Documentation
¶
Index ¶
- Constants
- func LoadTLSCertPool(certFiles []string) (*x509.CertPool, error)
- func LoadTLSCertificate(config *tls.Config, certFile, keyFile, password string) error
- func ParseCiphers(ciphers []string) ([]uint16, error)
- func ParseTLSVersion(version string) (uint16, error)
- type ClientConfig
- type ServerConfig
Constants ¶
const ( ErrCertNotFound = utils.Error("could not load certificate file") ErrInvalidPEM = utils.Error("could not parse PEM certificate") ErrKeyNotFound = utils.Error("could not load private key file") ErrKeyError = utils.Error("failed to decode private key") ErrMissingPassword = utils.Error("missing password for encrypted private key") ErrDecryptError = utils.Error("private key decryption error") ErrInvalidCert = utils.Error("failed to load cert/key pair") )
const ( TLSMinVersionDefault = tls.VersionTLS12 ErrInvalidPeerCert = utils.Error("invalid peer certificate") ErrForbiddenDNS = utils.Error("peer certificate not allowed in DNS name list") )
const ( ErrInvalidCipher = utils.Error("non-supported cipher") ErrInvalidTlsVersion = utils.Error("invalid TLS version") )
Variables ¶
This section is empty.
Functions ¶
func LoadTLSCertPool ¶
LoadTLSCertPool loads a certificate pool with the certificates from the specified files. It takes a slice of certificate file names as input.
Each certificate file is read using os.ReadFile. If there is an error reading the file, an error is returned with ErrCertNotFound.
The content of each certificate file is appended to the certificate pool using pool.AppendCertsFromPEM. If parsing the PEM certificate fails, an error is logged and the certificate
func LoadTLSCertificate ¶
LoadTLSCertificate loads a TLS certificate into the provided tls.Config.
It takes the following parameters: - config: Pointer to a tls.Config where the certificate will be loaded. - certFile: Path to the certificate file. - keyFile: Path to the private key file. - password: Password to decrypt the private key file (if encrypted).
The function reads the certificate file and private key file using os.ReadFile. If there is an error reading any of the files, an error is returned.
The private key is then decoded using pem.Decode. If the private key is encrypted and no password is supplied, an error is returned.
Once the private key is decoded, it is used to load the certificate and private key pair using tls.X509KeyPair. If the certificate and private key pair is invalid, an error is returned.
The loaded certificate is then assigned to the config.Certificates field.
Example:
config := &tls.Config{} err := LoadTLSCertificate(config, "path/to/cert.pem", "path/to/key.pem", "password")
if err != nil {
log.Fatal(err)
}
// TLS configuration with loaded certificate is ready to use.
func ParseCiphers ¶
ParseCiphers returns a `[]uint16` by received `[]string` key that represents ciphers from crypto/tls.
func ParseTLSVersion ¶
ParseTLSVersion returns a `uint16` by received version string key that represents tls version from crypto/tls, or 0 if version is invalid
Types ¶
type ClientConfig ¶
type ClientConfig struct {
TLSCA string `json:"tlsCa"`
TLSCert string `json:"tlsCert"`
TLSKey string `json:"tlsKey"`
TLSKeyPwd string `json:"tlsKeyPassword"`
TLSEnable bool `json:"tlsEnable"`
TLSInsecureSkipVerify bool `toml:"tlsInsecureSkipVerify"`
}
ClientConfig represents the configuration for a tls client configuration
type ServerConfig ¶
type ServerConfig struct {
TLSCert string `json:"tlsCert"`
TLSKey string `json:"tlsKey"`
TLSKeyPwd string `json:"tlsKeyPassword"`
TLSAllowedCACerts []string `json:"tlsAllowedCACerts"`
TLSCipherSuites []string `json:"tlsCipherSuites"`
TLSMinVersion string `json:"tlsMinVersion"`
TLSMaxVersion string `json:"tlsMaxVersion"`
TLSAllowedDNSNames []string `json:"tlsAllowedDNSNames"`
TLSEnable bool `json:"tlsEnable"`
}
ServerConfig represents the standard server TLS config.
Source Files