Archives
/
ncdns
mirror of https://github.com/namecoin/ncdns
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v0.3.2
v0.3.1
v0.3
v0.2.2
v0.2.1
v0.2
v0.1.2
v0.1.1
v0.1
v0.0.10.3
v0.0.10
v0.0.9
v0.0.8
v0.0.7
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e16ad6f62c'
${ noResults }
ncdns/certinject/certinject_windows.go

37 lines
1.2 KiB
Go
Raw Blame History

package certinject
import (
"gopkg.in/hlandau/easyconfig.v1/cflag"
"github.com/hlandau/xlog"
)
// This package is used to add and remove certificates to the system trust
// store.
// Currently only supports Windows CryptoAPI.
var log, Log = xlog.New("ncdns.certinject")
var (
flagGroup = cflag.NewGroup(nil, "certstore")
cryptoApiFlag = cflag.Bool(flagGroup, "cryptoapi", false, "Synchronize TLS certs to the CryptoAPI trust store? This enables HTTPS to work with Chromium/Chrome. Only use if you've set up null HPKP in Chromium/Chrome as per documentation. If you haven't set up null HPKP, or if you access ncdns from browsers not based on Chromium or Firefox, this is unsafe and should not be used.")
certExpirePeriod = cflag.Int(flagGroup, "expire", 60 * 30, "Duration (in seconds) after which TLS certs will be removed from the trust store. Making this smaller than the DNS TTL (default 600) may cause TLS errors.")
)
// Injects the given cert into all configured trust stores.
func InjectCert(derBytes []byte) {
if cryptoApiFlag.Value() {
injectCertCryptoApi(derBytes)
}
}
// Cleans expired certs from all configured trust stores.
func CleanCerts() {
if cryptoApiFlag.Value() {
cleanCertsCryptoApi()
}
}
Reference in New Issue View Git Blame Copy Permalink