Go Home Page
The Go Programming Language

Package tls

import "crypto/tls"

This package partially implements the TLS 1.1 protocol, as specified in RFC 4346.

Package files

alert.go ca_set.go common.go conn.go handshake_client.go handshake_messages.go handshake_server.go prf.go tls.go

Constants

TLS cipher suites. 

const (
    TLS_RSA_WITH_RC4_128_SHA uint16 = 5
)

func Dial

func Dial(network, laddr, raddr string) (net.Conn, os.Error)

func Listen

func Listen(network, laddr string, config *Config) (net.Listener, os.Error)

type CASet

A CASet is a set of certificates. 

type CASet struct {
    // contains unexported fields
}

func NewCASet

func NewCASet() *CASet

func (*CASet) FindParent

func (s *CASet) FindParent(cert *x509.Certificate) (parent *x509.Certificate)

FindParent attempts to find the certificate in s which signs the given certificate. If no such certificate can be found, it returns nil.

func (*CASet) SetFromPEM

func (s *CASet) SetFromPEM(pemCerts []byte) (ok bool)

SetFromPEM attempts to parse a series of PEM encoded root certificates. It appends any certificates found to s and returns true if any certificates were successfully parsed. On many Linux systems, /etc/ssl/cert.pem will contains the system wide set of root CAs in a format suitable for this function.

type Certificate

type Certificate struct {
    // Certificate contains a chain of one or more certificates. Leaf
    // certificate first.
    Certificate [][]byte
    PrivateKey  *rsa.PrivateKey
}

func LoadX509KeyPair

func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.Error)

LoadX509KeyPair

type Config

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified. 

type Config struct {
    // Rand provides the source of entropy for nonces and RSA blinding.
    Rand io.Reader
    // Time returns the current time as the number of seconds since the epoch.
    Time func() int64
    // Certificates contains one or more certificate chains.
    Certificates []Certificate
    RootCAs      *CASet
    // NextProtos is a list of supported, application level protocols.
    // Currently only server-side handling is supported.
    NextProtos []string
    // ServerName is included in the client's handshake to support virtual
    // hosting.
    ServerName string
    // AuthenticateClient determines if a server will request a certificate
    // from the client. It does not require that the client send a
    // certificate nor, if it does, that the certificate is anything more
    // than self-signed.
    AuthenticateClient bool
}

type Conn

A Conn represents a secured connection. It implements the net.Conn interface. 

type Conn struct {
    // contains unexported fields
}

func Client

func Client(conn net.Conn, config *Config) *Conn

func Server

func Server(conn net.Conn, config *Config) *Conn

func (*Conn) Close

func (c *Conn) Close() os.Error

Close closes the connection.

func (*Conn) ConnectionState

func (c *Conn) ConnectionState() ConnectionState

ConnectionState returns basic TLS details about the connection.

func (*Conn) Handshake

func (c *Conn) Handshake() os.Error

Handshake runs the client or server handshake protocol if it has not yet been run. Most uses of this packge need not call Handshake explicitly: the first Read or Write will call it automatically.

func (*Conn) LocalAddr

func (c *Conn) LocalAddr() net.Addr

LocalAddr returns the local network address.

func (*Conn) OCSPResponse

func (c *Conn) OCSPResponse() []byte

OCSPResponse returns the stapled OCSP response from the TLS server, if any. (Only valid for client connections.)

func (*Conn) PeerCertificates

func (c *Conn) PeerCertificates() []*x509.Certificate

PeerCertificates returns the certificate chain that was presented by the other side.

func (*Conn) Read

func (c *Conn) Read(b []byte) (n int, err os.Error)

Read can be made to time out and return err == os.EAGAIN after a fixed time limit; see SetTimeout and SetReadTimeout.

func (*Conn) RemoteAddr

func (c *Conn) RemoteAddr() net.Addr

RemoteAddr returns the remote network address.

func (*Conn) SetReadTimeout

func (c *Conn) SetReadTimeout(nsec int64) os.Error

SetReadTimeout sets the time (in nanoseconds) that Read will wait for data before returning os.EAGAIN. Setting nsec == 0 (the default) disables the deadline.

func (*Conn) SetTimeout

func (c *Conn) SetTimeout(nsec int64) os.Error

SetTimeout sets the read deadline associated with the connection. There is no write deadline.

func (*Conn) SetWriteTimeout

func (c *Conn) SetWriteTimeout(nsec int64) os.Error

SetWriteTimeout exists to satisfy the net.Conn interface but is not implemented by TLS. It always returns an error.

func (*Conn) Write

func (c *Conn) Write(b []byte) (n int, err os.Error)

Write writes data to the connection.

type ConnectionState

type ConnectionState struct {
    HandshakeComplete  bool
    CipherSuite        uint16
    NegotiatedProtocol string
}

type Listener

type Listener struct {
    // contains unexported fields
}

func NewListener

func NewListener(listener net.Listener, config *Config) (l *Listener)

NewListener creates a Listener which accepts connections from an inner Listener and wraps each connection with Server. The configuration config must be non-nil and must have at least one certificate.

func (*Listener) Accept

func (l *Listener) Accept() (c net.Conn, err os.Error)

func (*Listener) Addr

func (l *Listener) Addr() net.Addr

func (*Listener) Close

func (l *Listener) Close() os.Error

Other packages

main