tlsconfig

package
v0.0.0-...-18eecaf Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 21, 2025 License: Apache-2.0 Imports: 11 Imported by: 4

Documentation

Overview

Package tlsconfig provides convenience functions for configuring TLS connections from the command line.

Index

Constants

View Source
const (
	OriginCAPoolFlag = "origin-ca-pool"
	CaCertFlag       = "cacert"
)

Variables

This section is empty.

Functions

func CreateTunnelConfig

func CreateTunnelConfig(c *cli.Context, serverName string) (*tls.Config, error)

func GetCloudflareRootCA

func GetCloudflareRootCA() ([]*x509.Certificate, error)

func GetConfig

func GetConfig(p *TLSParameters) (*tls.Config, error)

GetConfig returns a TLS configuration according to the Config set by the user.

func GetHelloCertificate

func GetHelloCertificate() (tls.Certificate, error)

func GetHelloCertificateX509

func GetHelloCertificateX509() (*x509.Certificate, error)

func LoadCert

func LoadCert(certPaths []string) (*x509.CertPool, error)

LoadCert creates a CertPool containing all certificates in a PEM-format file.

func LoadCustomOriginCA

func LoadCustomOriginCA(originCAFilename string) (*x509.CertPool, error)

func LoadOriginCA

func LoadOriginCA(originCAPoolFilename string, log *zerolog.Logger) (*x509.CertPool, error)

Types

type CertReloader

type CertReloader struct {
	sync.Mutex
	// contains filtered or unexported fields
}

CertReloader can load and reload a TLS certificate from a particular filepath. Hooks into tls.Config's GetCertificate to allow a TLS server to update its certificate without restarting.

func NewCertReloader

func NewCertReloader(certPath, keyPath string) (*CertReloader, error)

NewCertReloader makes a CertReloader. It loads the cert during initialization to make sure certPath and keyPath are valid

func (*CertReloader) Cert

func (cr *CertReloader) Cert(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)

Cert returns the TLS certificate most recently read by the CertReloader. This method works as a direct utility method for tls.Config#Cert.

func (*CertReloader) ClientCert

func (cr *CertReloader) ClientCert(certRequestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error)

ClientCert returns the TLS certificate most recently read by the CertReloader. This method works as a direct utility method for tls.Config#ClientCert.

func (*CertReloader) LoadCert

func (cr *CertReloader) LoadCert() error

LoadCert loads a TLS certificate from the CertReloader's specified filepath. Call this after writing a new certificate to the disk (e.g. after renewing a certificate)

type TLSParameters

type TLSParameters struct {
	Cert                 string
	Key                  string
	GetCertificate       *CertReloader
	GetClientCertificate *CertReloader
	ClientCAs            []string
	RootCAs              []string
	ServerName           string
	CurvePreferences     []tls.CurveID
	MinVersion           uint16 // min tls version. If zero, TLS1.0 is defined as minimum.
	MaxVersion           uint16 // max tls version. If zero, last TLS version is used defined as limit (currently TLS1.3)
}

Config is the user provided parameters to create a tls.Config

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL