Documentation ¶
Overview ¶
Package configtls implements the TLS settings to load and configure TLS clients and servers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClientConfig ¶ added in v0.96.0
type ClientConfig struct { // squash ensures fields are correctly decoded in embedded struct. Config `mapstructure:",squash"` // In gRPC and HTTP when set to true, this is used to disable the client transport security. // See https://godoc.org/google.golang.org/grpc#WithInsecure for gRPC. // Please refer to https://godoc.org/crypto/tls#Config for more information. // (optional, default false) Insecure bool `mapstructure:"insecure"` // InsecureSkipVerify will enable TLS but not verify the certificate. InsecureSkipVerify bool `mapstructure:"insecure_skip_verify"` // ServerName requested by client for virtual hosting. // This sets the ServerName in the TLSConfig. Please refer to // https://godoc.org/crypto/tls#Config for more information. (optional) ServerName string `mapstructure:"server_name_override"` }
ClientConfig contains TLS configurations that are specific to client connections in addition to the common configurations. This should be used by components configuring TLS client connections.
func NewDefaultClientConfig ¶ added in v0.99.0
func NewDefaultClientConfig() ClientConfig
NewDefaultClientConfig creates a new TLSClientSetting with any default values set.
func (ClientConfig) LoadTLSConfig ¶ added in v0.96.0
LoadTLSConfig loads the TLS configuration.
type Config ¶ added in v0.96.0
type Config struct { // Path to the CA cert. For a client this verifies the server certificate. // For a server this verifies client certificates. If empty uses system root CA. // (optional) CAFile string `mapstructure:"ca_file"` // In memory PEM encoded cert. (optional) CAPem configopaque.String `mapstructure:"ca_pem"` // If true, load system CA certificates pool in addition to the certificates // configured in this struct. IncludeSystemCACertsPool bool `mapstructure:"include_system_ca_certs_pool"` // Path to the TLS cert to use for TLS required connections. (optional) CertFile string `mapstructure:"cert_file"` // In memory PEM encoded TLS cert to use for TLS required connections. (optional) CertPem configopaque.String `mapstructure:"cert_pem"` // Path to the TLS key to use for TLS required connections. (optional) KeyFile string `mapstructure:"key_file"` // In memory PEM encoded TLS key to use for TLS required connections. (optional) KeyPem configopaque.String `mapstructure:"key_pem"` // MinVersion sets the minimum TLS version that is acceptable. // If not set, TLS 1.2 will be used. (optional) MinVersion string `mapstructure:"min_version"` // MaxVersion sets the maximum TLS version that is acceptable. // If not set, refer to crypto/tls for defaults. (optional) MaxVersion string `mapstructure:"max_version"` // CipherSuites is a list of TLS cipher suites that the TLS transport can use. // If left blank, a safe default list is used. // See https://go.dev/src/crypto/tls/cipher_suites.go for a list of supported cipher suites. CipherSuites []string `mapstructure:"cipher_suites"` // ReloadInterval specifies the duration after which the certificate will be reloaded // If not set, it will never be reloaded (optional) ReloadInterval time.Duration `mapstructure:"reload_interval"` }
Config exposes the common client and server TLS configurations. Note: Since there isn't anything specific to a server connection. Components with server connections should use Config.
func NewDefaultConfig ¶ added in v0.99.0
func NewDefaultConfig() Config
NewDefaultConfig creates a new TLSSetting with any default values set.
type ServerConfig ¶ added in v0.96.0
type ServerConfig struct { // squash ensures fields are correctly decoded in embedded struct. Config `mapstructure:",squash"` // Path to the TLS cert to use by the server to verify a client certificate. (optional) // This sets the ClientCAs and ClientAuth to RequireAndVerifyClientCert in the TLSConfig. Please refer to // https://godoc.org/crypto/tls#Config for more information. (optional) ClientCAFile string `mapstructure:"client_ca_file"` // Reload the ClientCAs file when it is modified // (optional, default false) ReloadClientCAFile bool `mapstructure:"client_ca_file_reload"` }
ServerConfig contains TLS configurations that are specific to server connections in addition to the common configurations. This should be used by components configuring TLS server connections.
func NewDefaultServerConfig ¶ added in v0.99.0
func NewDefaultServerConfig() ServerConfig
NewDefaultServerConfig creates a new TLSServerSetting with any default values set.
func (ServerConfig) LoadTLSConfig ¶ added in v0.96.0
LoadTLSConfig loads the TLS configuration.