Documentation ¶
Overview ¶
Package mutualtlsconfig provides helpers to configure Mutual TLS Authentication between a Client and Server.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertType ¶ added in v0.1.0
type CertType x509.ExtKeyUsage
const ( // ServerCertType indicates the Certificate has x509.ExtKeyUsageServerAuth set ServerCertType CertType = CertType(x509.ExtKeyUsageServerAuth) // ClientCertType indicates the Certificate has x509.ExtKeyUsageClientAuth set ClientCertType CertType = CertType(x509.ExtKeyUsageClientAuth) )
type CertificateInformation ¶ added in v0.1.0
type CertificateInformation struct { Begin time.Time CommonName string Days int DNSNames []string IPAddresses []net.IP Organization string Type CertType }
CertificateInformation holds required information for generating a Self Signed Certificate
func (*CertificateInformation) Generate ¶ added in v0.1.0
func (c *CertificateInformation) Generate() (cert, key []byte, err error)
type TLSConfigurator ¶
type TLSConfigurator struct {
// contains filtered or unexported fields
}
TLSConfigurator is a utility to simplify setting up a Client/Server using TLS Mutual athentication. The tls.Config's returned will validate certificates for both the Client and Server.
func New ¶ added in v0.1.0
func New(cert, key []byte, caCerts ...[]byte) (*TLSConfigurator, error)
New returns a TLSConfigurator
func NewFromFS ¶ added in v0.1.0
func NewFromFS(fs http.FileSystem, cert, key string, caCerts ...string) (*TLSConfigurator, error)
NewFromFS loads from fs and returns a TLSConfigurator.
func NewFromFile ¶ added in v0.1.0
func NewFromFile(cert, key string, caCerts ...string) (*TLSConfigurator, error)
NewFromFile loads from files and returns a TLSConfigurator.
func (*TLSConfigurator) HTTPSClient ¶
func (c *TLSConfigurator) HTTPSClient() *http.Client
HTTPSClient returns a http.Client with its Transport configured for TLS.
func (*TLSConfigurator) TLSClientConfig ¶
func (c *TLSConfigurator) TLSClientConfig() *tls.Config
TLSClientConfig returns a tls.Config which will fully validate the server certificate using the provided CaCerts.
func (*TLSConfigurator) TLSListener ¶
func (c *TLSConfigurator) TLSListener(ln net.Listener) net.Listener
TLSListener wraps the TLSServerConfig around the net.Listener
func (*TLSConfigurator) TLSServerConfig ¶
func (c *TLSConfigurator) TLSServerConfig() *tls.Config
TLSServerConfig returns a tls.Config which will require and fully validate a client certificate using the provided CaCerts with option tls.RequireAndVerifyClientCert. The client certificate must have x509.ExtKeyUsageClientAuth set.