Expand description
TLS and ACME configuration builder utilities.
This module is responsible for translating server configuration entries into concrete TLS listener state, SNI resolvers, and ACME configurations.
Responsibilities include:
- Manual TLS certificate loading
- Automatic TLS (ACME) configuration
- On-demand vs eager ACME flows
- Resolver wiring per TLS port
This module is intentionally side-effectful and mutates TlsBuildContext
as part of the build process.
Structsยง
- TlsBuild
Context - Accumulates TLS and ACME-related state while building listener configuration.
Functionsยง
- build_
eager_ ๐acme - Builds an eager (startup-time) ACME configuration.
- build_
on_ ๐demand_ acme - Builds an on-demand ACME configuration.
- ensure_
tls_ ๐port_ resolver - Ensures that a TLS SNI resolver exists for the given port.
- handle_
automatic_ tls - Configures automatic TLS (ACME) for a server configuration.
- handle_
manual_ tls - Configures a manually provided TLS certificate and private key.
- handle_
nonencrypted_ ports - Handles non-encrypted ports for a server configuration.
- manual_
tls_ entry - Obtains the certificate and key for a manual TLS entry in server configuration.
- parse_
challenge_ ๐type - Parses ACME challenge type from server configuration.
- read_
default_ port - Reads the default port from the given server configuration.
- resolve_
sni_ hostname - Resolves the SNI hostname from the given filters.
- should_
skip_ server - Checks if the server should be skipped.