secure

Documentation

Overview

Package secure provides utilities to configure secure transport.

Index

• func GetCA(path string) (*x509.CertPool, error)
• func ParseTLSOptions(url *url.URL) ([]*tls.Config, error)
• func TLSConfig(certFile string, privateKey string, generateSelfSigned bool) (*tls.Config, error)
• type Config
  • func (c *Config) AsTLSConfig() *tls.Config
  • func (c *Config) Bind(f *pflag.FlagSet)
  • func (c *Config) Preflight() error

Functions

func GetCA

func GetCA(path string) (*x509.CertPool, error)

GetCA retrieves the pool of CA certificates from the system and the specified file.

func ParseTLSOptions

func ParseTLSOptions(url *url.URL) ([]*tls.Config, error)

ParseTLSOptions returns a slice of TLS configuration to try, based on the sslmode specified in the connection URL The returned slice must contain at least one element. A nil element indicates a no-SSL configuration. It allows a uniform way to specify connections to various backends following the Postgres connection specifications.

func TLSConfig

func TLSConfig(certFile string, privateKey string, generateSelfSigned bool) (*tls.Config, error)

TLSConfig loads the certificate and key from disk, to generate a self-signed localhost certificate, or to return nil if TLS has been disabled.

Types

type Config

type Config struct {
	CaCert     string
	ClientCert string
	ClientKey  string
	SkipVerify bool
	// contains filtered or unexported fields
}

Config stores the TLS parameters passed via command line options.

func (*Config) AsTLSConfig

func (c *Config) AsTLSConfig() *tls.Config

AsTLSConfig returns the tls.Config object built from

func (*Config) Bind

func (c *Config) Bind(f *pflag.FlagSet)

Bind adds flags to the set.

func (*Config) Preflight

func (c *Config) Preflight() error

Preflight builds a tls.Config using the command line options provided at start up.