Documentation ¶
Overview ¶
Package configtls implements the TLS settings to load and configure TLS clients and servers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type TLSClientSetting ¶
type TLSClientSetting struct { // squash ensures fields are correctly decoded in embedded struct. TLSSetting `mapstructure:",squash"` // In gRPC when set to true, this is used to disable the client transport security. // See https://godoc.org/google.golang.org/grpc#WithInsecure. // In HTTP, this disables verifying the server's certificate chain and host name // (InsecureSkipVerify in the tls Config). Please refer to // https://godoc.org/crypto/tls#Config for more information. // (optional, default false) Insecure bool `mapstructure:"insecure"` // InsecureSkipVerify will enable TLS but not verify the certificate. InsecureSkipVerify bool `mapstructure:"insecure_skip_verify"` // ServerName requested by client for virtual hosting. // This sets the ServerName in the TLSConfig. Please refer to // https://godoc.org/crypto/tls#Config for more information. (optional) ServerName string `mapstructure:"server_name_override"` }
TLSClientSetting contains TLS configurations that are specific to client connections in addition to the common configurations. This should be used by components configuring TLS client connections.
func (TLSClientSetting) LoadTLSConfig ¶
func (c TLSClientSetting) LoadTLSConfig() (*tls.Config, error)
LoadTLSConfig loads the TLS configuration.
type TLSServerSetting ¶
type TLSServerSetting struct { // squash ensures fields are correctly decoded in embedded struct. TLSSetting `mapstructure:",squash"` // Path to the TLS cert to use by the server to verify a client certificate. (optional) // This sets the ClientCAs and ClientAuth to RequireAndVerifyClientCert in the TLSConfig. Please refer to // https://godoc.org/crypto/tls#Config for more information. (optional) ClientCAFile string `mapstructure:"client_ca_file"` // Reload the ClientCAs file when it is modified // (optional, default false) ReloadClientCAFile bool `mapstructure:"client_ca_file_reload"` }
TLSServerSetting contains TLS configurations that are specific to server connections in addition to the common configurations. This should be used by components configuring TLS server connections.
func (TLSServerSetting) LoadTLSConfig ¶
func (c TLSServerSetting) LoadTLSConfig() (*tls.Config, error)
LoadTLSConfig loads the TLS configuration.
type TLSSetting ¶
type TLSSetting struct { // Path to the CA cert. For a client this verifies the server certificate. // For a server this verifies client certificates. If empty uses system root CA. // (optional) CAFile string `mapstructure:"ca_file"` // Path to the TLS cert to use for TLS required connections. (optional) CertFile string `mapstructure:"cert_file"` // Path to the TLS key to use for TLS required connections. (optional) KeyFile string `mapstructure:"key_file"` // MinVersion sets the minimum TLS version that is acceptable. // If not set, TLS 1.2 will be used. (optional) MinVersion string `mapstructure:"min_version"` // MaxVersion sets the maximum TLS version that is acceptable. // If not set, refer to crypto/tls for defaults. (optional) MaxVersion string `mapstructure:"max_version"` // ReloadInterval specifies the duration after which the certificate will be reloaded // If not set, it will never be reloaded (optional) ReloadInterval time.Duration `mapstructure:"reload_interval"` }
TLSSetting exposes the common client and server TLS configurations. Note: Since there isn't anything specific to a server connection. Components with server connections should use TLSSetting.