package libp2ptls

Import Path
	github.com/libp2p/go-libp2p/p2p/security/tls (on go.dev)

Dependency Relation
	imports 25 packages, and imported by 2 packages



Package-Level Type Names (total 4)


	/* sort by:  |  */
	
		Identity is used to secure connections

		
			
				ConfigForPeer creates a new single-use tls.Config that verifies the peer's
				certificate chain and returns the peer's public key via the channel. If the
				peer ID is empty, the returned config will accept any peer.
				
				It should be used to create a new tls.Config before securing either an
				incoming or outgoing connection.

		
			func NewIdentity(privKey ic.PrivKey, opts ...IdentityOption) (*Identity, error)


	
		IdentityConfig is used to configure an Identity

		
			CertTemplate *x509.Certificate
			KeyLogWriter io.Writer


	
		IdentityOption transforms an IdentityConfig to apply optional settings.

		
			func WithCertTemplate(template *x509.Certificate) IdentityOption
			func WithKeyLogWriter(w io.Writer) IdentityOption
		
			func NewIdentity(privKey ic.PrivKey, opts ...IdentityOption) (*Identity, error)


	
		Transport constructs secure communication sessions for a peer.

		
			(*Transport) ID() protocol.ID
			
				SecureInbound runs the TLS handshake as a server.
				If p is empty, connections from any peer are accepted.

			
				SecureOutbound runs the TLS handshake as a client.
				Note that SecureOutbound will not return an error if the server doesn't
				accept the certificate. This is due to the fact that in TLS 1.3, the client
				sends its certificate and the ClientFinished in the same flight, and can send
				application data immediately afterwards.
				If the handshake fails, the server will close the connection. The client will
				notice this after 1 RTT when calling Read.

		
			*Transport : github.com/libp2p/go-libp2p/core/sec.SecureTransport
		
			func New(id protocol.ID, key ci.PrivKey, muxers []tptu.StreamMuxer) (*Transport, error)




Package-Level Functions (total 6)


	
		GenerateSignedExtension uses the provided private key to sign the public key, and returns the
		signature within a pkix.Extension.
		This extension is included in a certificate to cryptographically tie it to the libp2p private key.


	
		New creates a TLS encrypted transport


	
		NewIdentity creates a new identity


	
		PubKeyFromCertChain verifies the certificate chain and extract the remote's public key.


	
		WithCertTemplate specifies the template to use when generating a new certificate.


	
		WithKeyLogWriter optionally specifies a destination for TLS master secrets
		in NSS key log format that can be used to allow external programs
		such as Wireshark to decrypt TLS connections.
		See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format.
		Use of KeyLogWriter compromises security and should only be
		used for debugging.




Package-Level Constants (only one)


	
		ID is the protocol ID (used when negotiating with multistream)