Documentation ¶
Overview ¶
Package tlsconfig provides configuration for TLS clients and servers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACME ¶
type ACME struct { // TODO: Remove Enable (https://github.com/TheThingsNetwork/lorawan-stack/issues/1450) Enable bool `` //nolint:lll /* 145-byte string literal not displayed */ Endpoint string `name:"endpoint" description:"ACME endpoint"` Dir string `name:"dir" description:"Location of ACME storage directory"` Email string `name:"email" description:"Email address to register with the ACME account"` Hosts []string `name:"hosts" description:"Hosts to enable automatic certificates for"` DefaultHost string `name:"default-host" description:"Default host to assume for clients without SNI"` // contains filtered or unexported fields }
ACME represents ACME configuration.
func (*ACME) Initialize ¶
Initialize initializes the autocert manager for the ACME configuration. If it was already initialized, any changes after the previous initialization are ignored.
type Client ¶
type Client struct { FileReader FileReader `json:"-" yaml:"-" name:"-"` RootCA string `json:"root-ca" yaml:"root-ca" name:"root-ca" description:"Location of TLS root CA certificate (optional)"` //nolint:lll InsecureSkipVerify bool `name:"insecure-skip-verify" description:"Skip verification of certificate chains (insecure)"` //nolint:lll }
Client is client-side configuration for server TLS.
type ClientAuth ¶
type ClientAuth struct { Source string `name:"source" description:"Source of the TLS certificate (file, key-vault)"` FileReader FileReader `json:"-" yaml:"-" name:"-"` Certificate string `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"` //nolint:lll Key string `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"` KeyVault KeyVault `name:"key-vault"` }
ClientAuth is (client-side) configuration for TLS client authentication.
type Config ¶
type Config struct { Client `name:",squash"` ServerAuth `name:",squash"` }
Config represents TLS configuration.
type ConfigOptionFunc ¶ added in v3.17.0
ConfigOptionFunc is a Option.
type ConfigurationProvider ¶ added in v3.17.0
ConfigurationProvider generates a Config from the provided context.
func (ConfigurationProvider) GetTLSClientConfig ¶ added in v3.17.0
func (p ConfigurationProvider) GetTLSClientConfig(ctx context.Context, opts ...Option) (*tls.Config, error)
GetTLSClientConfig gets the component's client TLS config and applies the given options.
func (ConfigurationProvider) GetTLSServerConfig ¶ added in v3.17.0
func (p ConfigurationProvider) GetTLSServerConfig(ctx context.Context, opts ...Option) (*tls.Config, error)
GetTLSServerConfig gets the component's server TLS config and applies the given options.
type FileReader ¶
FileReader is the interface used to read TLS certificates and keys.
type KeyVault ¶
type KeyVault struct { KeyVault interface { ExportCertificate(ctx context.Context, id string) (*tls.Certificate, error) } `name:"-"` ID string `name:"id" description:"ID of the certificate"` }
KeyVault defines configuration for loading a certificate from the key vault.
type Option ¶ added in v3.17.0
type Option interface {
// contains filtered or unexported methods
}
Option provides customization for TLS configuration.
func WithNextProtos ¶ added in v3.17.0
WithNextProtos appends the given protocols to NextProtos.
func WithTLSCertificates ¶ added in v3.17.0
func WithTLSCertificates(certificates ...tls.Certificate) Option
WithTLSCertificates sets TLS certificates.
func WithTLSClientAuth ¶ added in v3.17.0
func WithTLSClientAuth( auth tls.ClientAuthType, cas *x509.CertPool, verify func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error, ) Option
WithTLSClientAuth sets TLS client authentication options.
type ServerAuth ¶
type ServerAuth struct { Source string `name:"source" description:"Source of the TLS certificate (file, acme, key-vault)"` FileReader FileReader `json:"-" yaml:"-" name:"-"` Certificate string `json:"certificate" yaml:"certificate" name:"certificate" description:"Location of TLS certificate"` //nolint:lll Key string `json:"key" yaml:"key" name:"key" description:"Location of TLS private key"` ACME ACME `name:"acme"` KeyVault KeyVault `name:"key-vault"` CipherSuites []string `name:"cipher-suites" description:"DEPRECATED: List of IANA names of TLS cipher suites to use"` //nolint:lll }
ServerAuth is configuration for TLS server authentication.
func (*ServerAuth) ApplyTo ¶
func (c *ServerAuth) ApplyTo(tlsConfig *tls.Config) error
ApplyTo applies the TLS authentication configuration options to the given TLS configuration. If tlsConfig is nil, this is a no-op.
func (*ServerAuth) GetCipherSuites ¶ added in v3.15.2
func (c *ServerAuth) GetCipherSuites() ([]uint16, error)
GetCipherSuites returns a list of IDs of cipher suites in configuration. This list can be passed to tls.Config.