tls

package
v2.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2021 License: Apache-2.0 Imports: 20 Imported by: 3

Documentation

Index

Constants

View Source
const (
	DefaultRSABits = 2048
	// The default TLS cipher suites to provide to clients - see https://cipherlist.eu for updates
	// Note that for TLS v1.3, cipher suites are not configurable and will be chosen automatically.
	DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
	// The default minimum TLS version to provide to clients
	DefaultTLSMinVersion = "1.2"
	// The default maximum TLS version to provide to clients
	DefaultTLSMaxVersion = "1.3"
)

Variables

This section is empty.

Functions

func AddTLSFlagsToCmd

func AddTLSFlagsToCmd(cmd *cobra.Command) func() (ConfigCustomizer, error)

Adds TLS server related command line options to a command and returns a TLS config customizer object, set up to the options specified

func BestEffortSystemCertPool

func BestEffortSystemCertPool() *x509.CertPool

BestEffortSystemCertPool returns system cert pool as best effort, otherwise an empty cert pool

func CreateServerTLSConfig

func CreateServerTLSConfig(tlsCertPath, tlsKeyPath string, hosts []string) (*tls.Config, error)

CreateServerTLSConfig will provide a TLS configuration for a server. It will either use a certificate and key provided at tlsCertPath and tlsKeyPath, or if these are not given, will generate a self-signed certificate valid for the specified list of hosts. If hosts is nil or empty, self-signed cert creation will be disabled.

func EncodeX509KeyPair

func EncodeX509KeyPair(cert tls.Certificate) ([]byte, []byte)

EncodeX509KeyPair encodes a TLS Certificate into its pem encoded format for storage

func EncodeX509KeyPairString

func EncodeX509KeyPairString(cert tls.Certificate) (string, string)

EncodeX509KeyPairString encodes a TLS Certificate into its pem encoded string format

func GenerateX509KeyPair

func GenerateX509KeyPair(opts CertOptions) (*tls.Certificate, error)

GenerateX509KeyPair generates a X509 key pair

func LoadX509CertPool

func LoadX509CertPool(paths ...string) (*x509.CertPool, error)

LoadX509CertPool loads PEM data from a list of files, adds them to a CertPool and returns the resulting CertPool

Types

type CertOptions

type CertOptions struct {
	// Hostnames and IPs to generate a certificate for
	Hosts []string
	// Name of organization in certificate
	Organization string
	// Creation date
	ValidFrom time.Time
	// Duration that certificate is valid for
	ValidFor time.Duration
	// whether this cert should be its own Certificate Authority
	IsCA bool
	// Size of RSA key to generate. Ignored if --ecdsa-curve is set
	RSABits int
	// ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521
	ECDSACurve string
}

type ConfigCustomizer

type ConfigCustomizer = func(*tls.Config)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL