Documentation ¶
Overview ¶
Package tlsconfig is a helper package used to create TLS configuration that adheres to best practices.
This package aims to write less repetitive code when creating TLS configurations. Opening certs, bundling certificate authorities, configuring ciphers, etc. Just use this package to save yourself some headaches.
// Create an instance of config cfg := tlsconfig.New() // Load Certificates err := cfg.CertsFromFile(cert, key) if err != nil { // do something } // Disable Host Validation cfg.IgnoreHostValidation() // Use the Config h := &http.Server{TLSConfig: cfg.Generate()}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config is used to create an instance of the configuration helper. It holds the basic TLS configuration for repeated generation.
func New ¶
func New() *Config
New will create a new config instance with basic TLS best practices pre-defined.
func (*Config) CAFromFile ¶
CAFromFile will read the PEM encoded certificate authority file and register the certificate as an authority for Client Authentication. This function is for m-TLS configuration at the server level. By default, this function sets Client Authentication to Require and Verify the Certificate.
func (*Config) CertsFromFile ¶
CertsFromFile will read the certificate and key file and create an X509 KeyPair loaded as Certificates. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.
func (*Config) Generate ¶
Generate will create a TLS configuration type based on the defaults and settings called. Users can run this multiple times to produce the same configuration.
func (*Config) IgnoreClientCert ¶
func (c *Config) IgnoreClientCert()
IgnoreClientCert will set client certificate authentication to verify the certificate only if provided. Otherwise, if no certificate is provided, the client will still be allowed.
func (*Config) IgnoreHostValidation ¶
func (c *Config) IgnoreHostValidation()
IgnoreHostValidation will turn off the hostname validation of certificates. This setting is dangerous and should only be used in testing.