tlsconfig

package
v3.16.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 26, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ACME

type ACME struct {

	// TODO: Remove Enable (https://github.com/TheThingsNetwork/lorawan-stack/issues/1450)
	Enable      bool     `` /* 145-byte string literal not displayed */
	Endpoint    string   `name:"endpoint" description:"ACME endpoint"`
	Dir         string   `name:"dir" description:"Location of ACME storage directory"`
	Email       string   `name:"email" description:"Email address to register with the ACME account"`
	Hosts       []string `name:"hosts" description:"Hosts to enable automatic certificates for"`
	DefaultHost string   `name:"default-host" description:"Default host to assume for clients without SNI"`
	// contains filtered or unexported fields
}

ACME represents ACME configuration.

func (*ACME) Initialize

func (a *ACME) Initialize() (*autocert.Manager, error)

Initialize initializes the autocert manager for the ACME configuration. If it was already initialized, any changes after the previous initialization are ignored.

func (ACME) IsZero

func (a ACME) IsZero() bool

IsZero returns whether the ACME configuration is empty.

type Client

type Client struct {
	FileReader FileReader `json:"-" yaml:"-" name:"-"`

	RootCA             string `json:"root-ca" yaml:"root-ca" name:"root-ca" description:"Location of TLS root CA certificate (optional)"`
	InsecureSkipVerify bool   `name:"insecure-skip-verify" description:"Skip verification of certificate chains (insecure)"`
	// contains filtered or unexported fields
}

Client is client-side configuration for server TLS.

func (*Client) ApplyTo

func (c *Client) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the client configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

type ClientAuth

type ClientAuth struct {
	Source      string     `name:"source" description:"Source of the TLS certificate (file, key-vault)"`
	FileReader  FileReader `json:"-" yaml:"-" name:"-"`
	Certificate string     `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"`
	Key         string     `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"`
	KeyVault    KeyVault   `name:"key-vault"`
}

ClientAuth is (client-side) configuration for TLS client authentication.

func (*ClientAuth) ApplyTo

func (c *ClientAuth) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the TLS authentication configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

type Config

type Config struct {
	Client     `name:",squash"`
	ServerAuth `name:",squash"`
}

Config represents TLS configuration.

type FileReader

type FileReader interface {
	ReadFile(filename string) ([]byte, error)
}

FileReader is the interface used to read TLS certificates and keys.

type KeyVault

type KeyVault struct {
	KeyVault interface {
		ExportCertificate(ctx context.Context, id string) (*tls.Certificate, error)
	} `name:"-"`

	ID string `name:"id" description:"ID of the certificate"`
}

KeyVault defines configuration for loading a certificate from the key vault.

func (KeyVault) IsZero

func (t KeyVault) IsZero() bool

IsZero returns whether the TLS KeyVault is empty.

type ServerAuth

type ServerAuth struct {
	Source       string     `name:"source" description:"Source of the TLS certificate (file, acme, key-vault)"`
	FileReader   FileReader `json:"-" yaml:"-" name:"-"`
	Certificate  string     `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"`
	Key          string     `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"`
	ACME         ACME       `name:"acme"`
	KeyVault     KeyVault   `name:"key-vault"`
	CipherSuites []string   `name:"cipher-suites" description:"DEPRECATED: List of IANA names of TLS cipher suites to use"`
}

ServerAuth is configuration for TLS server authentication.

func (*ServerAuth) ApplyTo

func (c *ServerAuth) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the TLS authentication configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

func (*ServerAuth) GetCipherSuites added in v3.15.2

func (c *ServerAuth) GetCipherSuites() ([]uint16, error)

GetCipherSuites returns a list of IDs of cipher suites in configuration. This list can be passed to tls.Config

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL