sslutils

package

v1.19.0-beta3 Latest Latest Go to latest Published: Jan 15, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/solo-io/gloo

Documentation ¶

Index ¶

Constants
Variables
func ApplyCipherSuites(ctx context.Context, in string, out *ssl.SslConfig) error
func ApplyMaximumTlsVersion(ctx context.Context, in string, out *ssl.SslConfig) error
func ApplyMinimumTlsVersion(ctx context.Context, in string, out *ssl.SslConfig) error
func ApplyOneWayTls(ctx context.Context, in string, out *ssl.SslConfig) error
func ApplySslExtensionOptions(ctx context.Context, in *gwv1.GatewayTLSConfig, out *ssl.SslConfig)
func ApplyVerifySubjectAltName(ctx context.Context, in string, out *ssl.SslConfig) error
func ValidateTlsSecret(sslSecret *corev1.Secret) (cleanedCertChain string, err error)
type SslExtensionOptionFunc

Constants ¶

View Source

const (
	GatewaySslOptionsPrefix = wellknown.GatewayAnnotationPrefix + "/ssl"

	GatewaySslCipherSuites         = GatewaySslOptionsPrefix + "/cipher-suites"
	GatewaySslMinimumTlsVersion    = GatewaySslOptionsPrefix + "/minimum-tls-version"
	GatewaySslMaximumTlsVersion    = GatewaySslOptionsPrefix + "/maximum-tls-version"
	GatewaySslOneWayTls            = GatewaySslOptionsPrefix + "/one-way-tls"
	GatewaySslVerifySubjectAltName = GatewaySslOptionsPrefix + "/verify-subject-alt-name"
)

Gateway API has an extension point for implementation specific tls settings, they can be found [here](https://gateway-api.sigs.k8s.io/guides/tls/#extensions)

Variables ¶

View Source

var (
	InvalidTlsSecretError = func(secret *corev1.Secret, err error) error {
		errorString := fmt.Sprintf("%v.%v is not a valid TLS secret", secret.Namespace, secret.Name)
		return eris.Wrapf(err, errorString)
	}

	NoCertificateFoundError = eris.New("no certificate information found")
)

View Source

var SslExtensionOptionFuncs = map[string]SslExtensionOptionFunc{
	GatewaySslCipherSuites:         ApplyCipherSuites,
	GatewaySslMinimumTlsVersion:    ApplyMinimumTlsVersion,
	GatewaySslMaximumTlsVersion:    ApplyMaximumTlsVersion,
	GatewaySslOneWayTls:            ApplyOneWayTls,
	GatewaySslVerifySubjectAltName: ApplyVerifySubjectAltName,
}

Functions ¶

func ApplyCipherSuites ¶ added in v1.18.4

func ApplyCipherSuites(ctx context.Context, in string, out *ssl.SslConfig) error

func ApplyMaximumTlsVersion ¶ added in v1.18.4

func ApplyMaximumTlsVersion(ctx context.Context, in string, out *ssl.SslConfig) error

func ApplyMinimumTlsVersion ¶ added in v1.18.4

func ApplyMinimumTlsVersion(ctx context.Context, in string, out *ssl.SslConfig) error

func ApplyOneWayTls ¶ added in v1.18.4

func ApplyOneWayTls(ctx context.Context, in string, out *ssl.SslConfig) error

func ApplySslExtensionOptions ¶ added in v1.18.4

func ApplySslExtensionOptions(ctx context.Context, in *gwv1.GatewayTLSConfig, out *ssl.SslConfig)

ApplySslExtensionOptions applies the GatewayTLSConfig options to the SslConfig This function will never exit early, even if an error is encountered. It will apply all options and log all errors encountered.

func ApplyVerifySubjectAltName ¶ added in v1.18.4

func ApplyVerifySubjectAltName(ctx context.Context, in string, out *ssl.SslConfig) error

func ValidateTlsSecret ¶

func ValidateTlsSecret(sslSecret *corev1.Secret) (cleanedCertChain string, err error)

ValidateTlsSecret and return a cleaned cert

Types ¶

type SslExtensionOptionFunc ¶ added in v1.18.4

type SslExtensionOptionFunc = func(ctx context.Context, in string, out *ssl.SslConfig) error

Source Files ¶

View all Source files

ssl_utils.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL