-
Notifications
You must be signed in to change notification settings - Fork 7
/
config.go
85 lines (75 loc) · 3.06 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package dane
import (
"crypto/x509"
)
// Config contains a DANE configuration for a single Server.
type Config struct {
DiagMode bool // Diagnostic mode
DiagError error // Holds possible error in Diagnostic mode
Server *Server // Server structure (name, ip, port)
TimeoutTCP int // TCP timeout in seconds
NoVerify bool // Don't verify server certificate
TLSversion uint16 // TLS version number (otherwise use best TLS version offered)
PKIXRootCA []byte // Use PEM bytes as Root CA store for PKIX authentication
ALPN []string // ALPN strings to send
DaneEEname bool // Do name checks even for DANE-EE mode
SMTPAnyMode bool // Allow any DANE modes for SMTP
Appname string // STARTTLS application name
Servicename string // Servicename, if different from server
Transcript string // StartTLS transcript
DANE bool // do DANE authentication
PKIX bool // fall back to PKIX authentication
Okdane bool // DANE authentication result
Okpkix bool // PKIX authentication result
TLSA *TLSAinfo // TLSA RRset information
PeerChain []*x509.Certificate // Peer Certificate Chain
PKIXChains [][]*x509.Certificate // PKIX Certificate Chains
DANEChains [][]*x509.Certificate // DANE Certificate Chains
}
// NewConfig initializes and returns a new dane Config structure
// for the given server name, ip address and port. The IP address
// can be specified either as a string or a net.IP structure. The
// initialized config does DANE authentication with fallback to PKIX.
func NewConfig(hostname string, ip interface{}, port int) *Config {
c := new(Config)
c.TimeoutTCP = defaultTCPTimeout
c.DANE = true
c.PKIX = true
c.Server = NewServer(hostname, ip, port)
return c
}
// SetServer set the Server component of Config.
func (c *Config) SetServer(server *Server) {
c.Server = server
}
// SetTLSA sets the TLSAinfo component of Config. A copy of the TLSAinfo
// structure is made, to permit concurrent use of the structure that may
// independently change the (reset) checking bits.
func (c *Config) SetTLSA(tlsa *TLSAinfo) {
if tlsa != nil {
c.TLSA = tlsa.Copy()
c.TLSA.Uncheck()
}
}
// SetAppName sets the STARTTLS application name.
func (c *Config) SetAppName(appname string) {
c.Appname = appname
}
// SetServiceName sets the STARTTLS service name.
func (c *Config) SetServiceName(servicename string) {
c.Servicename = servicename
}
// NoPKIXfallback sets Config to not allow PKIX fallback. Only DANE
// authentication is permitted.
func (c *Config) NoPKIXfallback() {
c.PKIX = false
}
// SetDiagMode sets the Diagnostic mode.
func (c *Config) SetDiagMode(value bool) {
c.DiagMode = value
}
// SetALPN sets ALPN strings to be used.
func (c *Config) SetALPN(alpnStrings []string) {
c.ALPN = make([]string, len(alpnStrings))
copy(c.ALPN, alpnStrings)
}