tlsconfig

package

v0.2.4 Latest Latest Go to latest Published: Jan 12, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/elastic/harp

Links

Open Source Insights

Documentation ¶

Overview ¶

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

As a reminder from https://golang.org/pkg/crypto/tls/#Config:

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified.
A Config may be reused; the tls package will also not modify it.

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

Index ¶

Variables
func Client(options *Options) (*tls.Config, error)
func ClientDefault() *tls.Config
func IsErrEncryptedKey(err error) bool
func Server(options *Options) (*tls.Config, error)
func ServerDefault() *tls.Config
func SystemCertPool() (*x509.CertPool, error)
type Options

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)

DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls options struct but wants to use a commonly accepted set of TLS cipher suites, with known weak algorithms removed.

Functions ¶

func Client ¶

func Client(options *Options) (*tls.Config, error)

Client returns a TLS configuration meant to be used by a client.

func ClientDefault ¶

func ClientDefault() *tls.Config

ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.

func IsErrEncryptedKey ¶

func IsErrEncryptedKey(err error) bool

IsErrEncryptedKey returns true if the 'err' is an error of incorrect password when tryin to decrypt a TLS private key

func Server ¶

func Server(options *Options) (*tls.Config, error)

Server returns a TLS configuration meant to be used by a server.

func ServerDefault ¶

func ServerDefault() *tls.Config

ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.

func SystemCertPool ¶

func SystemCertPool() (*x509.CertPool, error)

SystemCertPool returns an new empty cert pool, accessing system cert pool

Types ¶

type Options ¶

type Options struct {
	CAFile string

	// If either CertFile or KeyFile is empty, Client() will not load them
	// preventing the client from authenticating to the server.
	// However, Server() requires them and will error out if they are empty.
	CertFile string
	KeyFile  string

	// client-only option
	InsecureSkipVerify bool
	// If ExclusiveRootPools is set, then if a CA file is provided, the root pool used for TLS
	// creds will include exclusively the roots in that CA file.  If no CA file is provided,
	// the system pool will be used.
	ExclusiveRootPools bool
	MinVersion         uint16
	// If Passphrase is set, it will be used to decrypt a TLS private key
	// if the key is encrypted
	Passphrase string

	// server-only option
	ClientAuth tls.ClientAuthType
}

Options represents the information needed to create client and server TLS configurations.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL