Documentation ¶
Index ¶
- Constants
- func AddTLSFlagsToCmd(cmd *cobra.Command) func() (ConfigCustomizer, error)
- func BestEffortSystemCertPool() *x509.CertPool
- func EncodeX509KeyPair(cert tls.Certificate) ([]byte, []byte)
- func EncodeX509KeyPairString(cert tls.Certificate) (string, string)
- func GenerateX509KeyPair(opts CertOptions) (*tls.Certificate, error)
- type CertOptions
- type ConfigCustomizer
Constants ¶
View Source
const ( DefaultRSABits = 2048 // The default TLS cipher suites to provide to clients - see https://cipherlist.eu for updates // Note that for TLS v1.3, cipher suites are not configurable and will be chosen automatically. DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" // The default minimum TLS version to provide to clients DefaultTLSMinVersion = "1.2" // The default maximum TLS version to provide to clients DefaultTLSMaxVersion = "1.3" )
Variables ¶
This section is empty.
Functions ¶
func AddTLSFlagsToCmd ¶ added in v0.9.0
func AddTLSFlagsToCmd(cmd *cobra.Command) func() (ConfigCustomizer, error)
Adds TLS server related command line options to a command and returns a TLS config customizer object, set up to the options specified
func BestEffortSystemCertPool ¶ added in v0.12.0
BestEffortSystemCertPool returns system cert pool as best effort, otherwise an empty cert pool
func EncodeX509KeyPair ¶
func EncodeX509KeyPair(cert tls.Certificate) ([]byte, []byte)
EncodeX509KeyPair encodes a TLS Certificate into its pem encoded format for storage
func EncodeX509KeyPairString ¶ added in v0.5.3
func EncodeX509KeyPairString(cert tls.Certificate) (string, string)
EncodeX509KeyPairString encodes a TLS Certificate into its pem encoded string format
func GenerateX509KeyPair ¶
func GenerateX509KeyPair(opts CertOptions) (*tls.Certificate, error)
GenerateX509KeyPair generates a X509 key pair
Types ¶
type CertOptions ¶
type CertOptions struct { // Hostnames and IPs to generate a certificate for Hosts []string // Name of organization in certificate Organization string // Creation date ValidFrom time.Time // Duration that certificate is valid for ValidFor time.Duration // whether this cert should be its own Certificate Authority IsCA bool // Size of RSA key to generate. Ignored if --ecdsa-curve is set RSABits int // ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521 ECDSACurve string }
type ConfigCustomizer ¶ added in v0.9.0
Click to show internal directories.
Click to hide internal directories.