Documentation ¶
Index ¶
- func LoadX509(path string) ([]*x509.Certificate, error)
- func LoadX509PrivateKey(path string) (*ecdsa.PrivateKey, error)
- func NewDefaultCertPool(cas []*x509.Certificate) *x509.CertPool
- func NewDefaultTLSConfig(cas []*x509.Certificate) *tls.Config
- func NewTLSConfig(cert tls.Certificate, cas []*x509.Certificate, ...) *tls.Config
- func NewTLSConfigFromConfiguration(config TLSConfig, certificateVerifier VerifyPeerCertificateFunc) (*tls.Config, error)
- func NewTLSConfigWithoutPeerVerification(cert tls.Certificate) *tls.Config
- func ParseX509Certificates(cert *tls.Certificate) ([]*x509.Certificate, error)
- func ParseX509FromPEM(pemBlock []byte) ([]*x509.Certificate, error)
- func VerifyClientCertificate(certificate *x509.Certificate) error
- func VerifyServerCertificate(certificate *x509.Certificate) error
- type TLSConfig
- type VerifyPeerCertificateFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadX509 ¶
func LoadX509(path string) ([]*x509.Certificate, error)
LoadX509 loads certificates from file in PEM format
func LoadX509PrivateKey ¶
func LoadX509PrivateKey(path string) (*ecdsa.PrivateKey, error)
LoadX509PrivateKey loads private key from file in PEM format
func NewDefaultCertPool ¶
func NewDefaultCertPool(cas []*x509.Certificate) *x509.CertPool
NewDefaultCertPool loads system CAs and add custom CAs to cert pool.
func NewDefaultTLSConfig ¶
func NewDefaultTLSConfig(cas []*x509.Certificate) *tls.Config
NewDefaultTLSConfig return default *tls.Config with system CAs and add custom CAs to cert pool.
func NewTLSConfig ¶
func NewTLSConfig(cert tls.Certificate, cas []*x509.Certificate, verifyPeerCertificate VerifyPeerCertificateFunc) *tls.Config
NewTLSConfig creates tls.Config with veryfication of client certificate.
func NewTLSConfigFromConfiguration ¶
func NewTLSConfigFromConfiguration(config TLSConfig, certificateVerifier VerifyPeerCertificateFunc) (*tls.Config, error)
NewTLSConfigFromConfiguration setup tls.Config that provides verification certificate with connection.
func NewTLSConfigWithoutPeerVerification ¶
func NewTLSConfigWithoutPeerVerification(cert tls.Certificate) *tls.Config
NewTLSConfigWithoutPeerVerification creates tls.Config without verify client certificate.
func ParseX509Certificates ¶
func ParseX509Certificates(cert *tls.Certificate) ([]*x509.Certificate, error)
ParseX509Certificates parses the CA chain certificates from the DER data.
func ParseX509FromPEM ¶
func ParseX509FromPEM(pemBlock []byte) ([]*x509.Certificate, error)
ParseX509FromPEM loads certificates from PEM format
func VerifyClientCertificate ¶
func VerifyClientCertificate(certificate *x509.Certificate) error
VerifyClientCertificate verifies client certificate
func VerifyServerCertificate ¶
func VerifyServerCertificate(certificate *x509.Certificate) error
VerifyServerCertificate verifies server certificate
Types ¶
type TLSConfig ¶
type TLSConfig struct { Certificate string `envconfig:"CERTIFICATE" env:"CERTIFICATE"` // file path to PEM encoded cert/cert chain CertificateKey string `envconfig:"CERTIFICATE_KEY" env:"CERTIFICATE_KEY"` // file path to PEM encoded private key CAPool string `envconfig:"CA_POOL" env:"CA_POOL"` // file path to PEM encoded ca pool }
TLSConfig set configuration.
type VerifyPeerCertificateFunc ¶
type VerifyPeerCertificateFunc func(verifyPeerCertificate *x509.Certificate) error
VerifyPeerCertificateFunc verifies content of certificate. It's called after success validation against CAs.