Documentation ¶
Overview ¶
Package tlsconfig provides convenience functions for configuring TLS connections from the command line.
Index ¶
- Constants
- func CreateTunnelConfig(c *cli.Context, serverName string) (*tls.Config, error)
- func GetCloudflareRootCA() ([]*x509.Certificate, error)
- func GetConfig(p *TLSParameters) (*tls.Config, error)
- func GetHelloCertificate() (tls.Certificate, error)
- func GetHelloCertificateX509() (*x509.Certificate, error)
- func LoadCert(certPaths []string) (*x509.CertPool, error)
- func LoadCustomOriginCA(originCAFilename string) (*x509.CertPool, error)
- func LoadOriginCA(originCAPoolFilename string, log *zerolog.Logger) (*x509.CertPool, error)
- type CertReloader
- type TLSParameters
Constants ¶
const ( OriginCAPoolFlag = "origin-ca-pool" CaCertFlag = "cacert" )
Variables ¶
This section is empty.
Functions ¶
func CreateTunnelConfig ¶
func GetCloudflareRootCA ¶
func GetCloudflareRootCA() ([]*x509.Certificate, error)
func GetConfig ¶
func GetConfig(p *TLSParameters) (*tls.Config, error)
GetConfig returns a TLS configuration according to the Config set by the user.
func GetHelloCertificate ¶
func GetHelloCertificate() (tls.Certificate, error)
func GetHelloCertificateX509 ¶
func GetHelloCertificateX509() (*x509.Certificate, error)
Types ¶
type CertReloader ¶
CertReloader can load and reload a TLS certificate from a particular filepath. Hooks into tls.Config's GetCertificate to allow a TLS server to update its certificate without restarting.
func NewCertReloader ¶
func NewCertReloader(certPath, keyPath string) (*CertReloader, error)
NewCertReloader makes a CertReloader. It loads the cert during initialization to make sure certPath and keyPath are valid
func (*CertReloader) Cert ¶
func (cr *CertReloader) Cert(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)
Cert returns the TLS certificate most recently read by the CertReloader. This method works as a direct utility method for tls.Config#Cert.
func (*CertReloader) ClientCert ¶
func (cr *CertReloader) ClientCert(certRequestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error)
ClientCert returns the TLS certificate most recently read by the CertReloader. This method works as a direct utility method for tls.Config#ClientCert.
func (*CertReloader) LoadCert ¶
func (cr *CertReloader) LoadCert() error
LoadCert loads a TLS certificate from the CertReloader's specified filepath. Call this after writing a new certificate to the disk (e.g. after renewing a certificate)
type TLSParameters ¶
type TLSParameters struct { Cert string Key string GetCertificate *CertReloader GetClientCertificate *CertReloader ClientCAs []string RootCAs []string ServerName string CurvePreferences []tls.CurveID MinVersion uint16 // min tls version. If zero, TLS1.0 is defined as minimum. MaxVersion uint16 // max tls version. If zero, last TLS version is used defined as limit (currently TLS1.3) }
Config is the user provided parameters to create a tls.Config