tlsconfig

package
Version: v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 28, 2018 License: Apache-2.0 Imports: 8 Imported by: 1,358

Documentation

Overview

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

As a reminder from https://golang.org/pkg/crypto/tls/#Config:

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified.
A Config may be reused; the tls package will also not modify it.

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

Index

Constants

This section is empty.

Variables

View Source
var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)

DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls options struct but wants to use a commonly accepted set of TLS cipher suites, with known weak algorithms removed.

Functions

func Client

func Client(options Options) (*tls.Config, error)

Client returns a TLS configuration meant to be used by a client.

func ClientDefault

func ClientDefault(ops ...func(*tls.Config)) *tls.Config

ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.

func IsErrEncryptedKey added in v0.3.0

func IsErrEncryptedKey(err error) bool

IsErrEncryptedKey returns true if the 'err' is an error of incorrect password when tryin to decrypt a TLS private key

func Server

func Server(options Options) (*tls.Config, error)

Server returns a TLS configuration meant to be used by a server.

func ServerDefault

func ServerDefault(ops ...func(*tls.Config)) *tls.Config

ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.

func SystemCertPool added in v0.3.0

func SystemCertPool() (*x509.CertPool, error)

SystemCertPool returns a copy of the system cert pool, returns an error if failed to load or empty pool on windows.

Types

type Options

type Options struct {
	CAFile string

	// If either CertFile or KeyFile is empty, Client() will not load them
	// preventing the client from authenticating to the server.
	// However, Server() requires them and will error out if they are empty.
	CertFile string
	KeyFile  string

	// client-only option
	InsecureSkipVerify bool
	// server-only option
	ClientAuth tls.ClientAuthType
	// If ExclusiveRootPools is set, then if a CA file is provided, the root pool used for TLS
	// creds will include exclusively the roots in that CA file.  If no CA file is provided,
	// the system pool will be used.
	ExclusiveRootPools bool
	MinVersion         uint16
	// If Passphrase is set, it will be used to decrypt a TLS private key
	// if the key is encrypted
	Passphrase string
}

Options represents the information needed to create client and server TLS configurations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL