Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACME ¶
type ACME struct { // TODO: Remove Enable (https://github.com/TheThingsNetwork/lorawan-stack/issues/1450) Enable bool `` /* 145-byte string literal not displayed */ Endpoint string `name:"endpoint" description:"ACME endpoint"` Dir string `name:"dir" description:"Location of ACME storage directory"` Email string `name:"email" description:"Email address to register with the ACME account"` Hosts []string `name:"hosts" description:"Hosts to enable automatic certificates for"` DefaultHost string `name:"default-host" description:"Default host to assume for clients without SNI"` // contains filtered or unexported fields }
ACME represents ACME configuration.
func (*ACME) Initialize ¶
Initialize initializes the autocert manager for the ACME configuration. If it was already initialized, any changes after the previous initialization are ignored.
type Client ¶
type Client struct { FileReader FileReader `json:"-" yaml:"-" name:"-"` RootCA string `json:"root-ca" yaml:"root-ca" name:"root-ca" description:"Location of TLS root CA certificate (optional)"` InsecureSkipVerify bool `name:"insecure-skip-verify" description:"Skip verification of certificate chains (insecure)"` // contains filtered or unexported fields }
Client is client-side configuration for server TLS.
type ClientAuth ¶
type ClientAuth struct { Source string `name:"source" description:"Source of the TLS certificate (file, key-vault)"` FileReader FileReader `json:"-" yaml:"-" name:"-"` Certificate string `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"` Key string `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"` KeyVault KeyVault `name:"key-vault"` }
ClientAuth is (client-side) configuration for TLS client authentication.
type Config ¶
type Config struct { Client `name:",squash"` ServerAuth `name:",squash"` }
Config represents TLS configuration.
type FileReader ¶
FileReader is the interface used to read TLS certificates and keys.
type KeyVault ¶
type KeyVault struct { KeyVault interface { ExportCertificate(ctx context.Context, id string) (*tls.Certificate, error) } `name:"-"` ID string `name:"id" description:"ID of the certificate"` }
KeyVault defines configuration for loading a certificate from the key vault.
type ServerAuth ¶
type ServerAuth struct { Source string `name:"source" description:"Source of the TLS certificate (file, acme, key-vault)"` FileReader FileReader `json:"-" yaml:"-" name:"-"` Certificate string `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"` Key string `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"` ACME ACME `name:"acme"` KeyVault KeyVault `name:"key-vault"` CipherSuites []string `name:"cipher-suites" description:"DEPRECATED: List of IANA names of TLS cipher suites to use"` }
ServerAuth is configuration for TLS server authentication.
func (*ServerAuth) ApplyTo ¶
func (c *ServerAuth) ApplyTo(tlsConfig *tls.Config) error
ApplyTo applies the TLS authentication configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.
func (*ServerAuth) GetCipherSuites ¶ added in v3.15.2
func (c *ServerAuth) GetCipherSuites() ([]uint16, error)
GetCipherSuites returns a list of IDs of cipher suites in configuration. This list can be passed to tls.Config