tlsconfig

package module

v1.3.0 Latest Latest Go to latest Published: Mar 8, 2024 License: BSD-3-Clause Imports: 4 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/palantir/pkg

Links

Open Source Insights

Documentation ¶

Index ¶

func NewClientConfig(params ...ClientParam) (*tls.Config, error)
func NewServerConfig(tlsCertProvider TLSCertProvider, params ...ServerParam) (*tls.Config, error)
type CertPoolProvider
- func CertPoolFromCAFiles(caFiles ...string) CertPoolProvider
- func CertPoolFromCerts(certs ...*x509.Certificate) CertPoolProvider
type ClientParam
type ServerParam
type TLSCertProvider
- func TLSCertFromFiles(certFile, keyFile string) TLSCertProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewClientConfig ¶

func NewClientConfig(params ...ClientParam) (*tls.Config, error)

NewClientConfig returns a tls.Config that is suitable to use by a client in 2-way TLS connections configured with the provided parameters.

func NewServerConfig ¶

func NewServerConfig(tlsCertProvider TLSCertProvider, params ...ServerParam) (*tls.Config, error)

NewServerConfig returns a tls.Config that is suitable to use by a server in 2-way TLS connections configured with the provided parameters. The provided TLSCertProvider is used as the source for the private key and certificate that the server presents to clients.

Types ¶

type CertPoolProvider ¶

type CertPoolProvider func() (*x509.CertPool, error)

func CertPoolFromCAFiles ¶

func CertPoolFromCAFiles(caFiles ...string) CertPoolProvider

func CertPoolFromCerts ¶

func CertPoolFromCerts(certs ...*x509.Certificate) CertPoolProvider

type ClientParam ¶

type ClientParam interface {
	// contains filtered or unexported methods
}

func ClientCipherSuites ¶

func ClientCipherSuites(cipherSuites ...uint16) ClientParam

ClientCipherSuites sets the cipher suites supported by the client. If this parameter is not provided, defaultCipherSuites is used.

func ClientInsecureSkipVerify ¶ added in v1.1.0

func ClientInsecureSkipVerify() ClientParam

ClientInsecureSkipVerify sets the InsecureSkipVerify field of tls Config to true. The default value for this field is false. Usage of this option is discouraged and should only be used in limited off-roading cases where the client has no reasonable way of trusting the server.

func ClientKeyPair ¶

func ClientKeyPair(certProvider TLSCertProvider) ClientParam

ClientKeyPair configures the client to call the provided TLSCertProvider whenever a key pair is requested when communicating with client authentication (2-way SSL). If neither ClientKeyPairFiles nor ClientKeyPair are provided, the client will not present a certificate.

func ClientKeyPairFiles ¶

func ClientKeyPairFiles(certFile, keyFile string) ClientParam

ClientKeyPairFiles configures the client with a static key pair for it to present to servers when communicating using TLS with client authentication (2-way SSL). If neither ClientKeyPairFiles nor ClientKeyPair are provided, the client will not present a certificate.

func ClientRootCAFiles ¶

func ClientRootCAFiles(files ...string) ClientParam

ClientRootCAFiles configures the client with the CA certificates used to verify the certificates provided by servers. If this parameter is not provided, then the default system CAs are used.

func ClientRootCAs ¶

func ClientRootCAs(certPoolProvider CertPoolProvider) ClientParam

ClientRootCAs configures the client with the CA certificates used to verify the certificates provided by servers. If this parameter is not provided, then the default system CAs are used.

type ServerParam ¶

type ServerParam interface {
	// contains filtered or unexported methods
}

func ServerCipherSuites ¶

func ServerCipherSuites(cipherSuites ...uint16) ServerParam

ServerCipherSuites sets the cipher suites supported by the server. If this parameter is not provided, defaultCipherSuites is used.

func ServerClientAuthType ¶

func ServerClientAuthType(authType tls.ClientAuthType) ServerParam

ServerClientAuthType sets the default client auth type required by the server. If this parameter is not provided, defaults to NoClientCert.

func ServerClientCAFiles ¶

func ServerClientCAFiles(files ...string) ServerParam

ServerClientCAFiles configures the server with the CA certificates used to verify the certificates provided by clients. If this parameter is not provided, then the default system CAs are used.

func ServerClientCAs ¶

func ServerClientCAs(certPoolProvider CertPoolProvider) ServerParam

ServerClientCAs configures the server with the CA certificates used to verify the certificates provided by clients. If this parameter is not provided, then the default system CAs are used.

func ServerNextProtos ¶

func ServerNextProtos(protos ...string) ServerParam

ServerNextProtos sets the list of application level protocols supported by the server e.g. "http/1.1" or "h2".

type TLSCertProvider ¶

type TLSCertProvider func() (tls.Certificate, error)

TLSCertProvider is a function that returns a tls.Certificate used for TLS communication.

func TLSCertFromFiles ¶

func TLSCertFromFiles(certFile, keyFile string) TLSCertProvider

TLSCertFromFiles returns a provider that returns a tls.Certificate by loading an X509 key pair from the files in the specified locations.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL