GO-2024-3044: lorawan-stack Open Redirect vulnerability in go.thethings.network/lorawan-stack

tlsconfig

package

v3.11.3 Latest Latest Go to latest Published: Mar 19, 2021 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/TheThingsNetwork/lorawan-stack

Links

Open Source Insights

Documentation ¶

Index ¶

type ACME
- func (a *ACME) Initialize() (*autocert.Manager, error)
- func (a ACME) IsZero() bool
type Client
- func (c *Client) ApplyTo(tlsConfig *tls.Config) error
type ClientAuth
- func (c *ClientAuth) ApplyTo(tlsConfig *tls.Config) error
type Config
type FileReader
type KeyVault
- func (t KeyVault) IsZero() bool
type ServerAuth
- func (c *ServerAuth) ApplyTo(tlsConfig *tls.Config) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ACME ¶

type ACME struct {

	// TODO: Remove Enable (https://github.com/TheThingsNetwork/lorawan-stack/issues/1450)
	Enable      bool     `` /* 145-byte string literal not displayed */
	Endpoint    string   `name:"endpoint" description:"ACME endpoint"`
	Dir         string   `name:"dir" description:"Location of ACME storage directory"`
	Email       string   `name:"email" description:"Email address to register with the ACME account"`
	Hosts       []string `name:"hosts" description:"Hosts to enable automatic certificates for"`
	DefaultHost string   `name:"default-host" description:"Default host to assume for clients without SNI"`
	// contains filtered or unexported fields
}

ACME represents ACME configuration.

func (*ACME) Initialize ¶

func (a *ACME) Initialize() (*autocert.Manager, error)

Initialize initializes the autocert manager for the ACME configuration. If it was already initialized, any changes after the previous initialization are ignored.

func (ACME) IsZero ¶

func (a ACME) IsZero() bool

IsZero returns whether the ACME configuration is empty.

type Client ¶

type Client struct {
	FileReader         FileReader `json:"-" yaml:"-" name:"-"`
	RootCA             string     `json:"root-ca" yaml:"root-ca" name:"root-ca" description:"Location of TLS root CA certificate (optional)"`
	InsecureSkipVerify bool       `name:"insecure-skip-verify" description:"Skip verification of certificate chains (insecure)"`
}

Client is client-side configuration for server TLS.

func (*Client) ApplyTo ¶

func (c *Client) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the client configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

type ClientAuth ¶

type ClientAuth struct {
	Source      string     `name:"source" description:"Source of the TLS certificate (file, key-vault)"`
	FileReader  FileReader `json:"-" yaml:"-" name:"-"`
	Certificate string     `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"`
	Key         string     `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"`
	KeyVault    KeyVault   `name:"key-vault"`
}

ClientAuth is (client-side) configuration for TLS client authentication.

func (*ClientAuth) ApplyTo ¶

func (c *ClientAuth) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the TLS authentication configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

type Config ¶

type Config struct {
	Client     `name:",squash"`
	ServerAuth `name:",squash"`
}

Config represents TLS configuration.

type FileReader ¶

type FileReader interface {
	ReadFile(filename string) ([]byte, error)
}

FileReader is the interface used to read TLS certificates and keys.

type KeyVault ¶

type KeyVault struct {
	KeyVault interface {
		ExportCertificate(ctx context.Context, id string) (*tls.Certificate, error)
	} `name:"-"`

	ID string `name:"id" description:"ID of the certificate"`
}

KeyVault defines configuration for loading a certificate from the key vault.

func (KeyVault) IsZero ¶

func (t KeyVault) IsZero() bool

IsZero returns whether the TLS KeyVault is empty.

type ServerAuth ¶

type ServerAuth struct {
	Source      string     `name:"source" description:"Source of the TLS certificate (file, acme, key-vault)"`
	FileReader  FileReader `json:"-" yaml:"-" name:"-"`
	Certificate string     `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"`
	Key         string     `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"`
	ACME        ACME       `name:"acme"`
	KeyVault    KeyVault   `name:"key-vault"`
}

ServerAuth is configuration for TLS server authentication.

func (*ServerAuth) ApplyTo ¶

func (c *ServerAuth) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the TLS authentication configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL