Documentation ¶
Index ¶
- Variables
- func DecodePEM(block []byte, typ string) ([][]byte, error)
- func ParsePrivateKey(der []byte) (crypto.PrivateKey, error)
- func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error)
- type Certificate
- type CertificateFileCA
- type CertificateFileKeyPair
- type Config
- type FlagPrefixer
- func (fl *FlagPrefixer) CAFlag(v *viper.Viper, f *pflag.FlagSet)
- func (fl *FlagPrefixer) CertFlag(v *viper.Viper, f *pflag.FlagSet)
- func (fl *FlagPrefixer) ConfigFromViper(v *viper.Viper) *Config
- func (fl *FlagPrefixer) Flags(v *viper.Viper, f *pflag.FlagSet)
- func (fl *FlagPrefixer) GetCA(v *viper.Viper) string
- func (fl *FlagPrefixer) GetCert(v *viper.Viper) string
- func (fl *FlagPrefixer) GetKey(v *viper.Viper) string
- func (fl *FlagPrefixer) GetTLSSkipVerify(v *viper.Viper) bool
- func (fl *FlagPrefixer) KeyFlag(v *viper.Viper, f *pflag.FlagSet)
- func (fl *FlagPrefixer) SkipVerify(v *viper.Viper, f *pflag.FlagSet)
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ClientAuthTypes Map of allowed TLS ClientAuthType ClientAuthTypes = map[string]tls.ClientAuthType{ "NoClientCert": tls.NoClientCert, "RequestClientCert": tls.RequestClientCert, "RequireAnyClientCert": tls.RequireAnyClientCert, "VerifyClientCertIfGiven": tls.VerifyClientCertIfGiven, "RequireAndVerifyClientCert": tls.RequireAndVerifyClientCert, } // Versions map of allowed TLS versions Versions = map[string]uint16{ `VersionTLS10`: tls.VersionTLS10, `VersionTLS11`: tls.VersionTLS11, `VersionTLS12`: tls.VersionTLS12, `VersionTLS13`: tls.VersionTLS13, } // CurveIDs is a Map of TLS elliptic curves from crypto/tls // Available CurveIDs defined at https://godoc.org/crypto/tls#CurveID, // also allowing rfc names defined at https://tools.ietf.org/html/rfc8446#section-4.2.7 CurveIDs = map[string]tls.CurveID{ `secp256r1`: tls.CurveP256, `CurveP256`: tls.CurveP256, `secp384r1`: tls.CurveP384, `CurveP384`: tls.CurveP384, `secp521r1`: tls.CurveP521, `CurveP521`: tls.CurveP521, `x25519`: tls.X25519, `X25519`: tls.X25519, } // CipherSuites Map of TLS CipherSuites from crypto/tls // Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants CipherSuites = map[string]uint16{ `TLS_RSA_WITH_RC4_128_SHA`: tls.TLS_RSA_WITH_RC4_128_SHA, `TLS_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, `TLS_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_RSA_WITH_AES_128_CBC_SHA, `TLS_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_RSA_WITH_AES_256_CBC_SHA, `TLS_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_RSA_WITH_AES_128_CBC_SHA256, `TLS_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_RSA_WITH_AES_128_GCM_SHA256, `TLS_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_RSA_WITH_AES_256_GCM_SHA384, `TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, `TLS_ECDHE_RSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, `TLS_AES_128_GCM_SHA256`: tls.TLS_AES_128_GCM_SHA256, `TLS_AES_256_GCM_SHA384`: tls.TLS_AES_256_GCM_SHA384, `TLS_CHACHA20_POLY1305_SHA256`: tls.TLS_CHACHA20_POLY1305_SHA256, `TLS_FALLBACK_SCSV`: tls.TLS_FALLBACK_SCSV, } )
Functions ¶
func ParsePrivateKey ¶
func ParsePrivateKey(der []byte) (crypto.PrivateKey, error)
ParsePrivateKey attempts to parse the given private key DER block. OpenSSL 0.9.8 generates PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys. OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
func X509KeyPair ¶
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error)
Types ¶
type Certificate ¶
type Certificate interface {
Certificate() (tls.Certificate, error)
}
type CertificateFileCA ¶
type CertificateFileCA struct { Path string // contains filtered or unexported fields }
func (*CertificateFileCA) Certificate ¶
func (pair *CertificateFileCA) Certificate() (tls.Certificate, error)
type CertificateFileKeyPair ¶
type CertificateFileKeyPair struct {
CertPath, KeyPath string
// contains filtered or unexported fields
}
func (*CertificateFileKeyPair) Certificate ¶
func (pair *CertificateFileKeyPair) Certificate() (tls.Certificate, error)
type Config ¶
type Config struct { Certificates []Certificate `json:"certificates,omitempty" toml:"certificates,omitempty" yaml:"certificates,omitempty" export:"true"` CAs []Certificate `json:"clientCAs,omitempty" toml:"clientCAs,omitempty" yaml:"clientCAs,omitempty"` NextProtos []string `json:"nextProtos,omitempty" toml:"nextProtos,omitempty" yaml:"nextProtos,omitempty" export:"true"` CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty"` CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty"` ClientAuth string `json:"clientAuthType,omitempty" toml:"clientAuthType,omitempty" yaml:"clientAuthType,omitempty"` MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"` MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"` ServerName string `json:"serverName,omitempty" toml:"serverName,omitempty" yaml:"serverName,omitempty" export:"true"` InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty"` PreferServerCipherSuites bool `` /* 139-byte string literal not displayed */ SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"` }
TLSClientConfig configures TLS for an entry point
func (*Config) TLSClientAuth ¶
func (opt *Config) TLSClientAuth() (tls.ClientAuthType, error)
func (*Config) TLSMaxVersion ¶
func (*Config) TLSMinVersion ¶
type FlagPrefixer ¶ added in v0.3.1
type FlagPrefixer struct { cmdutils.FlagPrefixer // contains filtered or unexported fields }
func NewFlagPrefixer ¶ added in v0.3.1
func NewFlagPrefixer(fl cmdutils.FlagPrefixer, desc string) FlagPrefixer
func (*FlagPrefixer) CAFlag ¶ added in v0.3.1
func (fl *FlagPrefixer) CAFlag(v *viper.Viper, f *pflag.FlagSet)
func (*FlagPrefixer) CertFlag ¶ added in v0.3.1
func (fl *FlagPrefixer) CertFlag(v *viper.Viper, f *pflag.FlagSet)
func (*FlagPrefixer) ConfigFromViper ¶ added in v0.3.1
func (fl *FlagPrefixer) ConfigFromViper(v *viper.Viper) *Config
func (*FlagPrefixer) Flags ¶ added in v0.3.1
func (fl *FlagPrefixer) Flags(v *viper.Viper, f *pflag.FlagSet)
func (*FlagPrefixer) GetCert ¶ added in v0.3.1
func (fl *FlagPrefixer) GetCert(v *viper.Viper) string
func (*FlagPrefixer) GetTLSSkipVerify ¶ added in v0.3.1
func (fl *FlagPrefixer) GetTLSSkipVerify(v *viper.Viper) bool
func (*FlagPrefixer) KeyFlag ¶ added in v0.3.1
func (fl *FlagPrefixer) KeyFlag(v *viper.Viper, f *pflag.FlagSet)
func (*FlagPrefixer) SkipVerify ¶ added in v0.3.1
func (fl *FlagPrefixer) SkipVerify(v *viper.Viper, f *pflag.FlagSet)
Click to show internal directories.
Click to hide internal directories.