tlsconfig

package
v0.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 12, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

As a reminder from https://golang.org/pkg/crypto/tls/#Config:

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified.
A Config may be reused; the tls package will also not modify it.

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

Index

Constants

This section is empty.

Variables

View Source
var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)

DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls options struct but wants to use a commonly accepted set of TLS cipher suites, with known weak algorithms removed.

Functions

func Client

func Client(options *Options) (*tls.Config, error)

Client returns a TLS configuration meant to be used by a client.

func ClientDefault

func ClientDefault() *tls.Config

ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.

func IsErrEncryptedKey

func IsErrEncryptedKey(err error) bool

IsErrEncryptedKey returns true if the 'err' is an error of incorrect password when tryin to decrypt a TLS private key

func Server

func Server(options *Options) (*tls.Config, error)

Server returns a TLS configuration meant to be used by a server.

func ServerDefault

func ServerDefault() *tls.Config

ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.

func SystemCertPool

func SystemCertPool() (*x509.CertPool, error)

SystemCertPool returns an new empty cert pool, accessing system cert pool

Types

type Options

type Options struct {
	CAFile string

	// If either CertFile or KeyFile is empty, Client() will not load them
	// preventing the client from authenticating to the server.
	// However, Server() requires them and will error out if they are empty.
	CertFile string
	KeyFile  string

	// client-only option
	InsecureSkipVerify bool
	// If ExclusiveRootPools is set, then if a CA file is provided, the root pool used for TLS
	// creds will include exclusively the roots in that CA file.  If no CA file is provided,
	// the system pool will be used.
	ExclusiveRootPools bool
	MinVersion         uint16
	// If Passphrase is set, it will be used to decrypt a TLS private key
	// if the key is encrypted
	Passphrase string

	// server-only option
	ClientAuth tls.ClientAuthType
}

Options represents the information needed to create client and server TLS configurations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL