56 lines
1.3 KiB
Go
56 lines
1.3 KiB
Go
|
package starnet
|
||
|
|
|
||
|
|
import (
|
||
|
|
"crypto/tls"
|
||
|
|
"net"
|
||
|
|
"time"
|
||
|
|
)
|
||
|
|
|
||
|
|
// GetConfigForClientFunc selects TLS config by hostname/SNI.
|
||
|
|
type GetConfigForClientFunc func(hostname string) (*tls.Config, error)
|
||
|
|
|
||
|
|
// ListenerConfig controls listener behavior.
|
||
|
|
type ListenerConfig struct {
|
||
|
|
// BaseTLSConfig is used for TLS when dynamic selection returns nil.
|
||
|
|
BaseTLSConfig *tls.Config
|
||
|
|
|
||
|
|
// GetConfigForClient selects TLS config for a hostname.
|
||
|
|
GetConfigForClient GetConfigForClientFunc
|
||
|
|
|
||
|
|
// AllowNonTLS allows plain TCP fallback.
|
||
|
|
AllowNonTLS bool
|
||
|
|
|
||
|
|
// SniffTimeout bounds protocol sniffing time. 0 means no timeout.
|
||
|
|
SniffTimeout time.Duration
|
||
|
|
|
||
|
|
// MaxClientHelloBytes limits buffered sniff data.
|
||
|
|
// If <= 0, default 64KiB.
|
||
|
|
MaxClientHelloBytes int
|
||
|
|
|
||
|
|
// Logger is optional.
|
||
|
|
Logger Logger
|
||
|
|
}
|
||
|
|
|
||
|
|
// DefaultListenerConfig returns a conservative default config.
|
||
|
|
func DefaultListenerConfig() ListenerConfig {
|
||
|
|
return ListenerConfig{
|
||
|
|
AllowNonTLS: false,
|
||
|
|
SniffTimeout: 5 * time.Second,
|
||
|
|
MaxClientHelloBytes: 64 * 1024,
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
// TLSDefaults returns a TLS config baseline.
|
||
|
|
// Caller should set Certificates / GetCertificate as needed.
|
||
|
|
func TLSDefaults() *tls.Config {
|
||
|
|
return &tls.Config{
|
||
|
|
MinVersion: tls.VersionTLS12,
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
// DialConfig controls dialing behavior.
|
||
|
|
type DialConfig struct {
|
||
|
|
Timeout time.Duration
|
||
|
|
LocalAddr net.Addr
|
||
|
|
}
|