tlsconfig

package

v0.3.0 Latest Latest Go to latest Published: Jul 28, 2022 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/madflojo/tarmac

Links

Open Source Insights

Documentation ¶

Overview ¶

Package tlsconfig is a helper package used to create TLS configuration that adheres to best practices.

This package aims to write less repetitive code when creating TLS configurations. Opening certs, bundling certificate authorities, configuring ciphers, etc. Just use this package to save yourself some headaches.

// Create an instance of config
cfg := tlsconfig.New()

// Load Certificates
err := cfg.CertsFromFile(cert, key)
if err != nil {
	// do something
}

// Disable Host Validation
cfg.IgnoreHostValidation()

// Use the Config
h := &http.Server{TLSConfig: cfg.Generate()}

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// contains filtered or unexported fields
}

Config is used to create an instance of the configuration helper. It holds the basic TLS configuration for repeated generation.

func New ¶

func New() *Config

New will create a new config instance with basic TLS best practices pre-defined.

func (*Config) CAFromFile ¶

func (c *Config) CAFromFile(ca string) error

CAFromFile will read the PEM encoded certificate authority file and register the certificate as an authority for Client Authentication. This function is for m-TLS configuration at the server level. By default, this function sets Client Authentication to Require and Verify the Certificate.

func (*Config) CertsFromFile ¶

func (c *Config) CertsFromFile(cert, key string) error

CertsFromFile will read the certificate and key file and create an X509 KeyPair loaded as Certificates. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.

func (*Config) Generate ¶

func (c *Config) Generate() *tls.Config

Generate will create a TLS configuration type based on the defaults and settings called. Users can run this multiple times to produce the same configuration.

func (*Config) IgnoreClientCert ¶

func (c *Config) IgnoreClientCert()

IgnoreClientCert will set client certificate authentication to verify the certificate only if provided. Otherwise, if no certificate is provided, the client will still be allowed.

func (*Config) IgnoreHostValidation ¶

func (c *Config) IgnoreHostValidation()

IgnoreHostValidation will turn off the hostname validation of certificates. This setting is dangerous and should only be used in testing.

Source Files ¶

View all Source files

tlsconfig.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL