GO-2024-3044: lorawan-stack Open Redirect vulnerability in go.thethings.network/lorawan-stack

tlsconfig

package

v3.18.2 Latest Latest Go to latest Published: Mar 29, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/TheThingsNetwork/lorawan-stack

Links

Open Source Insights

Documentation ¶

Index ¶

type ACME
- func (a *ACME) Initialize() (*autocert.Manager, error)
- func (a ACME) IsZero() bool
type Client
- func (c *Client) ApplyTo(tlsConfig *tls.Config) error
- func (c Client) Equals(other Client) bool
type ClientAuth
- func (c *ClientAuth) ApplyTo(tlsConfig *tls.Config) error
type Config
type ConfigOptionFunc
type ConfigurationProvider
- func (p ConfigurationProvider) GetTLSClientConfig(ctx context.Context, opts ...Option) (*tls.Config, error)
- func (p ConfigurationProvider) GetTLSServerConfig(ctx context.Context, opts ...Option) (*tls.Config, error)
type FileReader
type KeyVault
- func (t KeyVault) IsZero() bool
type Option
type ServerAuth
- func (c *ServerAuth) ApplyTo(tlsConfig *tls.Config) error
- func (c *ServerAuth) GetCipherSuites() ([]uint16, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ACME ¶

type ACME struct {

	// TODO: Remove Enable (https://github.com/TheThingsNetwork/lorawan-stack/issues/1450)
	Enable      bool     `` /* 145-byte string literal not displayed */
	Endpoint    string   `name:"endpoint" description:"ACME endpoint"`
	Dir         string   `name:"dir" description:"Location of ACME storage directory"`
	Email       string   `name:"email" description:"Email address to register with the ACME account"`
	Hosts       []string `name:"hosts" description:"Hosts to enable automatic certificates for"`
	DefaultHost string   `name:"default-host" description:"Default host to assume for clients without SNI"`
	// contains filtered or unexported fields
}

ACME represents ACME configuration.

func (*ACME) Initialize ¶

func (a *ACME) Initialize() (*autocert.Manager, error)

Initialize initializes the autocert manager for the ACME configuration. If it was already initialized, any changes after the previous initialization are ignored.

func (ACME) IsZero ¶

func (a ACME) IsZero() bool

IsZero returns whether the ACME configuration is empty.

type Client ¶

type Client struct {
	FileReader FileReader `json:"-" yaml:"-" name:"-"`

	RootCA             string `json:"root-ca" yaml:"root-ca" name:"root-ca" description:"Location of TLS root CA certificate (optional)"`
	InsecureSkipVerify bool   `name:"insecure-skip-verify" description:"Skip verification of certificate chains (insecure)"`
	// contains filtered or unexported fields
}

Client is client-side configuration for server TLS.

func (*Client) ApplyTo ¶

func (c *Client) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the client configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

func (Client) Equals ¶ added in v3.17.0

func (c Client) Equals(other Client) bool

Equals checks if the other configuration is equivalent to this.

type ClientAuth ¶

type ClientAuth struct {
	Source      string     `name:"source" description:"Source of the TLS certificate (file, key-vault)"`
	FileReader  FileReader `json:"-" yaml:"-" name:"-"`
	Certificate string     `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"`
	Key         string     `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"`
	KeyVault    KeyVault   `name:"key-vault"`
}

ClientAuth is (client-side) configuration for TLS client authentication.

func (*ClientAuth) ApplyTo ¶

func (c *ClientAuth) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the TLS authentication configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

type Config ¶

type Config struct {
	Client     `name:",squash"`
	ServerAuth `name:",squash"`
}

Config represents TLS configuration.

type ConfigOptionFunc ¶ added in v3.17.0

type ConfigOptionFunc func(*tls.Config)

ConfigOptionFunc is a Option.

type ConfigurationProvider ¶ added in v3.17.0

type ConfigurationProvider func(context.Context) Config

ConfigurationProvider generates a Config from the provided context.

func (ConfigurationProvider) GetTLSClientConfig ¶ added in v3.17.0

func (p ConfigurationProvider) GetTLSClientConfig(ctx context.Context, opts ...Option) (*tls.Config, error)

GetTLSClientConfig gets the component's client TLS config and applies the given options.

func (ConfigurationProvider) GetTLSServerConfig ¶ added in v3.17.0

func (p ConfigurationProvider) GetTLSServerConfig(ctx context.Context, opts ...Option) (*tls.Config, error)

GetTLSServerConfig gets the component's server TLS config and applies the given options.

type FileReader ¶

type FileReader interface {
	ReadFile(filename string) ([]byte, error)
}

FileReader is the interface used to read TLS certificates and keys.

type KeyVault ¶

type KeyVault struct {
	KeyVault interface {
		ExportCertificate(ctx context.Context, id string) (*tls.Certificate, error)
	} `name:"-"`

	ID string `name:"id" description:"ID of the certificate"`
}

KeyVault defines configuration for loading a certificate from the key vault.

func (KeyVault) IsZero ¶

func (t KeyVault) IsZero() bool

IsZero returns whether the TLS KeyVault is empty.

type Option ¶ added in v3.17.0

type Option interface {
	// contains filtered or unexported methods
}

Option provides customization for TLS configuration.

func WithNextProtos ¶ added in v3.17.0

func WithNextProtos(protos ...string) Option

WithNextProtos appends the given protocols to NextProtos.

func WithTLSCertificates ¶ added in v3.17.0

func WithTLSCertificates(certificates ...tls.Certificate) Option

WithTLSCertificates sets TLS certificates.

func WithTLSClientAuth ¶ added in v3.17.0

func WithTLSClientAuth(auth tls.ClientAuthType, cas *x509.CertPool, verify func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error) Option

WithTLSClientAuth sets TLS client authentication options.

type ServerAuth ¶

type ServerAuth struct {
	Source       string     `name:"source" description:"Source of the TLS certificate (file, acme, key-vault)"`
	FileReader   FileReader `json:"-" yaml:"-" name:"-"`
	Certificate  string     `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"`
	Key          string     `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"`
	ACME         ACME       `name:"acme"`
	KeyVault     KeyVault   `name:"key-vault"`
	CipherSuites []string   `name:"cipher-suites" description:"DEPRECATED: List of IANA names of TLS cipher suites to use"`
}

ServerAuth is configuration for TLS server authentication.

func (*ServerAuth) ApplyTo ¶

func (c *ServerAuth) ApplyTo(tlsConfig *tls.Config) error

ApplyTo applies the TLS authentication configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.

func (*ServerAuth) GetCipherSuites ¶ added in v3.15.2

func (c *ServerAuth) GetCipherSuites() ([]uint16, error)

GetCipherSuites returns a list of IDs of cipher suites in configuration. This list can be passed to tls.Config

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL