Package rocsp_config

import "github.com/letsencrypt/boulder/rocsp/config"

Overview

Index

Overview ▹

Overview ▾

Index ▹

Index ▾

func MakeClient(c *RedisConfig, clk clock.Clock, stats prometheus.Registerer) (*rocsp.RWClient, error)

func MakeReadClient(c *RedisConfig, clk clock.Clock, stats prometheus.Registerer) (*rocsp.ROClient, error)

type RedisConfig

type ShortIDIssuer

func FindIssuerByID(longID int64, issuers []ShortIDIssuer) (*ShortIDIssuer, error)

func FindIssuerByName(resp *ocsp.Response, issuers []ShortIDIssuer) (*ShortIDIssuer, error)

func LoadIssuers(input map[string]int) ([]ShortIDIssuer, error)

func (si *ShortIDIssuer) ShortID() byte

Package files

rocsp_config.go

func MakeClient ¶

func MakeClient(c *RedisConfig, clk clock.Clock, stats prometheus.Registerer) (*rocsp.RWClient, error)

MakeClient produces a read-write ROCSP client from a config.

func MakeReadClient ¶

func MakeReadClient(c *RedisConfig, clk clock.Clock, stats prometheus.Registerer) (*rocsp.ROClient, error)

MakeReadClient produces a read-only ROCSP client from a config.

type RedisConfig ¶

RedisConfig contains the configuration needed to act as a Redis client.

TODO(#7081): Deprecate this in favor of bredis.Config once we can support SRV lookups in rocsp.

type RedisConfig struct {
    // PasswordFile is a file containing the password for the Redis user.
    cmd.PasswordConfig
    // TLS contains the configuration to speak TLS with Redis.
    TLS cmd.TLSConfig
    // Username is a Redis username.
    Username string `validate:"required"`
    // ShardAddrs is a map of shard names to IP address:port pairs. The go-redis
    // `Ring` client will shard reads and writes across the provided Redis
    // Servers based on a consistent hashing algorithm.
    ShardAddrs map[string]string `validate:"min=1,dive,hostname_port"`
    // Timeout is a per-request timeout applied to all Redis requests.
    Timeout config.Duration `validate:"-"`

    // Enables read-only commands on replicas.
    ReadOnly bool
    // Allows routing read-only commands to the closest primary or replica.
    // It automatically enables ReadOnly.
    RouteByLatency bool
    // Allows routing read-only commands to a random primary or replica.
    // It automatically enables ReadOnly.
    RouteRandomly bool

    // PoolFIFO uses FIFO mode for each node connection pool GET/PUT (default LIFO).
    PoolFIFO bool

    // Maximum number of retries before giving up.
    // Default is to not retry failed commands.
    MaxRetries int `validate:"min=0"`
    // Minimum backoff between each retry.
    // Default is 8 milliseconds; -1 disables backoff.
    MinRetryBackoff config.Duration `validate:"-"`
    // Maximum backoff between each retry.
    // Default is 512 milliseconds; -1 disables backoff.
    MaxRetryBackoff config.Duration `validate:"-"`

    // Dial timeout for establishing new connections.
    // Default is 5 seconds.
    DialTimeout config.Duration `validate:"-"`
    // Timeout for socket reads. If reached, commands will fail
    // with a timeout instead of blocking. Use value -1 for no timeout and 0 for default.
    // Default is 3 seconds.
    ReadTimeout config.Duration `validate:"-"`
    // Timeout for socket writes. If reached, commands will fail
    // with a timeout instead of blocking.
    // Default is ReadTimeout.
    WriteTimeout config.Duration `validate:"-"`

    // Maximum number of socket connections.
    // Default is 5 connections per every CPU as reported by runtime.NumCPU.
    // If this is set to an explicit value, that's not multiplied by NumCPU.
    // PoolSize applies per cluster node and not for the whole cluster.
    // https://pkg.go.dev/github.com/go-redis/redis#ClusterOptions
    PoolSize int `validate:"min=0"`
    // Minimum number of idle connections which is useful when establishing
    // new connection is slow.
    MinIdleConns int `validate:"min=0"`
    // Connection age at which client retires (closes) the connection.
    // Default is to not close aged connections.
    MaxConnAge config.Duration `validate:"-"`
    // Amount of time client waits for connection if all connections
    // are busy before returning an error.
    // Default is ReadTimeout + 1 second.
    PoolTimeout config.Duration `validate:"-"`
    // Amount of time after which client closes idle connections.
    // Should be less than server's timeout.
    // Default is 5 minutes. -1 disables idle timeout check.
    IdleTimeout config.Duration `validate:"-"`
    // Frequency of idle checks made by idle connections reaper.
    // Default is 1 minute. -1 disables idle connections reaper,
    // but idle connections are still discarded by the client
    // if IdleTimeout is set.
    // Deprecated: This field has been deprecated and will be removed.
    IdleCheckFrequency config.Duration `validate:"-"`
}

type ShortIDIssuer ¶

A ShortIDIssuer combines an issuance.Certificate with some fields necessary to process OCSP responses: the subject name and the shortID.

type ShortIDIssuer struct {
    *issuance.Certificate
    // contains filtered or unexported fields
}

func FindIssuerByID ¶

func FindIssuerByID(longID int64, issuers []ShortIDIssuer) (*ShortIDIssuer, error)

FindIssuerByID returns the issuer that matches the given IssuerID or IssuerNameID.

func FindIssuerByName ¶

func FindIssuerByName(resp *ocsp.Response, issuers []ShortIDIssuer) (*ShortIDIssuer, error)

FindIssuerByName returns the issuer with a Subject matching the *ocsp.Response.

func LoadIssuers ¶

func LoadIssuers(input map[string]int) ([]ShortIDIssuer, error)

LoadIssuers takes a map where the keys are filenames and the values are the corresponding short issuer ID. It loads issuer certificates from the given files and produces a []ShortIDIssuer.

func (*ShortIDIssuer) ShortID ¶

func (si *ShortIDIssuer) ShortID() byte

ShortID returns the short ID of an issuer. The short ID is a single byte that is unique for that issuer.