves function.
|
|
//
|
|
// The SetCurveList function is thread-safe.
|
|
// Multiple goroutines can call the SetCurveList function at the same time without affecting the correctness of the TLS configuration.
|
|
SetCurveList(c []tlscrv.Curves)
|
|
// AddCurves adds one or more curves to the TLS configuration.
|
|
//
|
|
// The curves to add are specified as a variable number of arguments.
|
|
// Each argument should be of type tlscrv.Curves.
|
|
//
|
|
// The AddCurves function does not check if the curves are already in the pool.
|
|
// If you want to avoid adding the same curves twice, you should check the pool before adding the curves.
|
|
//
|
|
// The AddCurves function is thread-safe.
|
|
// Multiple goroutines can call the AddCurves function at the same time without affecting the correctness of the TLS configuration.
|
|
AddCurves(c ...tlscrv.Curves)
|
|
// GetCurves returns the list of curves in the TLS configuration.
|
|
//
|
|
// The returned value is a slice of tlscrv.Curves.
|
|
// The slice contains all the curves in the TLS configuration.
|
|
// The slice is empty if the TLS configuration does not contain any curves.
|
|
// The returned value is ordered by the order the curves were added to the configuration.
|
|
// Modifying the returned slice does not affect the original configuration.
|
|
GetCurves() []tlscrv.Curves
|
|
|
|
// SetDynamicSizingDisabled sets the TLS configuration to disable or enable dynamic record sizing.
|
|
//
|
|
// Dynamic record sizing is a feature of TLS that allows the TLS connection to dynamically adjust the size of the records being sent.
|
|
// By default, dynamic record sizing is enabled.
|
|
//
|
|
// The SetDynamicSizingDisabled function takes a boolean as an argument.
|
|
// If the argument is true, dynamic record sizing is disabled.
|
|
// If the argument is false, dynamic record sizing is enabled.
|
|
//
|
|
// The SetDynamicSizingDisabled function is thread-safe.
|
|
// Multiple goroutines can call the SetDynamicSizingDisabled function at the same time without affecting the correctness of the TLS configuration.
|
|
SetDynamicSizingDisabled(flag bool)
|
|
// SetSessionTicketDisabled sets the TLS configuration to disable or enable session tickets.
|
|
//
|
|
// Session tickets are used to resume a TLS connection without needing to re-establish the entire connection.
|
|
// By default, session tickets are enabled.
|
|
//
|
|
// The SetSessionTicketDisabled function takes a boolean as an argument.
|
|
// If the argument is true, session tickets are disabled.
|
|
// If the argument is false, session tickets are enabled.
|
|
//
|
|
// The SetSessionTicketDisabled function is thread-safe.
|
|
// Multiple goroutines can call the SetSessionTicketDisabled function at the same time without affecting the correctness of the TLS configuration.
|
|
SetSessionTicketDisabled(flag bool)
|
|
|
|
// Clone returns a copy of the TLSConfig.
|
|
//
|
|
// The returned TLSConfig is safe for concurrent use.
|
|
//
|
|
// The returned TLSConfig is a copy of the TLSConfig.
|
|
// Modifying the returned TLSConfig does not affect the original TLSConfig.
|
|
// The returned TLSConfig is independent of the original TLSConfig.
|
|
// The Clone function is thread-safe.
|
|
// Multiple goroutines can call the Clone function at the same time without affecting the correctness of the TLS configuration.
|
|
Clone() TLSConfig
|
|
// TLS returns a TLS configuration based on the TLSConfig.
|
|
//
|
|
// The returned TLS configuration is safe for concurrent use.
|
|
//
|
|
// The returned TLS configuration is not a copy of the TLSConfig.
|
|
// Instead, it is a reference to the TLSConfig.
|
|
// Modifying the returned TLS configuration affects the TLSConfig.
|
|
// The returned TLS configuration is the same as the TLSConfig.
|
|
//
|
|
// The serverName parameter is the name of the server for which the TLS configuration should be generated.
|
|
// If the serverName parameter is empty, the TLS configuration is generated for an unknown server.
|
|
TLS(serverName string) *tls.Config
|
|
// TlsConfig returns a TLS configuration based on the TLSConfig.
|
|
//
|
|
// The returned TLS configuration is safe for concurrent use.
|
|
//
|
|
// The returned TLS configuration is not a copy of the TLSConfig.
|
|
// Instead, it is a reference to the TLSConfig.
|
|
// Modifying the returned TLS configuration affects the TLSConfig.
|
|
// The returned TLS configuration is the same as the TLSConfig.
|
|
//
|
|
// The serverName parameter is the name of the server for which the TLS configuration is generated.
|
|
// The serverName parameter is used to generate the TLS configuration.
|
|
// The serverName parameter is optional and can be empty.
|
|
// If the serverName parameter is empty, the TLS configuration is generated without a server name.
|
|
TlsConfig(serverName string) *tls.Config
|
|
// Config returns the TLS configuration.
|
|
//
|
|
// The returned TLSConfig is safe for concurrent use.
|
|
//
|
|
// The returned TLSConfig is not a copy of the default TLSConfig.
|
|
// Instead, it is a reference to the default TLSConfig.
|
|
// Modifying the returned TLSConfig affects the default TLSConfig.
|
|
// The returned TLSConfig is the same as the default TLSConfig.
|
|
//
|
|
Config() *Config
|
|
}
|
|
|
|
var Default = New()
|
|
|
|
// New returns a new TLSConfig with default values.
|
|
//
|
|
// The returned TLSConfig is safe for concurrent use.
|
|
//
|
|
// The returned TLSConfig is not a copy of the default TLSConfig.
|
|
// Instead, it is a new TLSConfig with default values.
|
|
// Modifying the returned TLSConfig does not affect the default TLSConfig.
|
|
// The returned TLSConfig is independent of the default TLSConfig.
|
|
func New() TLSConfig {
|
|
return &config{
|
|
rand: nil,
|
|
cert: make([]tlscrt.Cert, 0),
|
|
cipherList: make([]tlscpr.Cipher, 0),
|
|
curveList: make([]tlscrv.Curves, 0),
|
|
caRoot: make([]tlscas.Cert, 0),
|
|
clientAuth: tlsaut.NoClientCert,
|
|
clientCA: make([]tlscas.Cert, 0),
|
|
tlsMinVersion: tlsvrs.VersionTLS12,
|
|
tlsMaxVersion: tlsvrs.VersionTLS13,
|
|
dynSizingDisabled: false,
|
|
ticketSessionDisabled: false,
|
|
}
|
|
}
|