tlsutil

package module

v0.3.0 Latest Latest Go to latest Published: Feb 21, 2021 License: Apache-2.0 Imports: 12 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/acacio/tlsutil

Links

Open Source Insights

README ¶

tlsutil

TLS util functions to help with setting up client & server TLS-based connections.

Setup

go get -u github.com/acacio/tlsutil

Use for connection setup

import (
	"github.com/acacio/tlsutil"
)


type Config struct {
	TLSType       string
	VerifyClients bool
	CA            string
	Cert          string
	Key           string
}

func setupServer(cfg *Config) (*tls.Config, error) {
	var tlstype string
	if cfg.VerifyClients {
		tlstype = "verify"
	} else {
		tlstype = "simple"
	}
	// Implicitly requires CA for "verify"
	return tlsutil.SetupServerTLS(tlstype, cfg.CA, cfg.Cert, cfg.Key)
}

TLS combinations

With this library it is possible to setup several different TLS pairings:

Client \ Server	No srv TLS	Certs `"simple"`	Certs + Client Verification `"verify"`
No TLS	-	N/A	N/A
Simple TLS `"simple"`	N/A	supported	N/A
Client Certs `"certs"`	N/A	supported	Server enforces Client ID (server needs CA.crt)
Client Certs + Server Verification `"verify"`	N/A	Client enforces server ID (client needs CA.crt)	Enforce Client & Server ID (both require CA.crt)

Documentation ¶

Index ¶

func AddRootCA(CA string) *x509.CertPool
func AppendCertificate(config *tls.Config, crt, key string) error
func CheckCertificate(crt string)
func GenerateUserCert(crt, key, username string) (*tls.Certificate, error)
func SetupClientTLS(tlstype, CA, crt, key string) (*tls.Config, error)
func SetupClientTLSWithCA(CA, crt, key string) (*tls.Config, error)
func SetupServerTLS(tlstype, CA, crt, key string) (*tls.Config, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddRootCA ¶

func AddRootCA(CA string) *x509.CertPool

AddRootCA custom CA

func AppendCertificate ¶

func AppendCertificate(config *tls.Config, crt, key string) error

AppendCertificate adds a certificate to a TLS Config

func CheckCertificate ¶

func CheckCertificate(crt string)

CheckCertificate loads and dumps a certificate file

func GenerateUserCert ¶

func GenerateUserCert(crt, key, username string) (*tls.Certificate, error)

GenerateUserCert builds a certificate from a parent cert

func SetupClientTLS ¶

func SetupClientTLS(tlstype, CA, crt, key string) (*tls.Config, error)

SetupClientTLS does basic TLS credential setup

func SetupClientTLSWithCA ¶

func SetupClientTLSWithCA(CA, crt, key string) (*tls.Config, error)

SetupClientTLSWithCA does TLS credential setup with CA & certs

func SetupServerTLS ¶

func SetupServerTLS(tlstype, CA, crt, key string) (*tls.Config, error)

SetupServerTLS does basic TLS credential setup

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL