vrr/g3
2
0
Fork 0
mirror of https://github.com/bytedance/g3.git synced 2026-05-05 15:31:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
g3/g3proxy/doc/protocol/helper/cert_generator.rst
Zhang Jingqiang 32c472c09c allow to use der format when generate fake cert
2024-03-21 10:43:31 +08:00

99 lines
2.1 KiB
ReStructuredText
Raw Blame History

.. _protocol_helper_cert_generator:
=====================
Certificate Generator
=====================
We need a peer service in auditor :ref:`tls cert agent <conf_auditor_tls_cert_agent>` config. This page describes the
protocol we used to communicate with the peer service.
The peer service should listen on a UDP port, which may be IPv4 or IPv6 based, we will sending requests to this port.
Each UDP packet from our side to the peer service will contains exactly one request. And each UDP packet from the peer
service should contains exactly one response.
Both the request and the response are structured data and should be encoded in `msgpack`_ format.
.. _msgpack: https://msgpack.org/
The root of the request and the response should be a map, we will describe the keys of them in the following.
request
=======
host
----
**required**, **type**: string
Set the hostname of the target tls server. May be a domain or an IP address.
service
-------
**optional**, **type**: string
Set the tls service type. It should be returned in response.
**default**: http
.. versionadded:: 1.9.0
cert
----
**optional**, **type**: pem string or der binary
The real upstream leaf cert in PEM string format or DER binary format.
.. versionadded:: 1.9.0
response
========
host
----
**required**, **type**: string
The hostname as specified in the request.
service
-------
**optional**, **type**: string
Set the tls service type. It should be the same value as in the request.
**default**: http
.. versionadded:: 1.9.0
cert
----
**required**, **type**: pem string
The generated fake certificate (chain) in PEM format.
key
---
**required**, **type**: pem string or der binary
The generated fake private key in PEM string format or in DER binary format.
ttl
---
**optional**, **type**: u32
Set the expire ttl of this response.
If 0, the :ref:`protective cache ttl <conf_value_dpi_tls_cert_agent_protective_cache_ttl>` config will
take effect
.. note:: expired records will be cached some more time before cleared, see
:ref:`cache_vanish_wait <conf_value_dpi_tls_cert_agent_cache_vanish_wait>` for more info.
**default**: 0
Reference in a new issue View git blame Copy permalink